* Posts by jmch

891 posts • joined 6 Mar 2017

Page:

Dead LAN's hand: IT staff 'locked out' of data center's core switch after the only bloke who could log into it dies

jmch Silver badge
Happy

"why else would a company with _this_ level of management incompetence buy a 4 hour replacement?"

Erm... you're kind of answering your own question there :)

jmch Silver badge

Re: BOB

"Managers get a pass when someone goes rogue, but not when they ignore an ongoing problem with a critical process."

Well, yes agreed, but also, say a manager asks sysadmin for full audit of network including providing backup configs and passwords, the manager is still dependent on the sysadmin's honesty and competence, either of which could be lacking. How would the manager even notice if anything related to this particular switch was missing, given that it was literally months before anyone even noticed the switch was there?

jmch Silver badge

Re: There's help out there ...

"I don’t know, I think you’d be inviting someone malicious to hold the config to ransom."

How is that a bad thing? They don't have the config anyway, I'm pretty sure they would be willing to pay a reasonable amount to get it back.

New Zealand cops cuff alleged jackasses who shared mosque murder video, messages online

jmch Silver badge

"if you chose to wander into "us" vs "them" territory, just a humble reminder that tally is not in your favor now"

Here's the problem... now it's Islamic terrorism, before that it was the nationalist separatists (IRA, ETA), before that it was the left/communist anarchists (Brigate Rosse / Baader Meinhof). Intermingled with all that are the racist / nationalists of all stripes... and one of the first justifications these morons come up with was "But they started / did worse etc". Supposed grownups still mentally stuck at age 6.

Forget about tallies. They're just excuses used by nasty people to justify their nasty actions (Besides the fact that no-one "keeping score" actually does so properly / objectively anyway).

jmch Silver badge

"And jailed for 14 years? Is that appropriate to the crime of video sharing?"

Nope, but think about what the sentence should be for incitement to violence and/or incitement to murder. Multiple aggravated counts of that should be worth at least 14 years in my book.

Brexit text-it wrecks it: Vote Leave fined £40k for spamming 200k msgs ahead of EU referendum

jmch Silver badge

Re: Dodgy behavior by Vote Leave?

"the Prime Minister stated that the government would be bound by the decision, and Parliament raised no objection to this."

The prime minister can say what he/she wants, its all hot air unless billed and voted for. Parliamentary approval has to be affirmative, it cannot be assumed.

NASA: We need commercial rockets! SLS: Oh no you don't!

jmch Silver badge
Thumb Up

"Big Fucking Rocket"

best name ever :)

"there's no shame in taking those names from ships of discovery from a previous age."

or, indeed, from fictional (star)ships of discovery from the future!

Public disgrace: 82% of EU govt websites stalked by Google adtech cookies – report

jmch Silver badge

One of the issues is that is so difficult nowadays to keep systems safe and private. Just off the top of my head - antivirus / antimalware, ad blocker, 'privacy' browser and search engine, secure email, VPN...

It's a lot to keep on top of even for an IT pro let alone for a layperson. And many of the vendors I've tried have multiple seperate products that they keep trying to cross-sell / push on you and / or highlight 'threats' that can be solved by said product upgrades.

I currently use a combination of Proton Mail / VPN, Brave (on mobile) and Firefox + Adblock (desktop), Duckduckgo search and malwarebytes... I wish there were a cleaner / simpler combination of effective tools. Suggestions?

Bandersnatch to gander snatched: Black Mirror choices can be snooped on, thanks to privacy-leaking Netflix streams

jmch Silver badge

"Our experiments revealed that the packets carrying the encrypted type-1 and type-2 JSON files can be distinguished from other packets by their SSL record lengths which are visible even from encrypted traffic,"

So surely it's easy to defeat by enforcing a standard packet size for encrypted packets, stuffing with dummy bits if required? Sure it reduces network efficiency but that shouldn't be a major problem.

I'm not sure exactly how encryption on video streaming works, but one thing that might happen is that if the user is sending binary choice JSON files, and each user session uses the same encryption key, then would identical JSON source data result in identical encrypted packets that could be identified? Or is teh encryption a bit more clever than that?

College student with 'visions of writing super-cool scripts' almost wipes out faculty's entire system

jmch Silver badge

Re: To err is human

"I'd have made the script generate a list. Source files, and final destination filename. I literally wouldn't have a command in the script capable of inflicting damage. But I'd still test it only on a sacrificial test user first anyway. And I'd have a little arrow to correctly indicate source-> destination. And I'd only name the variables things like source and destination so I knew.... etc etc"

All well and good. Thing is, this is what you would have done had you been assigned the task now. I doubt that it's the same things you would have done as an 18-year-old.

For sure if it was me let loose on that system at 18, I doubt it would have been recoverable!

Click here to see the New Zealand livestream mass-murder vid! This is the internet Facebook, YouTube, Twitter built!

jmch Silver badge

Re: Facebook and Twitter weren't the only places...

"forums that are NOT Facebook nor Twitter nor Youtube already exist. And the (alleged) perpetrator of the mosque shooting was a regular user of one of those forums. "

However I presume that those forums do not have hundreds of millions of eyeballs on them. Also forums by their very nature are 'pull' rather than 'push' as is the case on facebook etc

jmch Silver badge

Re: What Register?!?

"Now to really piss some of you off, what if just 10% of those people in the church had guns?"

People making this comment have seen too many 'Die Hard' movies. Most likely any civilian drawing a gun in the presence of a heavily-armed, well-trained assailant is just making themselves a target to be taken out quicker.

I reckon that in real life the actual possibility of having in the crowd a real ex-special forces elite commando, with a loaded gun in their holster and a chip on their shoulders, is slim to none.

jmch Silver badge
Thumb Up

Re: "to put blame on the technology"

Got to give credit to The Register for one of the best articles I've seen on this terrible subject.

"whose name isn't worth publishing"

"To be clear, while he was heavily influenced by white nationalism in the West, this murderous racist knew exactly what he was doing when he pulled the trigger: there is no room for any absolution on his part."

"manifesto is itself indicative of the broken online culture of nihilistic offensiveness, outrage, and scattergun ideologies that has grown up around social media and lapped up by subnormal losers"

etc.

These are the type of straight-talking no-bullshit, and yet without the excessive Daily-Mail-Type hyperbole, that I would liked to have seen in the national press

jmch Silver badge

"Which countries laws are used as the basis of this? Who chooses that?"

True, and yet I believe mass murder is criminal in all countries. So this particular case should have been easy

Yes! Pack your bags! Blossoming planetary system strikingly similar to ours found by boffins

jmch Silver badge
Trollface

Re: Another Earth?

" maybe a similar planetary arrangement has seen in our solar system from afar and they sent astronauts to visit us? Had they arrived 50,000 years ago"

Maybe they arrived a couple of million years ago and decided to improve the genetics of some of the monkeys...

Boeing... Boeing... Gone: Canada, America finally ground 737 Max jets as they await anti-death-crash software patches

jmch Silver badge
Thumb Up

Re: "US, Canada finally ground 737 Max jets..."

"Now that there's evidence to ground them, safety first."

2 identical planes crashing in identical ways within a couple of months of each other is surely enough evidence to have grounded them immediately.

"A grounding of all planes of that model would disrupt airline schedules, and so I think they wanted to avoid that happening."

Yeah, let's not mind the possibility of a plane crash as long as we don't disrupt airline schedules. Way to order your priorities!

NASA admin: What if we switched one delayed SLS for two commercial launchers?

jmch Silver badge
Thumb Up

"plans for golf courses ... for Mars and the Moon"

I'm sure any golf-loving senators will be delighted that on Mars they will be able to drive 300 yards and probably like half a mile on the Moon. Will do wonders for their ego :)

Swiss electronic voting system like... wait for it, wait for it... Swiss cheese: Hole found amid public source code audit

jmch Silver badge
Thumb Up

Re: Swiss Miss

"Although of course, they would do better to aim for Gruyere, which doesn't even have bubbles."

Actually most Swiss cheeses are hole-less

jmch Silver badge

Re: Swiss Miss

"Quality control is slipping in the mountain state."

Rather the opposite I would say - publishing the source code and allowing independent researchers to test is is an excellent part of testing, and (if I understood the article correctly), this particular evoting system had not yet been used for official votes

jmch Silver badge
Thumb Up

Re: Potentially unpopular opinion

On you with this one. People can be compromised (see the latest US election absentee ballot fraud that was picked up in... North Carolina, was it??), but there are enough systems in place around manual / analogue elections that it probably can be caught and almost definitely can be recounted. It would also happen more probably on a local level with less impact on large results, which also means it could be more easy t spot as a statistical anomaly in a local district that is far different from surroundings and/or past votes and/or forecasts and polls.

If e-voting is compromised, then it can be compromised on a massive scale, and also in such a way that it looks evenly distributed in a way that could resist being caught out by statistical analysis. With full e-voting there is never any way of being sure of the result.

If you want to get a fast vote count, use a hybrid model:

- voting machine is completely standalone and needs just an electricity connection

- modified hardware / OS that does not have any wifi, bluetooth or other wireless hardware, no network port, whole TCP/IP stack removed from the OS. The only I/O is USB ports for keyboard, mouse, data download.

- machines are assembled / configured / updated at secure site at manufacturers, and are based off an imaged SSD with OS and software already preinstalled. Voting data goes on a seperate SSD. SSDs allow no-ventilation running so box can be completely locked and sealed. Setup is ordered by local voting entities and configured / set up at the factory. It should not be possible to do any setup, updates, configurations etc away from the secure area at the factory. For good measure, secure area is completely open plan with a viewing window that is publically accessible without restriction.

- There is a single hardware on/off/reset button that is in a seperate panel, locked, with keys kept be local voting officials at polling station. the panel also includes space to refill ballot papers. Ballot papers should be already in sheets so it's as simple to load as a photocopier, not on a roll that is more fiddly.

- There is a box for physical ballot results that is transparent and sealed, with keys NOT available to local officials at polling station, only to state or federal voting officials. panel for USB access is also locked and sealed with availability only for state / federal officials, not local ones.

- Voting process - voter is IDed* and gets to the booth. Choices are on screen, if there are multiple ballots, each gets it's own screen, voting choices clearly presented etc. Votes, presses OK, gets a paper readout printed out which has human-readable voting record plus QR code with equivalent data. Voter can read that vote is correct, scan QR code (and e-vote is only recorded at this point), and slip vote into ballot box.

- Ballot stations have double the amount of machines needed in case of failure. In case of complete failure, manual ballots and traditional ballot boxes are available.

- e-votes are downloaded at central state / federal location at stations with no outside comms access, and open-plan with public visibility. Random audits are done that (a) verify that QR code vote matches human-readable printout and (b) manually tally whole boxes and compare results to e-vote count.

- Any anomaly is always resolved by counting paper ballots.

- All original voting machines and any computers used for tally should be stored only for as long as result is certified plus any legal challenges are resolved. Then all hard disks are electronically wiped, physically destroyed and disposed of securely. Paper records are held for statutory period after which they are also destroyed.

It's still not going to save paper - deal with it. It's still not going to be cheap - if proper democracy is expensive that's worth it. It still might not be 100% accurate or secure - any other safeguards might be suggested / added. It still might not get 100% accurate results - voters aka users CAN be morons - deal with it. It WILL give a much quicker tally, which is great. It will also potentially give a much more detailed picture of voting patterns which could be dangerous, which is why it's so important to destroy / wipe all data after.

*how to make sure all eligible voters can vote, and prevent multiple voting, is a whole other huge issue

Airlines in Asia, Africa ground Boeing 737 Max 8s after second death crash in four-ish months

jmch Silver badge

"Two events are not a trend."

True, but 2 very similar crashes of the same plane model within a short time period SHOULD be raising red flags and not treated as coincidence.

Also, it's a 4-month old plane, and (not sure), relatively new model?

Packet switching pickle prompts potential pecuniary problems

jmch Silver badge

At some point it would probably have been cheaper to have someone bung it on a floppy on the rig and helicopter it back to base.

Huawei 'to sue US' over federal kit block – report

jmch Silver badge

Re: Meanwhile watching carefully ....

"I seem to remember a referendum vote of the people was held and the people voted to exit the EU."

A majority voted for it - that makes it a popular policy, it doesn't make it good policy

jmch Silver badge

Re: Meanwhile watching carefully ....

Not a valid comparison. Brexit is just awful policy, if you could sue governments for awful policy most countries would be bankrupt.

In this case Huawei are right that US can't ban specifically their products only, without any more specific reason than "they're Chinese". If NSA etc have proof of pwnage or attempted such, they should demonstrate. Otherwise it's just trumpian hot air

jmch Silver badge

Re: This year ... helping save my job

Time for the US to put up (any evidence they might have about Huawei spying) or shut up

Biker sues Google Fiber: I broke my leg, borked my ankle in trench dug to lay ad giant's pipe

jmch Silver badge

Re: While out

"You need a licence to dig holes in the road"

but maybe not to fill a hole in?

jmch Silver badge
Thumb Up

Re: 5mph!

"Feet on the pegs at all times unless stopped!"

Personally (and this might just be my unorthodox style), but if I am on a low-speed curve on an unsure surface I keep my foot either just resting very lightly on the very tip of the peg with no weight on, or off the peg, dangling about a foot or so above the road - ready to push the bike upright if there's a sudden loss of grip. It's saved me a fall a couple of times where a handlebar correction or throttle squeeze wouldn't have. A trick learnt from experience catching an unseen oil patch on a slow-speed turn that landed me on my arse.

At such low speed (most times less than jogging / running speed), a quick push with the foot is not dangerous (or at least on the balance is less dangerous than potentially having a bike fall on it)

But of course, that's very rare circumstance, "Feet on the pegs at all times unless stopped!" is sound advice

jmch Silver badge

Re: 5mph!

"stays fully controllable when the front wheel drops into a ditch.."

I guess it depends how deep the ditch is. From the text it isn't clear at all.

"dropped down into a deep rectangular hole that had been cut in the asphalt" – a trench dug to install Google's pipes – according to his Jackson County court filing, at least"

At that really low speed, any bike should be able to go straight up/down a pavement / sidewalk, around 15cm. At an angle, maybe less, and depends on whether the bottom of the ditch was also asphalt-like surface or, more probably, just loose dirt which could make the front wheel slide irrespective of how deep the 'ditch' was

jmch Silver badge

Re: Re:Breaking a leg on a motorbike is expected.

"...referred to motorcyclists as "organ donors". Not only in general, but the way you see them take un-necessary risks on high-traffic roads"

Unfortunately there are many (I wouldn't say a small minority but definitely a minority) bikers who behave that way. It tends to be those that ride sports / supersports bikes on the road as if they were on the track. Most of the bikers I know (myself included) ride touring / road bikes, taking it pretty easy and enjoying the views.

Personally I am glad of the fact that I only started properly in my 30s as I think if I started in late teens or 20s I would have been in the "organ donors" category. However that category is also enhanced by a large number of car drivers who are unaware of bikes around them.

In this particular instance, curious that the lawsuit occurred so far after the fact, but maybe he had 3 years of medical treatment to bill - not sure if it's possible to sue for damages that also includes future medical bills related to the incident.

Hipster whines at tech mag for using his pic to imply hipsters look the same, discovers pic was of an entirely different hipster

jmch Silver badge

Re: Why anti-conformists always end up looking the same

See also, goths, emos etc as well as pretty much anyone in a 'nonconformist' group who nevertheless conforms to the group standard

Official science: Massive asteroids are so difficult to destroy, Bruce Willis wouldn't stand a chance

jmch Silver badge
Gimp

"Does this mean a Death Star is now a more distant possibility than before?"

Well, DS is an energy weapon not kinetic. But if the same holds, it means instead of Alderaan being vaporised , it would be shattered into many chunks that eventually will pull back together to reform. Mind you, that's not much comfort to the Alderaanians.

>>> does that count as darth Vader mask? >>>>>

Google recalculated its wages, and yup, raises for underpaid fellas. So can you forget those gender discrim claims?

jmch Silver badge

Re: Well... go on then?

"but it might also be that 99% of their employees are in larger groups. It would be interesting to know how many people were excluded from the analysis based on the <30 or the <5"

It's right there in the article: "Some 91 per cent of staff were included in the analysis"

jmch Silver badge

Re: Statistical analysis on small groups is pointless...

"Why would they divide up employees into small groups if they're trying to get company wide stats?"

Presumably because it pays devs in California more than those in Bangalore, it pays techs working on core revenue-generating teams like Adwords more than first-line support etc etc. Averaging across all of Google makes no sense.

Danger mouse! Potent rodents 'see' infrared after eyeballs injected with nanoparticles

jmch Silver badge

Or if the whole spectrum is shifted and you can't see blue/violet any more?

Brave claims its mobe browser batt use bests whatever you're using. Why? Hint: It begins with A then D then V...

jmch Silver badge

Re: sigh

"You are NOT entitled to display adverts on my equipment unless I expressly allow it.

Unless I'm allowed to spraypaint my advert on your living room wall, that is"

Wrong analogy. Your own local content on your pc/ local network can be described as your digital 'living room'. But whenever you're in a browser you're explicitly viewing someone else's content on someone else's server. That's more analogous to walking into someone's shop or office. Sure some shops / offices have ads / promotional stands you are not interested in, and sometimes they are actively in the way and annoying. But you can ignore them, and if that's still not enough, you can inform the owners that they are annoying you, and/or stop going to that shop/website. It's their choice to run ads, most likely because they don't make enough money otherwise because you don't otherwise pay for the services / content you're getting.

Ads are terrible, intrusive etc, and they absolutely should be limited in terms of tracking and personal data gathered. BUT they are the price of otherwise 'free' or very cheap content.

Microsoft 'welcomes dialog' over HoloLens use by the military, but doesn't have to listen

jmch Silver badge

Re: Have they thought it through?

"The primary purpose of the military is not, actually, to kill people. It is to stop people from killing (hurting, stealing from, etc.) you. Note for example, the justification for the US military in the Constitution: "to provide for the common defense"."

Ministry of peace = war

Ministry of plenty = famine

Ministry of love = torture

" ministry of defence " is a figleaf. US certainly wasn't /isn't defending itself in Vietnam, Afghanistan, Iraq, Libya, Yemen etc.

IBM so very, very sorry after jobs page casually asks hopefuls: Are you white, black... or yellow?

jmch Silver badge
Happy

I guess everyone is indigenous to somewhere... so 100% inigenous it is, then

jmch Silver badge
Devil

Re: Are you black, white or yellow?

"IBM only hires Indian people these days."

Red or Brown?

jmch Silver badge
Facepalm

Re: Ethnicity != Race

"it is a legal requirement for US companies to collect statistics about the race/ethnicity of their employees"

Yes, it occurred to me that HR might be actually wanting this data so they can positively discriminate towards underrepresented ethnicities in their workforce and thus earn brownie points for 'improving' the mix. And then miss-specified the requirements horribly and passed the actual work through a few layers of outsourcers, ending up in a lazy / clueless dev nabbing a list off an existing Brazilian site.

jmch Silver badge

Re: sorry or not

"...ethnic descriptions used in the Brazilian census ..."

Doesn't really matter where the list came from, nor whether in Brazil 'amarelo' and 'mulatto' are considered offensive*. Even if the dropdown said 'Asian' or 'East Asian' or 'mixed-race' or whatever supposedly inoffensive term they could come up with, it's still highly inappropriate to ask this question. And THAT isn't something a developer just came up with - if it's part of IBM's main US recruitment website you can bet that it's some pretty high-up people in HR who requested and/or approved that.

*I would think that they are offensive regardless

In a galaxy far, far away, aliens may have eight-letter DNA – like the kind NASA-backed boffins just crafted

jmch Silver badge

Re: Nitro

" There might be a large number of viable alternate metabolisms, each with a tiny chance of arising in the primordial soup"

It's probable that in a primordial soup, the simpler arrangement is more likely to arise

Lunar lander's brief jaunt will place Israel as fourth country to make soft landing on Moon

jmch Silver badge
Headmaster

4th country?

"A success will make Israel the fourth country to have achieved a soft landing on the Moon's surface."

Bit of a quibble here, but since it's a privately funded lander launched by a private company, not the Israeli government, the above statement doesn't quite ring right. What is much more interesting (and a true genuine first) is being the first private-enterprise moon landing, which is a far greater achievement considering that the other 3 previous landers were the world's 3 best-resourced government space agencies .

Eggheads want YOU to name Jupiter's five newly found moons ‒ and yeah, not so fast with Moony McMoonface

jmch Silver badge

Re: Didn't....

"Alass none of them end in either an "a", or an, "e" though..."

If one of the criteria is 'related to Jupiter / Zeus' and another is 'ends in e or a', surely that is a pretty definite list to choose from. I mean, I know Roman / Greek gods were legendarily promiscous, but that list is anyway not going to be more than a few dozen names is it?

You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you

jmch Silver badge

Re: Economic warfare

"Since the US is refusing to actually show why China deserves to be singled out, the only reasonable thing to think is that there isn't a justifiable reason."

OR, there IS a reason that they don't want to make public. For example that the NSA etc haven't managed to compromise any Huawei kit because it is more secure than that from other vendors.

jmch Silver badge

Re: If everything's encrypted, what's the problem?

"If everything's encrypted, what's the problem?"

Because a lot can be made out even from the metadata. The one thing that CAN'T be encrypted is the packet headers etc - the network itself knows source, destination, volume and timing of messages, and a lot can be determined from that. For example feed a juicy bit of (mis)information to a known point on the network and note where subsequent messages are directed

jmch Silver badge

Re: Economic warfare

"a very large country that thinks it's exceptional and which is currently run by a somewhat haphazard and maladroit administration"

Right now that is an equally apt description of the US, China, Russia and Brazil. I'm not that current with what's happening in India, Indonesia, Nigeria and various other Asian an African large countries but I suspect that the same might apply.

In fact, given the messes variously heard about in the UK (Brexit), France (gilets jaunes), Australia (breaking encryption), various EU countries (right-wing / immigration-related issues) etc etc... is there ANY administration in a first-world country that is NOT "somewhat haphazard and maladroit"?

Scandinavian countries? Switzerland? anyone else?

Huawei hasn't yet fixed its security vulns, says UK's NCSC overseers

jmch Silver badge

Re: Different issues

"So, what's the real issue? Is it just poor security (as the report seems to suggest) or fear of Chinese government backdoors?"

They're looking for Chinese backdoors, but can't find any.

So they're grabbing on to any security flaw they can find to use as an excuse for blacklisting Huawei kit. Of course other vendors might or might not have similair security flaws, and should be getting the same in-depth scrutiny. And of course the REALLY pertinent security question is, are they looking for *American* backdoors in other vendors' kit?

Unearthed emails could be smoking gun in epic GDPR battle: Google, adtech giants 'know they break Euro privacy law'

jmch Silver badge

Re: RE: I understand advertising is necessary.

"Advertising - by it's own definition - is unnecessary"

It's unnecessary for the consumer in the sense that if consumer wants something they go get it and if they don't want something they won't. If a consumer wants more specific information or wants to find out options etc, that's what trade magazines/websites and comparison sites are for.

On the other hand, advertising is absolutely necessary for businesses... not only giant businesses with multimillion-dollar ad budgets, but also for small businesses, tradesmen, startups etc. You can't always get by with word of mouth.

jmch Silver badge

Re: "Online advertising model"

"how much of this is money hurled against a wall like so much shit (which, of course, it is), hoping some will stick?

Maybe there are credulous children out there, believing the shabby advertising drivel, but does anyone else even notice this garbage any more?"

quite true... and yet... say you're a small business starting up and want to advertise your product or service, how do you get customers? People blank out ads in newspapers and magazines as much as the online ones... and let's face it, El Reg readership is much more likely to be blocking ads than the general population. Given how expensive print / TV ads are anyway, online per-click ads are still probably a good option.

Sure, maybe you pay for 1000 clicks, 800 of them are fake and from the remaining 200, you get 1 or 2 people who are paying customers. That's still probably worth it from business point of view. Or as I once heard (paraphrasing here) "we know X% of marketing dollars are wasted, but we don't know which ones". In other words, business owners are prepared to pay for online ads even when they know that the vast majority of them are a waste.

Personally I think it's better to go back to a model of targeted advertising based on site-specific content rather than individual targeting. eg advertise sportswear on a sports site, fashion accessories on fashion site, electronics on tech site etc. That provides a minimum of targeting without invasive tracking and privacy issues. And from the consumer side, what is needed is a combination of legal safeguards a la GDPR and technical solutions like 100% of browsers having inbuilt VPN / gateway system that exposes only the absolutely necessary information to the server and/or for anything else keeps changing externally visible identifiers and severely limits cookies so the server can't track users across sites / sessions etc

Page:

Biting the hand that feeds IT © 1998–2019