Posts by Anteaus

Unlikely to succeed, but...

Agree that SETI is unlikely to find anything, since the timespan over which a civilization uses radio is probably too short. The likelihood of any near us to be doing so right now (or a few hundred years ago to allow for transit time!) is slim.

Though, if they want funding, they need to weave a climate-change argument into the request. Then billions, not a few paltry millions, will flow in.

Bug found

"Hey Steve, I've found the bug. There were these two slashes on the line that was supposed to delete the old data. I guess someone must've knocked the keyboard when we were rebuilding it."

Correlation = Spying

I think this underlines a more general point, which is that having too many facets of your life rely on one service, or one device, creates a security issue. From that point of view a separate GPS is less convenient to carry around than a combined GPS/phone, but avoids the issue of data misappropriation.

This principle of combining data was one of the key issues with the government's thankfully-failed ID Card scheme. Having to use the SAME card for numerous searches would have created security issues which the use of separate cards would not create. Plus, many such security issues would have been hard to anticipate.

Then again, how many phones now sport Facebook apps? OK, so an unscrupulous carrier could did a goldmine of info by correlating contacts in there, and GPS logs. And, so it goes on.

It's basically a situation where 2+2 does equal five, the sum total of combined info being worth more than its parts. The more devices and services are integrated, the greater the value of the combined data, and the greater the temptation for abuse.

Novell priced themselves out

Having been originally trained as a Netware installer, I recall that platform with something of a grimace.

Basically, Novell had a good product for its time but priced themselves out of the market by way of punitive licensing arrangements. In one case we had to pay over £2000 to add two users to a system, because they refused to sell us two licenses and instead demanded that we buy a (one-point) version upgrade for the whole site.

It was after this experience we switched to NT.

Later they switched to Linux, but by that time we were using Microsoft or Debian and weren't interested.

To be expected if you...

Which I think goes to show that if you are going to lock horns with some people who don't care about human rights, then you need to make sure you protect your own rights. Especially, your website.

That said, I do have reservations about the current trends in UK/EU human rights legislation, which seems to have degenerated into a charter for pampered minority-groups to demand preferential treatment, and to sue the shirt off anyone who denies them special status.

Hell, as a topical example we can't even use red or green in games anymore.

This, IMHO, is a bastardisation of the original purpose and spirit of the HRA, which set-down rights which apply to ALL citizens, without exception or predjudice.

-The maintainer of a local Amnesty website for about a decade. (hopefully, malware-free)

OK so you're the editor...

.. of Rolling Stone or Radar, and you're offered a story which you know is part of an orchestrated campaign of malice.

Do you publish?

If you publish, and become the subject of a DoS attack by the victim of this campaign of malice, do you then launch a retaliatory legal attack against the victim of the malice, or do you simply acknowledge that you should not have done that, and that the consequences are your own fault?

Anyone with an ounce of moral fiber would do the latter, methinks.

Bad design = poor acceptance

Cursing yesterday when I typed ipconfig on a customer's remote computer, and had to spend ages trying to find the IP address somewhere in the midst of the screeds of crap which scrolled right offscreen. Since it was Vista I made excuses about Vista being useless. But of course, any IPv6 OS is the same.

Industry has had a decade to switch to IPv6, and the fact that uptake was so low should have been a warning to the standards guys that they needed to rethink. Unfortunately, it's probably now too late to implement a better standard.

"Rich user experience" to blame.

MS are so keen on this cliche - along with "Tight integration" but somehow can't see that it's at the root of most PC security problems. They're not called Trojan Horses for 'nowt, and every time MS invents another risky file-embedding technology, they create another opportunity for something nasty to get onto your computer by a totally-unexpected route.

Who is to blame here, user or coder?

I'm in two minds as to whether this is the fault of the software, or the fault of the user. Yes, us geeks know not to use CC for multiple addresses... but is it reasonable to expect the average appliance-user to know WHY that is bad practice?

Is a user of an electric shower supposed to study the differences between a TNC/S or a TT electrical supply before they use the appliance? Or, would they assume that provided they operate the controls correctly, they should be safe?

By the same token, suppose an 'appliance user' updates a CMS webpage and in doing so types an email address. The software they're using then automatically converts the address into a 'click to mail me' URL.

The user draws the conclusion that (a) this is marvellously helpful and brilliant software design, and (b) that there can't possibly be anything wrong with doing this, or the 'smart' software would surely have said so. On the strength of this, they decide to put all of their colleagues' email addresses on the webpage too. After all, why not, it's helping people to contact them is it not?

I shouldn't need to explain what the outcome of this will be. (Cue four vikings sitting in a cafe...)

When you think about the CC/BCC issue in the same context, maybe software should warn the user if they type more than a specified number of addresses into a CC field. Say, five or ten.

-Paris, because she knows what it's like to have your private stuff published all over the place.

Oh bollards!

I can forsee those doors getting bashed to pulp rather quickly, thanks to the EU's past schemes to line the edge of every pavement in Europe with a million iron spikes.

Which underlines the risks..

..of posting naked-and-vulnerable Mailtos on webpages. In that case, no sophisticated exploit needed, just a spammer with relatively-simple harvesting robot to collect the addresses, and you're in exactly the same kind of trouble.

Failure of safety equipment is what mattters

The fact that there was no great release of radiation is immaterial.

Suppose you fit a burglar alarm to your house. A thief enters, and the alarm fails to sound. The thief decides there is nothing he wants, and leaves empty-handed. Does that mean the alarm is perfectly OK?

What matters here is that the safety provisions failed to prevent a critical situation. That critical situation could well have led-to a meltdown, or even a Chernobyl-style explosion. In fact, it very nearly did. The safety features are therefore NOT satisfactory. That is the lesson we need to learn from it.

Much bigger loophole.

The biggest VAT loophole is that registered businesses can reclaim VAT on goods for internal use, thus everything they buy for themselves is effectively zero rated. It's time this loophole was closed, and they were made to pay fairly for goods, same as everyone else.

Well done!

Though, the spammers might not be the only ones miffed about this. I'm betting some DNSBL operators are grinding their axes and calling Microsoft all kinds of unmentionable things.

Fortunately, I somehow doubt they'd have the brass neck to blacklist 207.46.0.0/16 in retaliation for the proportional reduction in filtering-service revenue.

Infinitely worse for all road users

Just down the road from here they've put in about ten sets of lights where previously there was one roundabout and one set of lights. There are now traffic jams all day. There were never any serious jams before.

I walk up that road frequently, and walking is a slow process too. Every junction involves waiting for two sets of pedestrian lights, sometimes three. The place is lined with 'cattle fences' to stop people crossing anywhere else except the lights, and cyclists are concerned about being crushed against these. Hence, although there are cycle lanes, they use the pavement.

Then there is a rash of the 'bollard disease' where a section of pavement already too narrow for the volume of foot-traffic has had a third of its already-inadequate width taken away by a set of metal spikes stuck in the ground. What for, God knows.

That, and they're using a new style of lights with no 'green man' except at the pushbutton. That means you have to rely purely on the audible signal, or the person nearest the button starting to cross, you don't actually know if the lights are red or green. I've seem several cases where a brake-squeal has led-to pedestrians stepping-into the path of traffic. Sooner or later there's going to be an incident where a bus or lorry with squeaky brakes mows-down a crowd of people.

Not far away, there is a junction where you have to make violent swerve into the outside lane with only a few yards' warning, to avoid being chicaned-off left. You can tell when you're walking near this junction, by the constant peal of horns and the occasional screech of tyres.

-Thing is, I'm not aware that there was any particular traffic problem in this street before they started on these changes. All of the problems have been created BY the changes.

-What do these planners smoke, I ask?

Web access is the issue

The mistake isn't in having coding runtimes, it's in making those runtimes accessible to websites by way of browser plugins, and in doing so without the user's knowledge or consent. I daresay that qbasic could be used to write malware; the difference is that qbasic code cannot be run inside a browser. Java, .net and in some cases .vbs can be, and this is what makes them dangerous.

If you use a Mozilla browser you can edit greprefs\all.js to stop java (and other large attack-surface plugins) being automatically loaded into the browser. Type about:plugins in the URL bar to see just how wide an attack-surface you're exposing. You may be surprised.

Wait till they 'upgrade'

The problem they're really gonna hit is when they try to 'upgrade' to Win7, because that's when they'll find the real compatibility snags arising. IME, Linux and XP computers on the same LAN can coexist reasonably well, but Win7 and XP computers don't get-on well together for numerous reasons. This is especially so in a domain environment.

This means that the 'upgrade' to Win7 preferably needs to be done in one fell swoop to avoid these issues, perhaps over a weekend. But, imagine the costs involved in doing so, not to mention the downtime if any snag is hit.

Cloud has other security issues too..

A point raised on allspammedup.com is that spammers have latched-on to the fact that with the trend toward IMAP instead of POP mail, more and more users now leave their entire email collection on a cloud server instead of, or as well as, downloading it onto a PC. This opens the possibility of 'bots being used to find accounts with weak passwords and harvest the From: addresses of the emails therein. Naturally these addresses then get hammered with p*nis-pill ads.

Thus, having a weak password on a cloud account has deeper implications that you might think. It can cause harm to your associates, as well as to yourself.

Bit like ID cards really...

This underlines one of the key issues with the now thankfully defunct ID card scheme, and with RFID passports. If another person can easily copy and re-use your credentials, then the ID system facilitates crime instead of preventing it.

You could recognise a DEC engineer by..

..the lacerated fingers.

Thing I instantly recall about DEC PCs was the razor-sharp, unfinished metal edges inside. Very nasty to work on, especially as they seemed to go for ultra-compact layouts which meant digging-in tight corners to fit HDs etc..

Only ever pulled one PDP apart, and I don't recall it having the same 'sharps' problem as the PCs.

(There isn't a thumb dripping red stuff icon so..)

Reasonable, provided a warrant is required

..and adequate evidence having to be put on the table, but not without.

For examples of why this would otherwise be bad, you only have to look-at the 'vigilante justice' meted-out by DNSBL operators.

We've seen too many examples of police departments having very poor understanding of IT, and that opens the door to all kinds of exploits to get rival sites shut-down, by way of exploiting that lack of understanding.

Rehash of an old idea

Unpowered rotating wings are not a new idea, in fact they predate the commercial development of the powered-rotor 'copter.

From what I understand -having examined a few autogyros at an aircraft maintainer's hangar some years back- they are easier to fly than a regular 'copter (no collective lever, and no rotor-induced yaw to complicate the control-inputs) but do have one or two nasty vices that powered rotors don't have.

The advantage over fixed-wing is that by running-up the rotor on the ground, a very short takeoff run is possible. Likewise on landing the lift from the rotor is maintained down to almost zero airspeed, making for a short roll. The things they can't do, of course, are to takeoff or land vertically, or hover.

As for me, I'd love a fullsize one of these to go to work in:

http://www.youtube.com/watch?v=gvH2f-AewX8

-A black one, naturally.

Now, that would turn heads. ;-)