* Posts by John Riddoch

599 publicly visible posts • joined 12 Jan 2009


EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

John Riddoch

Re: Can an AV be effective if not in Ring 0

Anything run in user-space is vulnerable to being hijacked by a virus/malware and is harder to make resilient. Not impossible, but significantly harder and even if you think you've got it right, the bad guys will be continually probing for some kind of a weakness to disable your protection.

John Riddoch


You're hitting a set of requirements that kinda force this situation:

  • AV has to run in the kernel to be able to detect and prevent virus/malware attacks
  • Kernel driver has to be WHQL certified - a process which takes a defined amount of time
  • New virus/malware signatures need to be rolled out on an almost daily basis to match the unrelenting grind of the virus/malware writers trying to bypass your tools
Combine all these requirements and it becomes nigh on impossible to write a functioning AV solution which can be updated quickly enough to adapt to the threats out there, so it ends up having to run code outside of the certified driver. There are probably ways to make it more resilient, but I'm not a kernel developer/coder so don't know how messy that would get.

Just to add to the chaos; if you assume every AV update is a new signed driver, you have to unload the old driver and attach the new one, leaving a short period the system is unprotected, assuming you can easily remove the old driver without a reboot.

This doesn't forgive the monumental screw-up that Crowdstrike have made, but it does show why certain design decisions were made.

CrowdStrike file update bricks Windows machines around the world

John Riddoch

The effort on rolling updates is a definite perceptible effort which carries much more weight than a hypothetical effort to recover the systems when it breaks, so people think "meh, it'll be fine" and crack on with immediate rollouts. Doesn't make it right, but that's how people think, particularly if they have to do manual approvals of AV signatures on an almost daily basis.

I expect a lot of companies will be reviewing those processes now, though.

John Riddoch

There's an argument that this validates the decision to ban Kaspersky. If the Russian government went in, they could conceivably force them to release a "bad" update to non-Russian IPs which bricked devices and beyond the ability to recover by simply deleting a file in safe mode. Far-fetched? Certainly. Possible? Absolutely. You'd get to do it once ever, but the potential impact to Western IT might make it worthwhile from a Russian perspective.

In any case, it's re-highlighted the value of a supply chain attack on anti virus/malware vendors.

John Riddoch

Setting up rolling updates takes effort. Also, while you delay updates to your critical systems, they're vulnerable to the latest malware/viruses so there's definitely an impetus to roll out AV/anti-malware updates ASAP.

I'm still not sure how the hell Crowdstrike managed to release an update that was so badly broken, though. Wasn't it tested? Or was it a supply chain attack?

China's Honor debuts laptop with bonkers removable camera that lives in a little slot

John Riddoch

"unclear how the camera connects to the laptop"

What, apart from the 4 copper connectors which are visible at 1:35? Looks to attach via magnets to the dock and the top of the laptop with those 4 connectors providing the necessary power/connectivity to the camera.

Is it a good idea? I'm not so sure. As mentioned, there's a decent chance of it getting lost. Interesting gimmick though.

Supreme Court orders rethink on Texas, Florida laws banning web moderation

John Riddoch

Re: Waters still muddy?

The laws are a bit of a mess. The initial issue was social media companies were treated as "publisher" and liable for whatever was posted on their sites, opening them up to charges of libel, market interference, child pornography etc, etc. This was obviously a problem as it would require them to moderate /all/ the content before it got posted and would break the entire model and frankly, it didn't make a lot of sense as the poster should be liable, not the platform.

Alongside this, platforms want to cut out the worst of the dross on the site, whether it be hate speech, misinformation, illegal content etc because they drive down the value of their site, but that makes them moderators and creates other issues.

This leaves them in a half way house between common carrier and publisher/moderator and it's a mess. Interference by one government opens up the option of interference by another.

Good news: The iPad Pro 13 is a bit more repairable

John Riddoch

That's probably more in reference to the iPhone. When it first came out, most mobile phones would typically last 4 days or more between charges; a week from a single charge wasn't uncommon. All of a sudden, your iPhone wouldn't last an entire day of regular usage. It was a bit of a backwards step, my first mobile in about '97 needed daily charging as well, so going back to that felt wrong. However, we've mostly gotten used to needing daily charges on our mobile devices. That then meant a daily charge on a tablet was broadly accepted.

Computer sprinkled with exotic chemicals produced super-problems, not super-powers

John Riddoch

Mentioning JANET reminds me of my days working as IT support at a university. I did support for one department's IT (as it was computing, we had some extra requirements), so wasn't hit directly by the fallout, but the science department had a very large microscope which has some kind of water cooling. Which leaked. Right above the computer room for the rest of the university. This being the 90s, disaster recovery and resilience didn't really figure highly in people's minds nearly as much as "how cheaply can we build this, given we have a uni budget".

Most of the IT for the rest of the uni was out for about a week, really glad I didn't have to do anything with the recovery to be honest...

I can fix this PC, boss, but I’ll need to play games for hours to do it

John Riddoch

Re: I know for a fact ...

From what I've heard, playtesting games involves doing every single weird thing you wouldn't expect players to do, so you'd spend hours running round a single level walking along the walls, jumping at odd places and generally trying to test the bounds of the play area to destruction. Very little of it involves actual "playing".

As for generic software testing, it's the whole "software tester walks into a bar and orders 1 beer, 5 beers, -1 beers, fjioewjiofewj beers, 1.2389028190 beers, etc"

Help! My mouse climbed a wall and now it doesn't work right

John Riddoch

Re: Mouse balls

With my fat fingers, fingernails weren't always an easy option for that. I used to always have my Leatherman on my belt at work and just used the knife on that to scrape off the crud when a mouse stopped working. The Wave was great in that you could take it out of the pouch, open up the blade and put it away after with one hand. It was also handy having a screwdriver on you at all times.

Throwflame launches fire-spitting robo-dog from Hell

John Riddoch

Or "Dracarys"

Voyager 1 regains sanity after engineers patch around problematic memory

John Riddoch

Re: Difficult to comprehend that...

According to NASA, there's about 68KB of memory in total. The FDS have 8198 16 bit words, so about 16KB for each FDS computer. I've created an empty Word doc which is actually just under 12KB as .docx and 26KB as .doc, so it depends on the format you want to save it as. Word used to be a lot worse I recall, so it also depends on which version you're using...

Regardless of that comparison, 8198 words doesn't give a lot of wiggle room to move stuff about...

IT consultant-cum-developer in court over hiding COVID-19 loan

John Riddoch

Re: That'll teach him, won't it!

It will also put a dent in any IT career where there is pre-employment screening. Being banned from being a director will disqualify you from an IT job at a bank for a start, probably a whole bunch of other industries too. I don't know if he'll find the money "worth it" in the long run, but he may well have got off lightly in the process.

Rarest, strangest, form of Windows saved techie from moment of security madness

John Riddoch

We had a couple of the SGI MIPS Windows workstations when I was doing IT support for a Uni department. I didn't do much on them, but I recall they weren't particularly reliable, even worse than regular Windows NT; given their peculiarities and rarity, they probably didn't get much attention from MS for patches & support. I don't believe they got much usage either, they'd been bought to do some kind of 3D stuff for someone's PhD IIRC, but didn't work that well for the job.

Zilog to end standalone sales of the legendary Z80 CPU

John Riddoch

Re: 8-Bit Wars Redux

The C64 had better sound & graphics, but I recall it struggled with 3D. The game "Driller" (an early 3D first person game) apparently struggled on the C64.

Tinkering on the Spectrum was very helpfully enabled by the manual which went into great detail about the innards of the system. It probably drove me into computing the same as yourself.

Judge refuses to Ctrl-Z divorce order made by a misclick

John Riddoch

To add into this, it's like to be a LOT of financial blackmail at stake here. From another article on the debacle: "Vardag, the self-styled ‘diva of divorce’, has acted for several wealthy clients, including obtaining a £64 million settlement...". This isn't likely to be an average divorce arguing over the family dog, it's going to be an argument about how many millions the former Mrs Williams gets from her ex-husband.

Torvalds intentionally complicates his use of indentation in Linux Kconfig

John Riddoch

Re: Semicolons and curly braces, forever.

I'm sure it was /etc/syslog.conf on Solaris that really didn't like spaces instead of tabs. Of course, everything looked ok to a human, but it just failed spectacularly. It usually happened when copying & pasting from another system, because it would copy the tab as spaces into the new file.

Senator Warren slams Intuit's 'junk fees' as America's Tax Day rolls around again

John Riddoch

Re: The government creates the rules, we just play by them

I'm one of the 25% in the UK filling out a tax return, takes me about an hour, half of which is tracking back to find the dividend payments for the relevant tax year (which are still low enough to not pay tax on, but I figure it's safer to declare rather than get pulled up in an audit...). I spent many years not having to fill one in, but I had to do it while contracting (needed to sort out the pension deductions which weren't taken off at source) and latterly due to child benefit clawback. Easily done via the tax portal and it does most of the work in terms of calculating tax due and fixing my tax code.

I'd agree an accountant is often worth it, since they'll pay back their fee in tax savings; even for a simple sole trader, get an accountant for a year or two to figure out the right tax breaks before going it alone.

US is "special" because companies bribed (sorry, "lobbied"...) the government to let them fleece the populace in the name of "freedom".

Sleuths who cracked Zodiac Killer's cipher thank the crowd

John Riddoch

I'm sure there's a rule that states that any attempt to point out a spelling error automatically has its own spelling mistake...

Do not touch that computer. Not even while wearing gloves. It is a biohazard

John Riddoch

Re: Following BSE in cattle...

My dad retired from farming a few years back, but as far as I'm aware, they still have passports and have been expanding use to other animals. Thankfully, it's mostly done online these days; I had to help my mum the first time she used the portal and was pleasantly surprised at how well it was design from a UI/UX perspective. It was remarkably easy to use and work with and this was something like 20 years ago when web design wasn't as advanced as now. Shocking that a government IT project could actually work well!

AI models show racial bias based on written dialect, researchers find

John Riddoch

Re: Not at all surprising really

"Garbage In, Garbage Out", or in this case, racism being fed into AI by means of the training set will lead to a racist AI. Google tried fixing this with some manual tweaks, but it wound up putting diversity in where none existed (e.g. black or Asian soldiers in the German army from WW2).

Even if you don't explicitly ingest racist information, most written works from the last few centuries up until very recently have predominantly been written by white men who were writing for other white men. As a result, the world view of anyone "reading" that written work will have biases inflicted upon them which are very hard to remove.

Job interview descended into sweary shouting match, candidate got the gig anyway

John Riddoch

I recall someone telling me about an exam test for Excel where it was a mockup interface of Excel and asked you to perform various tasks[1]. One of them was "copy cell A2 to cell B5" or whatever and the only way which worked was to use "Edit/Copy -> Edit->Paste" via the menus so everyone who knew the keyboard shortcuts would fail that part of the test. There are at least 4 methods to copy cells I can recall off the top of my head and there are probably more which will work equally well, so having it only support one was pretty short sighted.

Any time I've been asking the technical questions, I tend to be fairly open to whatever they'll come back with. There's usually 5 different ways to start dealing with a problem, all of which are valid. I'm generally looking for an idea of their approach than specifics (which are mostly found via Google, let's be honest).

[1] this was some time ago when experience in MS Office wasn't a given.

'We had to educate Oracle about our contract,' CIO says after Big Red audit

John Riddoch

Re: Audit checks

Most software is installed in a single use case with a fairly clearly defined license requirement and it's relatively simple for a company to stay within those bounds.

Oracle RDBMS has so many options available for use it's hard to keep track of which ones might be enabled and what the impact to your license fee might be. Don't run diagnostics pack without licensing, because that's another charge. Add in the complicated (and self-serving) virtualisation rules and you can end up using significantly more licenses than you think you're using. Next, we add on the fact that Oracle licenses are expensive and there's a strong incentive for Oracle to investigate your usage because you're probably using more than you should without realising and they can extract lots from you.

World-plus-dog booted out of Facebook, Instagram, Threads

John Riddoch

Re: I've got a tenner...

BGP or DNS are my guesses, but DNS is most likely.

German defense chat overheard by Russian eavesdroppers on Cisco's WebEx

John Riddoch

Ah, yes - the Bowman system, aka "Better Off With Map And Nokia" as it was penned by the troops forced to use it...

It's that most wonderful time of the year when tech cannot handle the date

John Riddoch

And yet 2000 was a leap year, which meant that anyone who only partially understood the rules would get caught out. If you only knew the "every 4 years" part, you'd be fine. If you remembered the "except every 100 years" and forgot the "unless it's the 400 year mark", you'd get it wrong. One of those occasions where being mostly wrong was better than being mostly right...

As for 2100 - there's still a push from some to get rid of leap years/days, so we may not be working with the current calendar by then anyway. Which means we'll likely have other software bugs in date functions to deal with. The three certainties in computing: BGP errors, DNS failures and incorrect time/date functions.

China breakthrough promises optical discs that store hundreds of terabytes

John Riddoch

How long is it readable for? This is pointless for archive storage if it degrades within 10 years. The problem is that you're not really sure on the longevity until you've stored it for a while.

A path out of bloat: A Linux built for VMs

John Riddoch

Re: Your next talk?

AWS pretty much roll their own hardware stack using the Nitro cards which do most of the hypervisor/IO work on each node. That's obviously a niche case where hyperscale cloud providers can make savings by making dedicated hardware whose only purpose is to run virtual machines.

John Riddoch

Re: The really clever thing about IBM mainframe VM/CMS was...

"Do any x86/*nix virtualisation solutions use shared read-only boot disks?"

Solaris sparse root zones shared the binaries from the global zone. It made for efficiency, but it was a pain to manage as it lost flexibility as every package had to be installed in the global zone and moving zones between servers would be even more complicated.

When red flags are just office decoration: Edinburgh Uni's Oracle IT disaster

John Riddoch

There's a joke which I've seen where the engineer's "this is full of shit" gets translated up the management line to "this is akin to manure" before going to senior management as "it is like that which provides growth" as the rough edges get chipped off the communication. No-one likes to tell their manager that things are failing because they'll get the blame, so nothing gets reported accurately.

See also: Horizon. At least in Edinburgh Uni's case, it hasn't resulted in wrongful convictions of innocent people.

Developer's default setting created turbulence in the flight simulator

John Riddoch

Re: literally fell out of the back of the cargo truck taking them from the airplane

Worst I've seen was a Sun rack with some T3 disk arrays in the bottom of it. The guy unloading it from the van didn't get it properly on the tail-lift and as the tail lift was lowered, it caught the truck floor and made a lovely "flip over" manoeuvre onto the ground... Not sure on the total value, but this was about 2003 so it wouldn't have been cheap.

My mate who was taking delivery of them had to go through a post incident safety briefing because of the potential for injury/death if some poor soul had been in the way... Given that the delivery driver should have been more experienced in the safety precautions necessary, I think they were chasing the wrong person.

John Riddoch

"And don't call me Shirley"

Japanese government finally bids sayonara to the 3.5" floppy disk

John Riddoch

Re: Ha! Ha! I'm typing this on a PC which still has a 3.5" floppy drive...

I stopped having a floppy drive mostly by accident. My PC at the time had a bad habit of taking ages to start up Explorer and I tracked it down to the floppy drive, I think because I hadn't yet reconnected it after some work in the guts and noticed it loaded quicker, so I left it unplugged, but still in the case for when I needed it next. A year later, I realised I hadn't needed it nor missed it and my next PC didn't get a floppy drive installed. If I hadn't had that issue and left it disconnected, I'm sure I'd have probably gotten one installed Just In Case (like you did), but I haven't missed having one over the years.

I still have the drive in a drawer somewhere, although I'm not sure I have a PC I can install it to; I think the floppy drive ports on motherboards were rendered obsolete some time ago.

Major IT outage at Europe's largest caravan and RV club makes for not-so-happy campers

John Riddoch

Re: What does CAMC run on

Quite possibly it's running IIS behind a Linux based load balancer/reverse proxy. That would report Linux as the OS running on the IP but IIS headers returned via HTTP(S).

The rise and fall of the standard user interface

John Riddoch

Efficient interface

The history of vi tracks from this. Once you get the hang of its obscure commands, vi is very powerful, allowing very quick editing with minimal keypresses. When you consider it developed from "ed" (the old single line text editor) run over a slow serial line, it makes sense. You didn't want to send complicated commands to the expensive server from your dumb terminal, because that took limited bandwidth on your serial line and used expensive CPU cycles.

Does vi follow any UI guidelines? No. Is it user friendly? No. Is it efficient once you get to know it? Yes. Given that it was the only editor guaranteed to be available on Solaris, AIX & HP-UX servers, it became my default editor to use when managing them. With Linux, you're far more likely to have nano or something available but I still just use vi/vim.

BreachForums admin 'Pompourin' sentenced to 20 years of supervised release

John Riddoch

Re: "forbidden to use the internet"

That is actually a really harsh punishment - many things these days are difficult or impossible to do without internet access. Some examples:

- taking stuff to the dump - you have to book appointment online here

- paying bills - most of them require online banking or payment via website

- banking in general - all those branch closures make it harder

Five ripped off IT giant with $7M+ in bogus work expenses, prosecutors claim

John Riddoch

Re: Wait, what??

Yes for UK, I studied accountancy in the early 90s and one of the things I learnt was that illegal earnings had to be declared to HMRC. I did wonder how many criminals did declare those earnings and whether HMRC (or Inland Revenue in those days) would pass that information along to the police...

I suspect that part of the law serves two purposes - first, to put the boot into criminals by doing them for tax evasion as well as their crimes and secondly it's probably easier to prove "person hasn't declared earnings" than "these earnings are part of this criminal enterprise" a la Al Capone.

How governments become addicted to suppliers like Fujitsu

John Riddoch

Agreed. I can usually get mine filled in in about 15 minutes; takes me longer tracking down dividend/interest payments than going through the form. It hasn't changed much in about 10 years, I think, but it works. Doesn't need any more bells & whistles.

DARPA's air-steered X-65 jet heads into production with goal of flying by 2025

John Riddoch

Re: Germany's F-104 tragic statistics

The Luftwaffe didn't fly any combat missions between 1945 and 1995 (when it was part of a NATO force in the Balkans) so that's a safe assumption.

Another airline finds loose bolts in Boeing 737-9 during post-blowout fleet inspections

John Riddoch

Re: A gross understatement?

Possibly - there are, I think, 3 options:

1. They weren't tightened/installed properly at the factory and no further inspections have been done since it went into service, so a flaw in assembly.

2. They've come loose and haven't been picked up at an inspection, which would indicate poor maintenance

3. They've come loose between inspections; e.g. you're supposed to inspect these bolts every 200 flight hours and they've come loose after 100 hours, so there's a gap between "bolts becoming loose" and the next inspection. That would indicate a flaw in the maintenance schedules or design/installation of the bolts.

In any event, something will get added to the maintenance checklists but I'd be worried about any other bolts which could either be loose already or could come loose and cause another incident. The relevant authorities will no doubt be working at figuring out which of the above applies and sorting out the details.

Microsoft pulls the plug on WordPad, the world's least favorite text editor

John Riddoch

EOL characters

Wordpad had the advantage that it managed with Unix newlines, so if you got a file from Unix/Linux, you could view it without having find unix2dos somewhere to fix it. I think that was my main use of it over the years.

It's a passably usable word processor without any of the bells and whistles, but it's certainly capable of creating some simple documents with basic formatting. Hardly surprising they're ditching it, probably to encourage use of O365.

CEO arranged his own cybersecurity, with predictable results

John Riddoch

Re: Customers are the security liability

Humans are the weak point in most company's security because they're fallible and prone to try and help. Just yesterday, El Reg reported that attackers just needed a "10-minute call with the help desk" to break in.

Various companies are now working on this, with education for staff on how to not be an idiot, test phishing emails etc and people still fall for it.

Lapsus$ teen sentenced to indefinite detention in hospital for Nvidia, GTA cyberattacks

John Riddoch

Re: "broke into Rockstar Games using an Amazon Firestick, his room's TV, and a phone"

He's either really, really good or Rockstar's security was really, really atrocious. Possibly a bit of both, to be honest, but I agree it's pretty darned impressive.

SEC charges ex-medtech CEO with fraud for selling plastic fake implants

John Riddoch

Re: Sound business principles

Yup, same thing happened with Activision/Blizzard - https://www.sec.gov/news/press-release/2023-22 - Workplace bullying is fine according to the SEC, but keeping schtum to investors about your staff leaving because of it is absolutely not allowed.

Also Google+ having massive insecurities - SEC fined Alphabet for not advising investors of potential vulnerabilities: https://www.theregister.com/2022/03/07/supreme_court_alphabet_google_plus/

Doom is 30, and so is Windows NT. How far we haven't come

John Riddoch

Re: Computer did get faster, software did get bloated.

It became cheaper to double the RAM/CPU than it did to have a programmer fix the issues.

40 years ago it would be 10s of thousands to upgrade your server, but say £5k of programmer time to optimise your code in assembly. Now it's 10s or 100s of thousands of programmer time to optimise the horrible spaghetti Java code, or £5k to add another server to the web farm. There's no point optimising code to be efficient any more unless you're doing specific embedded software on micro controllers and even then, it's probably still cheaper to buy a Raspberry Pi to do the job...

Share your 2024 tech forecasts (wrong answers only) to win a terrible sweater

John Riddoch

Governments around the world realise how silly they've been working with traditional currencies and all adopt Ethereum as their new, unified currency. This sudden consensus also results in world peace and harmony and an end to wars (yes, even in the Middle East).

Revival of Medley/Interlisp: Elegant weapon for a more civilized age sharpened up again

John Riddoch

Re: lore

Reminds me of question - which git put that "S" in the middle of the word "lisp"?

Will anybody save Linux on Itanium? Absolutely not

John Riddoch

I remember the early Itanium announcements, declaring how much faster it would be because you'd optimise code at compile time rather than runtime. That struck me as being a "better" way to do things, because you didn't mind if compilation took ages, provided it resulted in an efficient binary. Of course, initial compilers were poor and the resultant assembly wasn't as good as expected. I recall Intel finally releasing a compiler which made it better, but by that time, other architectures had moved on, Microsoft, IBM and Sun had ditched the idea of porting their operating systems to Itanium (or were very close to it).

The LWN.net article seems to explain it concisely - a seemingly good idea aged poorly and no-one wanted to give up on it after investing however much time and money into it.

Why have just one firewall when you can fire all the walls?

John Riddoch

Yeah, you can get away with major outages caused by an approved change record with a minor slap on the wrist and the agony of a post incident/change review, but a minor outage without a change record often results in a swift exit from the company.