Posts by Pascal Monett

Amazon said: "We believe..."

Well duh. What an indispensable statement. Really, I was on the verge of thinking that Amazon thought it didn't pay enough tax and was forced by Luxembourg to reduce the amount. Thank you for the clarification, Amazon.

This PR bullshit is really starting to get on my nerves. The fact that the state of Luxembourg says they believe Amazon did not benefit is actually news. The fact that Amazon thinks so is just obvious because they'd say so even if they knew it was not the case.

"an asteroid hit the volcano, leaving a crater and sending the materials rocketing to Earth"

Given that an atmosphere would likely have slowed down the ejecta by a significant margin, would that mean that, at that time, Mars already had no atmosphere ?

We know that it lost its magnetic field billions of years ago, could that not help determine when ?

"I will die within a year"

He's a Tom Clancy fan, then ?

Seriously though, although I am ready to believe that CIA agents are perfectly capable of killing a high-profile, wanted individual of any nationality if there is a need, if he was in such danger from US spymasters he might have wanted to avoid going to a US-extradition-friendly country in the first place ?

When you play the game, you play it all the way. If you are aware that you have information that is so badly wanted by a given country, you plan your life around avoiding getting caught by that country.

The fact that he did not do so signifies that his claims are rather on the bogus side, or at least that he is not the professional spy he thinks he is.

"Java [..] is the number-one programming language"

His argument, apparently, is because of the number of thingys that run it, essentially. Number which is respectable indeed, except that I will never forgive whoever thought it was a good idea to put Java in a Blu-Ray player.

But if he can use his metrics to justify his position, then I can propose another number one programming language as well : COBOL. Because without COBOL, VISA, MasterCard and American Express, not to mention PayPal, all grind to a sudden halt and the world's economy collapses in the hour.

Java, with all its faults, doesn't hold a candle to that.

From the looks of it, cogs were falling off all over the place

So, let's countdown the failures :

-VMs were axed

- Backup vaults were not available

- Azure Site Recovery lost failover ability

- Azure Scheduler and Functions dropped jobs

- Azure Monitor and Data Factory experienced pipeline errors

- Azure Stream Analytics went on the fritz

- Azure Stream Analytics had a stroke

Apart from that, the Cloud is marvelous, never fails you and you can always access your data.

Except when it FUBARs and no backup is working any more, but the salespeople will never tell you that.

All valid points, with one caveat

If the management cannot stick to the plan, all your points are moot.

So basically the success of any complex project is based on whether not management can cope with not interfering all the time. The rest is par for the course, but you can have the most brilliant team in the world and the project can still fail if manglement can't stay away long enough for stuff to get done.

R.I.P. Hugh

I spent my fair share of money on his mags, and I am still of the opinion that Playboy has the classiest style of pictures - although class is going out of style in that particular market.

See you on the other side, Hugh !

Had an interesting experience not so long ago

It was during a handover on a client site, I was there to recover essential admin information from the previous company handling network administration.

During talks with the soon-to-be-ex admin, we agreed that he would give me the list of passwords for administering the network - you know, as per normal.

He handed me a USB stick. I plugged it in and had it scanned, as per normal. Then I asked him which file I was supposed to copy. Under his instructions, I copied an xlsx file that he stated had the relevant data.

We parted ways not long after that and I went back to the office. While writing up my report, I looked at the file.

Now, just to be clear, this was a file given to me by a senior admin from a major local consultancy firm that has scores of big companies on its customer list, not a beginner. It just so happened that, yes, the file was an xlsx file, and it just so happens that he had a filter on his formatted table.

Guess what happened when I removed the filter ?

Yes, all the passwords for all the clients he was responsible for.

This is the level of intelligence we are dealing with these days. I blame Facebook.

10TB for €600, 3TB for €133

Price is a bit steep for individuals at the moment. Actually, in 2015 I bought some 3TB HDDs for €130, so the price has eked up a bit, but is still reasonable.

Oh well, with these new 10TB beauties coming on the market, it means that I will be able to buy a few 8TBs in a few years when I need them for less than the €370 they are currently going for.

Just a quick correction . . .

"This direction is necessary to ensure that those charged with keeping families and communities safe have the NSA has access to relevant and accurate information when they need it it wants it"

There, FTFY.

"If [..] a different person standing in front of the computer screen, the PC will not operate."

Careful there. In professional or even private environments, someone coming over to see what's on your screen for whatever reason is very common. If the scanner can't cope with two hearts in the same vicinity, things will get ugly quickly. Not to mention that sometimes the helpdesk guy just has to sit in the chair and do stuff. I hope the scanner will be up to that as well.

And if it can, then the burglar doesn't care about the scanner - he can just tie the victim up, drag him to the PC and then do whatever he wants.

This tech may be fine to control access to physical areas, but I'm not convinced PC access is the right area to apply it.

The lessons will be costly in money and lives

I can understand that medical equipment was not created with security in mind. Who in their right mind would want to hack a pacemaker ?

The problem is that there are many people who are not in their right mind, for whatever reason. So now we're going to have to add security to our medical environment and we're going to have to do it right, because when you're having a heart attack the last thing you want is the doctor having mistyped his password wrong for the third time and locking his account.

"Sigfox's proprietary protocol"

Cue the argument of "security through obscurity" . . .

That said, it seems to me that SigFox's security is mainly based on firewalls and VPNs. It's all very nice to say that you don't use IP, if you use VPNs, you're still riding the same bus for part of the trip.

There are two things in this article that bug me. One is this invitation to hackers on the subject of IoT (lack of) security. Asking for trouble, in my opinion. The other, more serious, is what is going to be the impact of this so-called non-IP proprietary protocol on the regular IP traffic that is happening alongside ? Is there going to be interference, or worse, outright clashing ? I hope that these things have been considered with great attention.

And if they have, then the argument about not using IP is even weaker.

On the other hand, anything that improves IoT security is welcome in my book : it'll shave off that many more botnets that trouble the world.

Doesn't mean I'll buy any of that shite though.

This is exactly why I don't like the Cloud

An engineer had made a storage space and put confidential data in it without bothering to secure the vault. Was it company-mandated ? Apparently not.

It is simply beyond me that anyone can consider storing data that is considered critical (like the client list, invoicing history, etc) or confidential (access passwords of any kind) on a server that you do not control.

That is obviously not an issue to many people though, including people who 1) should know better and 2) have the required technical level to do things right, yet visibly still don't.

And it's going to get worse before it gets better.

"They looked for the password on the CD . . ."

Dear God. Look, I understand that it was a Friday evening but come on, if you send a password-protected file and the password in the same package, it really totally defeats the purpose of the password.

The last time I had to send protected data I arranged with the recipient to send said data via email, and the password via SMS. Might not be a perfect solution, but it fits the purpose. I'm sure most people would do the same.

Of course, the password I chose was a tad more complex - which means that, had the data been sent by me, this story would have ended quite differently.