Exactly. What sort of techniques do you think APTs use to achieve P?
Posts by Mike Pellatt
490 posts • joined 17 Apr 2007
Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects
Inverse Finance stung for $1.2 million via flash loan attack
Sunday 19th June 2022 20:34 GMT
Re: Programming for smart contract execution... What could go wrong?
Not if:
i) You've got the functional specification right
ii) Each machine has a separately coded implementation
This is, after all, how safety-critical fly-by-wire systems were supposed to be implemented.
I have no idea:
a) If that is still the case
b) If cryptobros have heard of this
First Light says it's hit nuclear fusion breakthrough with no fancy lasers, magnets
The time you solved that months-long problem in 3 seconds
C: Everyone's favourite programming language isn't a programming language
Wednesday 23rd March 2022 23:36 GMT
Re: Annnnd...you completely missed the point of the article
It turned out with Oilivetti writing one of their OSs in the early 80s in Pascal, because some NCGs believed what they'd been taught.
Needless to say, didn't turn out well. Fortunately the OS from the previous generation of kit worked on it.
File Explorer fiasco: Window to Microsoft's mixed-up motivations
Brocade wrongly sacked award-winning salesman who depended on company insurance for cancer treatment
Thursday 3rd February 2022 06:51 GMT
Re: A timely reminder
A good exposition there.
What it misses is the conclusion that healthcare has to be rationed. The debate over how to do that has never properly been had (much like how to pay for long-term care) but at root there are 2 methods being tried.
One is rationing by ability to pay - the inevitable end-point of a wholly private insurance based system with some state intervention for the most needy.
The other is rationing by cost-effectiveness trying to balance clinical need with cost and outcome of treatment. This is the role of NICE - unfortunately people understandably don't like it when the treatment they hope for is denied or delayed.
Of course, political decisions about NHS funding (and purpose) determine where the rationing line is drawn....
Remote code execution vulnerability in Samba due to macOS interop module
£42k for a top-class software engineer? It's no wonder uni research teams can't recruit
MySQL a 'pretty poor database' says departing Oracle engineer
UK Telecommunications Act – aka 'power to strip out Huawei' – makes it to the statute book
BOFH: You. Wouldn't. Put. A. Test. Machine. Into. Production. Without. Telling. Us.
2FA? More like 2F-in-the-way: It seems no one wants me to pay for their services after all
Sunday 3rd October 2021 06:49 GMT
Re: Online French banking outside working hours - fuggedaboutit
Only if you insist on attempting to speak to it in English. Try the tiniest bit of school O level French on it and all of a sudden its attitude will improve dramatically.
It's only human and hoping for a little bit of respect, after all.
Oracle loses appeal against $3bn payment to HPE over withdrawal of Itanium support
Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs
Broadband plumber Openreach yanks legacy copper phone lines in Suffolk town of Mildenhall en route to getting the UK on VoIP
Tuesday 11th May 2021 16:06 GMT
SOTAP is the answer to your question
"When it is launched, you will be able to use SOTAP to provide broadband and internet protocol (IP) phone services, because it connects to your exchange infrastructure.
We’re developing SOTAP to help us withdraw Wholesale Line Rental (WLR). We’re planning to launch it UK-wide by August 2022.
It will only be for areas where there aren’t any fibre products available. And it won’t include a managed phone service, or any associated calling and network features."
Tuesday 11th May 2021 15:53 GMT
Re: Lack of mains
Indeed. Looks out of my window at the pole-mounted single-phase 11KV-230V transformer feeding half a dozen properties.
Nope, no telemetry there. Now, if I had a SMETS2 smart meter, perhaps they could use that. Oh, hang on, no network here yet. And it would be passing data to my electricity supplier, not the DNO.
Sunday 9th May 2021 06:00 GMT
Re: The way forward then
Agreed, SIP is a technology with remote intercept capability and other inherent vulns. Especially since SIP over TLS and S/RTP are so very hard (once you've found a provider who can offer it - and I've been there)
But is it.worse than POTS? Pitch up to a street cab or DP with appropriate bits including yellow hi-viz and you'll have hours, if not days, to find the pair you want and listen in.
VM used to make it really easy, having street cabs with the doors flapping in the breeze everywhere, but I hear they've upped their game lately.
PS the existing phone sockets in the UK aren't RJ11, but a unique design chosen solely to prevent unapproved phones being connected. All in the name of preventing bell tinkle when using pulse dialling and electromagnetic bells. Back then even trivial stiff like that was important, let.alome important stuff like the phone working during a power cut. Once this is implemented, I'll have to walk 200m to get mobile coverage to report a power outage to the DNO. (Not really, I have a UPS. But I'm a techy)
Intel laid me off for being too old, engineer claims in lawsuit
The Novell NetWare box keeps rebooting over and over again yet no one has touched it? We're going on a stakeout
Monday 18th January 2021 11:07 GMT
Re: Fluorescents...
If they had their budgeting right, they'd be _speeding up_ the replacement programme.
This is why local authorities have been replacing even comparatively new sodium street lights with LED. The payback period is mind-bogglingly short.
Even led to Kent aborting their "turn street lights of at midnight" programme, to the relief of anyone (but especially females) out after midnight.
One more reason for Apple to dump Intel processors: Another SGX, kernel data-leak flaw unearthed by experts
Thursday 12th November 2020 09:01 GMT
Re: This is news?
Clearly, the specific vulnerability in the article wasn't caused, directly, by the instruction architecture.
But I was following up to a more generic issue over what you do with your system.
And I'd suggest that the vulns of this type (including Spectre,etc.) we're seeing today are, at least in part, thanks to the prevalence of a CISC architecture and the huge system complexity we now find ourselves with as we play whack-a-mole with each performance bottleneck that pops up.
Or whack-an-elephant back in the days of trying to sort out SMP.....
Wednesday 11th November 2020 10:10 GMT
Re: This is news?
Don't let random people mess with stuff they don't understand.
Chip designers in particular :-) , since this problem has been made much worse by speculative execution and all the other shenanigans to improve performance.
I often wonder where we'd be if VLIW had delivered on its promise of beating both CISC and RISC
Did I or did I not ask you to double-check that the socket was on? Now I've driven 15 miles, what have we found?
Open-source devs drown in DigitalOcean's latest tsunami of pull-request spam that is Hacktoberfest
Brexit travel permits designed to avoid 7,000-lorry jams come January depend on software that won't be finished till April
Friday 25th September 2020 21:31 GMT
A Cabinet Office official told Bloomberg that beta is a standard labelling practice for a digital service that is fully operational. Experienced IT professionals may contest this definition.
What a liar. Alpha is a standard labelling practice in the world of Government service for a digital service that is fully operational. For at least six years.
For that's how long the Dartford Crossing Payments page has been labelled "alpha"
I had a spat on here with an ex-GDS geezer who said "Nothing to do wiv us guv, it's someone else". Even though, of course, it's clearly labelled as a gov service. Apparently the branding isn't the point.
Microservices guru says think serverless, not Kubernetes: You don't want to manage 'a towering edifice of stuff'
Wednesday 23rd September 2020 10:09 GMT
Re: Don't separate the Devs any further!
Devs should not care about where their code gets deployed
And this is how we got code that assumes >100Mbps network speed.
And this is how we got code that assumes <5mS RTTs.
And this is how we got code that assumes >32GB of memory available.
And this is how we got code that assumes >32 CPUs available.
It's a great theory, but it doesn't work in practice.
You absolutely DO need to know, at the very least, the constraints that will apply where your code gets deployed. Or it won't work. You can't abstract out of reality (unless you call it Brexit, of course)
Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe
Friday 18th September 2020 13:44 GMT
Re: Why?
Windows XP, how modern :-)
I sorted out a CNC machine tool controlled by a W98 machine a few years back. Might even have been 95, memory fades. Managed to track down a spare mobo and disk drive that were compatible for spares before they became (even more) like hen's teeth.
It also had one of those multi-serial-port cards so beloved of green screens connected to *nix back in those days, used to talk to the various components.
'Mindset reset' contributes to £1bn extra costs and another delay – 2 years this time – for Emergency Services Network
Tech ambitions said to lie at heart of Britain’s bonkers crash-and-burn Brexit plan
Tuesday 8th September 2020 22:20 GMT
Re: Well it's kind of a good idea but...
Since Cummings' job advert for arse-lickers, sorry, fellow SPADs, in his blog back in January demonstrated his technical understanding so well, via his description of SQL as an "analytical language", I am quite sure he has the skill to pick the next big tech success.
Or maybe not.
With a million unwanted .uk domains expiring this week, Nominet again sends punters pushy emails to pay up
CenturyLink L3 outage knocks out web giants and 3.5% of all internet traffic
Tuesday 1st September 2020 11:38 GMT
Re: Great reporting
When it _is_ Cloudflare, though, they are exemplary at:
a) putting their hands up
b) Giving a detailed explanation of what went wrong
c) Giving a fully detailed exposition of what they're doing/have done to prevent a recurrence.
No corporate ass-convering by PR droids from them. Like I said, exemplary.
Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update
Analogue radio given 10-year stay of execution as the UK U-turns on DAB digital future
'It's really hard to find maintainers...' Linus Torvalds ponders the future of Linux
Wednesday 1st July 2020 06:13 GMT
Re: I wonder why?
People do their best work when they're supported by those above them in a hierarchy
Indeed. But the problem there is the hierarchical structure. In an effective collaborative environment, one person can have a good old rant about what someone else has done, and as there's good peer relationships, the problem gets resolved and everyone moves on to the next challenge.
It's a (long) while since I even looked at the kernel dev process, but despite an initial appearance from the outside of it being a pyramid with Linus at the top, that wasn't how it worked.
Though quite how systemd got its claws in remains.a mystery to me. Unless RedHat have gone to the dark side......
