* Posts by Mike Pellatt

490 posts • joined 17 Apr 2007


Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects

Mike Pellatt

Exactly. What sort of techniques do you think APTs use to achieve P?

Inverse Finance stung for $1.2 million via flash loan attack

Mike Pellatt

Re: Programming for smart contract execution... What could go wrong?

Not if:

i) You've got the functional specification right

ii) Each machine has a separately coded implementation

This is, after all, how safety-critical fly-by-wire systems were supposed to be implemented.

I have no idea:

a) If that is still the case

b) If cryptobros have heard of this

First Light says it's hit nuclear fusion breakthrough with no fancy lasers, magnets

Mike Pellatt

Re: Timing is the problem

Yabut that's not synchronising anythings with a large rest mass.

The time you solved that months-long problem in 3 seconds

Mike Pellatt

Re: I replaced a network cable.

Write out 100 times:

"Free as in speech, not Free as in beer"

C: Everyone's favourite programming language isn't a programming language

Mike Pellatt

Re: Annnnd...you completely missed the point of the article

It turned out with Oilivetti writing one of their OSs in the early 80s in Pascal, because some NCGs believed what they'd been taught.

Needless to say, didn't turn out well. Fortunately the OS from the previous generation of kit worked on it.

File Explorer fiasco: Window to Microsoft's mixed-up motivations

Mike Pellatt

*Microsoft is putting revenue ahead of security"

I'm old enough to remember ActiveX being launched.

Infosec community: "This is a security disaster in the making".

Microsoft: "Yabut our customers are demanding it"

Brocade wrongly sacked award-winning salesman who depended on company insurance for cancer treatment

Mike Pellatt

Re: A timely reminder

And of course general practice was privately provided forever.

GPs were historically independent contractors to the NHS, not employees.

Not the same as megacorp contracts, I'll grant.

Mike Pellatt

Re: A timely reminder

Have you seen the bureaucracy involved in a predominantly private insurance funded system? By comparison, the NHS is a model of administrative efficiency..

And don't forget, much of that bureaucracy is devoted to finding ways of not paying out.

Mike Pellatt

Re: A timely reminder

A good exposition there.

What it misses is the conclusion that healthcare has to be rationed. The debate over how to do that has never properly been had (much like how to pay for long-term care) but at root there are 2 methods being tried.

One is rationing by ability to pay - the inevitable end-point of a wholly private insurance based system with some state intervention for the most needy.

The other is rationing by cost-effectiveness trying to balance clinical need with cost and outcome of treatment. This is the role of NICE - unfortunately people understandably don't like it when the treatment they hope for is denied or delayed.

Of course, political decisions about NHS funding (and purpose) determine where the rationing line is drawn....

Remote code execution vulnerability in Samba due to macOS interop module

Mike Pellatt

Re: Heads up networked Time Machine users

Not if you're using netatalk for that. I know I am!

For general filesharing, both SMB and AFP were pensioned off here over 2 years ago in favour of Nextcloud.

And that's made Time Machine pretty much redundant for my use case too.

£42k for a top-class software engineer? It's no wonder uni research teams can't recruit

Mike Pellatt

Re: if the salaries were improved./ Universities need serious reform across the board

You almost had me there until you said "climate lie"

Mike Pellatt

Re: if the salaries were improved./ Universities need serious reform across the board

Or, of course, fewer universities so the fixed costs are reduce allowing reallocation of funds....

Mike Pellatt

Re: IT person

I resemble that comment. Only the very best IT people are able to fix many an HP printer problem.

Mike Pellatt

Re: abominations

Complete reversal of meaning? Like the word "let" which used to mean "prevent" but has now had its meaning reversed?

I'm with you though, as that's a single world rather than a complete phrase which rather than having its meaning changed is more being incorrectly parsed.

MySQL a 'pretty poor database' says departing Oracle engineer

Mike Pellatt

Re: PHP is somewhat responsible for MySQL’s uptake

There, in one post, is why Django.


PostgreSQL backend.

UK Telecommunications Act – aka 'power to strip out Huawei' – makes it to the statute book

Mike Pellatt

Re: Communism bad

They are required to put the long-term interests of the investors first. That is demonstrably achieved by being interested in the company's customers, rather than taking no interest in hem or even working actively against them.

BOFH: You. Wouldn't. Put. A. Test. Machine. Into. Production. Without. Telling. Us.

Mike Pellatt

Re: The guy's here...

I'm tempted to use that somewhere and save it in my browser, just to see if Google or Microsoft have spotted it in a list of stolen passwords anywhere

Mike Pellatt

I'm making an exception for the Devon flag with "cream first" across the bottom that I saw recently, as soon as I can find one in a rip-off-the-grockles shop.

2FA? More like 2F-in-the-way: It seems no one wants me to pay for their services after all

Mike Pellatt

Re: Online French banking outside working hours - fuggedaboutit

Only if you insist on attempting to speak to it in English. Try the tiniest bit of school O level French on it and all of a sudden its attitude will improve dramatically.

It's only human and hoping for a little bit of respect, after all.

Oracle loses appeal against $3bn payment to HPE over withdrawal of Itanium support

Mike Pellatt

Re: Could one of the longest and dirtiest cases in tech history finally be over?

But not half as much as Caldera The SCO Group The US Trustee in Bankruptcy Unxis Xinuos

Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs

Mike Pellatt

Came here to say exactly that.

"Physician, heal thyself".

No other provider I login to has such an annoying captcha system. And, like so many providers, you don't get SAML support without paying for the Enterprise product.

Broadband plumber Openreach yanks legacy copper phone lines in Suffolk town of Mildenhall en route to getting the UK on VoIP

Mike Pellatt

If you can show me the OLT and ONT equipment currently available that supports this technology. And the additional power supply and battery capacity needed in the OLT to supply 10,000+ ONT's. Then I'd say that's a useful comment.

Until then....

Mike Pellatt

SOTAP is the answer to your question

"When it is launched, you will be able to use SOTAP to provide broadband and internet protocol (IP) phone services, because it connects to your exchange infrastructure.

We’re developing SOTAP to help us withdraw Wholesale Line Rental (WLR). We’re planning to launch it UK-wide by August 2022.

It will only be for areas where there aren’t any fibre products available. And it won’t include a managed phone service, or any associated calling and network features."


Mike Pellatt

Re: Lack of mains

Indeed. Looks out of my window at the pole-mounted single-phase 11KV-230V transformer feeding half a dozen properties.

Nope, no telemetry there. Now, if I had a SMETS2 smart meter, perhaps they could use that. Oh, hang on, no network here yet. And it would be passing data to my electricity supplier, not the DNO.

Mike Pellatt

Re: The way forward then

Agreed, SIP is a technology with remote intercept capability and other inherent vulns. Especially since SIP over TLS and S/RTP are so very hard (once you've found a provider who can offer it - and I've been there)

But is it.worse than POTS? Pitch up to a street cab or DP with appropriate bits including yellow hi-viz and you'll have hours, if not days, to find the pair you want and listen in.

VM used to make it really easy, having street cabs with the doors flapping in the breeze everywhere, but I hear they've upped their game lately.

PS the existing phone sockets in the UK aren't RJ11, but a unique design chosen solely to prevent unapproved phones being connected. All in the name of preventing bell tinkle when using pulse dialling and electromagnetic bells. Back then even trivial stiff like that was important, let.alome important stuff like the phone working during a power cut. Once this is implemented, I'll have to walk 200m to get mobile coverage to report a power outage to the DNO. (Not really, I have a UPS. But I'm a techy)

Intel laid me off for being too old, engineer claims in lawsuit

Mike Pellatt

Re: Another one?

2 years at Intel cured me of the aspiration to work for an American company.

Should have realised, had had a good view of AT&T for the previous 3 years.

The Novell NetWare box keeps rebooting over and over again yet no one has touched it? We're going on a stakeout

Mike Pellatt

Re: Fluorescents...

If they had their budgeting right, they'd be _speeding up_ the replacement programme.

This is why local authorities have been replacing even comparatively new sodium street lights with LED. The payback period is mind-bogglingly short.

Even led to Kent aborting their "turn street lights of at midnight" programme, to the relief of anyone (but especially females) out after midnight.

One more reason for Apple to dump Intel processors: Another SGX, kernel data-leak flaw unearthed by experts

Mike Pellatt

Re: This is news?

Clearly, the specific vulnerability in the article wasn't caused, directly, by the instruction architecture.

But I was following up to a more generic issue over what you do with your system.

And I'd suggest that the vulns of this type (including Spectre,etc.) we're seeing today are, at least in part, thanks to the prevalence of a CISC architecture and the huge system complexity we now find ourselves with as we play whack-a-mole with each performance bottleneck that pops up.

Or whack-an-elephant back in the days of trying to sort out SMP.....

Mike Pellatt

Re: This is news?

Don't let random people mess with stuff they don't understand.

Chip designers in particular :-) , since this problem has been made much worse by speculative execution and all the other shenanigans to improve performance.

I often wonder where we'd be if VLIW had delivered on its promise of beating both CISC and RISC

Did I or did I not ask you to double-check that the socket was on? Now I've driven 15 miles, what have we found?

Mike Pellatt

Re: Poor On-Call this week

This is your ob "MK ain't the quality it used to be any more" followup.

Mike Pellatt

Re: Poor On-Call this week

Sounds like me when I first visited my ex-mother in law's family in Middlesbrough (in the days when the Dorman Long, as everyone still called them, rolling mills were still in action across the road from where they all lived. A wasteland now).

Open-source devs drown in DigitalOcean's latest tsunami of pull-request spam that is Hacktoberfest

Mike Pellatt

Re: Impressive

But FFS don't put the telephone sanitisers on the "B" Ark this time.

Esp in the current circumstances.

Brexit travel permits designed to avoid 7,000-lorry jams come January depend on software that won't be finished till April

Mike Pellatt

A Cabinet Office official told Bloomberg that beta is a standard labelling practice for a digital service that is fully operational. Experienced IT professionals may contest this definition.

What a liar. Alpha is a standard labelling practice in the world of Government service for a digital service that is fully operational. For at least six years.

For that's how long the Dartford Crossing Payments page has been labelled "alpha"

I had a spat on here with an ex-GDS geezer who said "Nothing to do wiv us guv, it's someone else". Even though, of course, it's clearly labelled as a gov service. Apparently the branding isn't the point.

Microservices guru says think serverless, not Kubernetes: You don't want to manage 'a towering edifice of stuff'

Mike Pellatt

Re: Don't separate the Devs any further!

Devs should not care about where their code gets deployed

And this is how we got code that assumes >100Mbps network speed.

And this is how we got code that assumes <5mS RTTs.

And this is how we got code that assumes >32GB of memory available.

And this is how we got code that assumes >32 CPUs available.

It's a great theory, but it doesn't work in practice.

You absolutely DO need to know, at the very least, the constraints that will apply where your code gets deployed. Or it won't work. You can't abstract out of reality (unless you call it Brexit, of course)

Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe

Mike Pellatt

Re: Why?

Windows XP, how modern :-)

I sorted out a CNC machine tool controlled by a W98 machine a few years back. Might even have been 95, memory fades. Managed to track down a spare mobo and disk drive that were compatible for spares before they became (even more) like hen's teeth.

It also had one of those multi-serial-port cards so beloved of green screens connected to *nix back in those days, used to talk to the various components.

'Mindset reset' contributes to £1bn extra costs and another delay – 2 years this time – for Emergency Services Network

Mike Pellatt

Re: Who was the priority?

Who were at the centre of the project?

Why, the vendor(s) of course.

Tech ambitions said to lie at heart of Britain’s bonkers crash-and-burn Brexit plan

Mike Pellatt

Re: well maybe

Make the tax system even more complicated than it already is.

Great idea.

Almost as good as needing 50,000 customs clerks.

Mike Pellatt

Re: Well it's kind of a good idea but...

Since Cummings' job advert for arse-lickers, sorry, fellow SPADs, in his blog back in January demonstrated his technical understanding so well, via his description of SQL as an "analytical language", I am quite sure he has the skill to pick the next big tech success.

Or maybe not.

With a million unwanted .uk domains expiring this week, Nominet again sends punters pushy emails to pay up

Mike Pellatt

Nominet used to be a shining light above the cesspit of the domain registry business.

Not any more. It's a tragedy.

CenturyLink L3 outage knocks out web giants and 3.5% of all internet traffic

Mike Pellatt

Re: Great reporting

When it _is_ Cloudflare, though, they are exemplary at:

a) putting their hands up

b) Giving a detailed explanation of what went wrong

c) Giving a fully detailed exposition of what they're doing/have done to prevent a recurrence.

No corporate ass-convering by PR droids from them. Like I said, exemplary.

Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update

Mike Pellatt

Re: Class action suit in 3... 2... 1...

Except, of course, for users who acted on the old adage:

"There are two sorts of data. Data that has been backed up and data that has not been lost yet".

For them, the data hasn't been lost.

Analogue radio given 10-year stay of execution as the UK U-turns on DAB digital future

Mike Pellatt

Re: World radio

Hmm. Local community station's not on it.


Mike Pellatt

Don't be too disappointed. It could have been:

The U-turn "ensures there is no disruption for loyal listeners of world-beating FM and AM radio services such as Classic FM, Absolute Radio and TalkSport over the next decade," boasted media minister John Whittingdale

Mike Pellatt

Re: DAB Is dead in the water

Yep, I'm wondering whether it was worth purchasing the DAB antenna for my Android head unit.

You're right, I'm not actually wondering any more. It wasn't worth it.

'It's really hard to find maintainers...' Linus Torvalds ponders the future of Linux

Mike Pellatt

Re: I wonder why?

And there's a way to do it that will be a learning point so they don't f**k up and find themselves being fired again. I'd much rather that outcome for someone I have to "let go" (no, I wouldn't use that phrase).

"Too polite" is a thing, too.

Mike Pellatt

Re: I wonder why?

People do their best work when they're supported by those above them in a hierarchy

Indeed. But the problem there is the hierarchical structure. In an effective collaborative environment, one person can have a good old rant about what someone else has done, and as there's good peer relationships, the problem gets resolved and everyone moves on to the next challenge.

It's a (long) while since I even looked at the kernel dev process, but despite an initial appearance from the outside of it being a pyramid with Linus at the top, that wasn't how it worked.

Though quite how systemd got its claws in remains.a mystery to me. Unless RedHat have gone to the dark side......

Mike Pellatt

Re: Just give it to Poettering...

Obviously, or I, for one, wouldn't have upvoted it.

This isn't Twitter, where it's impossible to tell :-)

UK's Ministry of Defence: We'll harvest and anonymise private COVID-19 apps' tracing data by handing it to 'behavioural science' arm

Mike Pellatt

Re: Quelle Surprise!

Ha! I tried to use an Office 365 mailmerge into Outlook recently for a mail to a subset of my entire company.

Turns out (after 30 mins work) it doesn't work if you want an attachment on the email.

Back to Bcc: it was.

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

Mike Pellatt

Re: And what about the people ...

There is GPS-enabled footwear for that. Much less, errrr, intrusive.



Biting the hand that feeds IT © 1998–2022