* Posts by Duncan Macdonald

770 posts • joined 20 Mar 2009

Page:

Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up

Duncan Macdonald Silver badge

Use offline encryption/decryption

Use OpenPGP or other good encryption program on a standalone computer (no network access) for the encryption and decryption. Transfer the encrypted messages by USB stick (or even floppy disk!!!) to and from a computer with network access.

For immediate communications use codes (not ciphers) on throwaway phones. (Codes are agreed words/phrases that mean something different to their normal meaning - examples "Alas Babylon" (from the book of the same name - means a nuclear attack is in progress) "Jean has a long mustache" (WW2 message to the French resistance - D-Day tomorrow)).

UN warns of global e-waste wave as amount of gadgets dumped jumps 21% in 5 years

Duncan Macdonald Silver badge

Require a 5 year guarantee

If domestic appliances (white goods as well as phones/tablets/computers) were required to have a 5 year transferable guarantee then the amount of e waste would be drastically reduced. Manufacturers would be forced to use components with better margins to avoid premature failure. It would increase the purchase price but would probably drastically reduce the total outlay over a 10 year period.

Happy privacy action day in California: If you don't have 'Do not sell my information' in your website footer, you need to read this story right now

Duncan Macdonald Silver badge

Of course there is an alternative

Do not collect the personal information in the first place - if no information is collected then there is no need for opt outs or messy information deletion.

Hey, Boeing. Don't celebrate your first post-grounding 737 Max test flight too hard. You just lost another big contract

Duncan Macdonald Silver badge

Re: First Flight Since The Grounding?

Yes - several 737 MAX 8 aircraft have been flown to suitable parking spaces. No passengers on the planes and the pilots knew what to expect from MCAS and knew how to disable it.

Duncan Macdonald Silver badge
FAIL

Re: One question

Flyable yes - but there is a part of the flight regime where the throttles have an unusual effect on the pitch. If the pilots are trained for this then no problem. However Boeing as part of its sales pitch to airlines said that no training was needed and the MCAS software would do the pitch correction automatically. We all know what happened then.

(Because the engines were moved far forward of their position in previous 737 aircraft, when the throttles are advanced the nose tends to pitch up - for part of the normal climb if uncorrected by either MCAS or the pilot then the plane could stall. Normally for all civil aircraft it is a certification requirement for there to be no such condition. Boeing might have got a waiver by requiring pilots to be properly trained for the changed handling - but then it would not have been able to sell it as "just a better 737". Instead by doing a sloppy job it killed over 300 people and cost the company many billions of dollars.)

Duncan Macdonald Silver badge

Re: FAA's Fall

Or if you are feeling nasty - await certification from the Chinese equivalent of the FAA. (With the current trade war being promoted by Trump this could be a very long time coming!!!)

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Duncan Macdonald Silver badge

Re: Will this be a problem for embedded device certs?

Many embedded devices have their own server and certificate baked in at the manufacturing stage and can not be updated by the end user. They will be broken by this change to the browsers.

Browsers at a minimum need to have a setting that allows long lifetime certificates to be used.

CIOs will force SaaS vendors to limber up and get more flexible about contracts in the post-pandemic world

Duncan Macdonald Silver badge

How long till ServiceNow goes extinct ?

By telling all its customers that its contracts are non-cancellable and refusing to alter terms, it is building up so much ill-will that many (probably the majority) of its customers will never use ServiceNow again. Others that might have used ServiceNow will have seen how it treats its customers and will find an alternative supplier.

After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors

Duncan Macdonald Silver badge
Mushroom

OpenPGP

This software has been out for several years and provides strong encryption and the source code is available - how do these idiots propose to stop people using it. 7-ZIP also provides good encryption for RAR files.

These Republican idiots will not be happy until everyone has a surgically implanted recording device that captures their every thought.

Icon for what should happen to these idiots. ============================>

RIP ROP, COP, JOP? Intel to bring anti-exploit tech to market in this year's Tiger Lake chip family

Duncan Macdonald Silver badge
Mushroom

Older programs ?

Most systems have a lot of older code running as well as the latest most up to date stuff. An application obtained as a binary which the supplier has not updated will have a lot of branches that do not have ENDBRANCH as targets. The CET will have to be something that is turned on at a per application level with the default being off or many applications will break. (Given the extreme speed that some suppliers work, there will still be non conforming applications in 2040 !!)

Icon for systems that enable CET without checking for non-compatible programs.

========================>

Someone got so fed up with GE fridge DRM – yes, fridge DRM – they made a whole website on how to bypass it

Duncan Macdonald Silver badge
Thumb Down

Re: Advertent FUD - WRONG

Look at https://www.businessinsider.com/cities-worst-tap-water-us-2019-3?r=US&IR=T

for a description of the contaminated water supplies in several cities in the US. (Flint, Michigan was just one bad example).

Duncan Macdonald Silver badge
Thumb Down

Re: home use printer that doesn't dry up between uses

Dye Sublimation gave good pictures - at a price FAR HIGHER than inkjet. Any printed image (even a single full stop!!) used the same amount of the dye coated sheet as a full colour photo. I think that it died a death once inkjets got good enough except for specialized uses (like ID cards) where instant drying is an advantage.

(The used dye sheets are also a security hazard as they have a negative image of what was printed.)

Just use compatible inks or printers with refillable ink tanks.

China's silicon-self-sufficiency plan likely to miss targets due to Factories Not Present error

Duncan Macdonald Silver badge

China is supporting the US

China has a huge holding of US treasury bills (bonds for non-US people) and is accepting more. This is not because they think that the US bills are good investments - it is instead to prop up the US until China is self sufficient. Anyone who looks at the US debt clock can see that the US is heading for a major crunch. (Unfunded liabilities of over $147 trillion, national debt of over $25 trillion, federal spending over $3 trillion more than federal income, number of manufacturing jobs halved since 2000 etc).

When the bubble finally bursts, there will be a lot of destitute people in the US who have no food, no hope but will have guns - the result will make the US Civil War look like a friendly party. The collapse will cause a worldwide financial crash that will make the great depression look like a minor blip.

China is trying for self sufficiency in the hope that it can survive the crash - if it does then it will become the dominant world power.

Must not be the season of the switch: Someone flipped the you-know-what in global ethernet switch and router supply chain

Duncan Macdonald Silver badge

Cisco

And in my opinion this is the real reason that Cisco et al got the orange buffoon to try to block Huawei. Huawei was selling equivalent (or better) products than Cisco for lower prices thereby hurting Cisco's profits. (The NSA probably disliked Huawei because there were no baked in NSA backdoors.)

Moore's Law is deader than corduroy bell bottoms. But with a bit of smart coding it's not the end of the road

Duncan Macdonald Silver badge

Look first at the problem

Often a huge speedup can be obtained by spending a few minutes thinking about the problem before starting the design.

Many years ago the company that I was working for needed to do a lot of computation on a few days values from an Oracle database that had multiple years of data. The code that the consultants came up with worked - but would have taken over 2 weeks to produce the results as the main table was joined to itself in the query in a way that negated the speedup of the indexes. A bit of thinking and a much smaller table was produced by selecting only the required days from the main table and running the query using that table instead. That reduced the time required from over 2 weeks to under half an hour.

Another system was monitoring temperatures in a power station - the original spec had all the temps being monitored every second which was too much for the low performance mini computer of the time (early 1980's). A bit of looking at the items being monitored showed that many did not need a high scan rate (if the concrete pressure vessel temps are changing significantly in under 30 secs then it is well past time to run like hell!!). Changing the spec so that only the required items were scanned at high speed made the job easy for the computer to handle.

If you have a job that is going to heavily load a computer system then it is often worth spending some time to try to understand the problem (not just the spec) and see if there is any obvious inefficiencies in the spec that can be easily mitigated before starting coding.

Global bean-counting behemoth PWC tells vendors: Now would be a great time to audit your customers

Duncan Macdonald Silver badge

What a surprise

There is a reason why a nickname for PricewaterhouseCoopers was Prize Slaughterhouse.

Remember accountancy and consulting firms are NOT your friends - they are bloodsuckers along with lawyers and taxmen.

Repair store faces hefty legal bill after losing David and Goliath fight with Apple over replacement iPhone screens

Duncan Macdonald Silver badge

Apple

The only way that Apple can say that it loses money on its repair business is by saying that a repair stops the owner from needing to buy a new iDevice. If Apple had their way then any scratch would require the owner to buy a new unit.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds

Duncan Macdonald Silver badge

Excessive complexity

If a line of code is much longer than 80 chars then it becomes difficult to follow - the main reason for a limit on line length is the human brain.

If you need to debug or modify a program written by another author then excessively complex lines impede understanding. A well written program is easy to follow - not written like a contender for the obscured C contest. Unfortunately all too many current programmers never think of the poor sods who may need to maintain their programs in the future.

(The assembler code for the RSX-11M operating system written by Dave Cutler was far easier to follow than much of today's code in higher level languages.)

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

Duncan Macdonald Silver badge
FAIL

Re: Old devices

When the old PC is part of a piece of industrial equipment that costs over £500k and would cause excessive loss of production if it was taken out and replaced then discarding it is NOT an option. In many cases the original supplier is no longer in business so updating the control PC to something more modern is not possible. In industry, big machinery is often expected to work for over 20 years - sometimes over 40 years.

Duncan Macdonald Silver badge
Stop

Old devices

Several older bits of equipment have firmware that can not be changed to support more secure protocols. These devices require SHA-1 . In many cases the cost of replacing the equipment would be prohibitive. (For example a controller that is part of an expensive industrial machine.)

A means of using SHA-1 still has to be available - and preferably NOT by disabling updates on a computer to keep the facility.

Boeing brings back the 737 Max but also lays off thousands

Duncan Macdonald Silver badge
Stop

Why ?

With world airlines losing lots of cash, it is unlikely that there will be any new orders for Boeing (or Airbus) before next year. Many airlines are likely to cancel their existing 737 Max 8 orders to recover their deposits as soon as they can do so without penalties. It would not surprise me if some of the current 400 parked 737 Max 8 aircraft never carry passengers.

Why build more ?

ITAM Forum opens: 'People just want to talk to other managers about how to defend against software audits'

Duncan Macdonald Silver badge

Avoid Oracle and SAP

If you have neither SAP or Oracle then you have very little chance of software audits. (Using Linux and LibreOffice instead of Windows and Microsoft Office would reduce the chance even further.)

Cyber attack against UK power grid middleman Elexon sparks in-house IT recovery efforts

Duncan Macdonald Silver badge

Re: What ?

The big problem is that too many bosses treat training staff as an unnecessary avoidable expense.

Duncan Macdonald Silver badge

Backups

Assuming that Elexon kept up the backup regime that EPFAL was following when EPFAL had this job then full backups would be taken every day and stored offsite - recovery might be tedious but would not be difficult. No need to pay the ransomware scum.

UK, Ireland users call on SAP to extend indirect licensing deadline again as COVID-19 ravages project plans

Duncan Macdonald Silver badge
Mushroom

Does anyone (apart from SAP and consultants) benefit from using SAP ?

With the stories about the costs (financial, disruption and delays) of introducing SAP into an organization, who actually benefits from SAP ?

SAP also has a list of software that it depends on which is also costly such as Oracle.

What is the point in introducing SAP?

Openreach tells El Reg it'll kill off copper sales in 118 UK locations next year

Duncan Macdonald Silver badge
FAIL

long power cut = phone cut

The conventional phone will only work for about the first hour after the mains failure - the battery backup is small compared to the power drain of the adapter. If the mains fails at night while you are sleeping then you will be unable to use the conventional phone to call for help. For areas without mobile coverage this is a big problem that BT and OFCOM are trying to hide under the carpet.

(Conventional phones with a copper connection to the exchange are powered by the exchange and the batteries at the exchange (and backup generator if present) can normally keep the phone service going for more than 24 hours in the absence of mains electricity.)

Sorry if this seems latency obvious, but... you can always scale out your storage with end-to-end NVMe

Duncan Macdonald Silver badge
Stop

Lower cost in the cloud ?

For almost any use, data stored at a remote site is going to be slower to access than from a local SATA SSD (let alone NVMe). With the storage costs on cloud providers such as AWS running at about $24 per TB per month (S3 standard) plus data transfer charges, the cost of local storage is probably cheaper over any period longer than a year.

Uncle Sam courting Intel, TSMC to build advanced chip fabs on home soil – report

Duncan Macdonald Silver badge

No need to be a fanatic to have little trust in the US.

Look at the activities of the US against Huawei which seem to be caused by Huawei being cheaper and better than Cisco and not including any NSA backdoors. The threat of Huawei was not spying from China but the reduction in the ability of the NSA to spy on everyone.

Look at the US actions in the Middle East, Panama and other areas to see that the US is a country that believes in the use of force anytime that it thinks it can get away with it.

Look at the number of civilians that the US has killed in its wars in Vietnam and the Middle East (bombing a wedding party in Afghanistan being one example).

Because the cost of getting elected to Federal office (Congressman, Senator, President or Vice President) far outweighs the salary from the office, most such officials have to obtain the money from sponsors (by altering laws in their favor or by arranging contracts and grants to go to them).

The US has the best government that money can buy.

'A' is for ad money oddly gone missing: Probe finds middlemen siphon off half of online advertising spend

Duncan Macdonald Silver badge

Ads pissing people off

So many ads just annoy people to the point where they either (a) refuse to buy the product or (b) stop using the website or (c) use a good ad blocker that actual "good" advertising money (ie the ads are served to customers with an interest in the product) is probably under 1%.

Remember mute buttons are what TV ads were designed for!!

(In the UK, the National Grid needed to know the timings of the TV ads so that the generation was available when people left the TV to put the kettle on.)

International space station connects 100Mbps symmetric space laser ethernet using Sony optical disc tech

Duncan Macdonald Silver badge

High speed - BUT

This only works when the ISS is in line of sight with the ground station. Give the ISS orbit this will only provide communications for a few minutes a day (like some broadband providers !!!) . A better communication path might be via the Starlink communication satellites.

You can get a mechanical keyboard for £45. But should you? We pulled an Aukey KM-G6 out of the bargain bin

Duncan Macdonald Silver badge

Cheaper keyboards

You can get new keyboards for £5.99 from Currys (Advent K112 - price includes shipping) - no need to pay as much as a tenner for a basic keyboard.

Lockdown endgame? There won't be one until the West figures out its approach to contact-tracing apps

Duncan Macdonald Silver badge

Re: No use

A person walking through Oxford Street station to change from one tube line to another during the rush hour will typically be inside the infectious range (under 1 metre) of lots of people (possibly over 100). If the person is a non-symptomatic carrier then by the time that the first detected case appears the total of possible first and second stage contacts will total several thousands - too many to be of any use.

Duncan Macdonald Silver badge
FAIL

No use

When mass transit resumes in London and other big cities, the number of possible contacts rapidly becomes too big to effectively track. (Just imagine one person changing trains at Oxford Street station - how many possible contacts?).

All the apps will be good for is "Big Brother" snooping.

The number of tests being carried out is also insufficient - if the government somehow manages to do 100,000 tests per day as the politicians are saying then it would take almost 2 years to test the population of the UK (over 66.5 million). By then the epidemic would already be over.

People can be infectious with covid-19 before showing any symptoms and many people never show symptoms but are still infectious.

The following paper from the ECDC - https://www.ecdc.europa.eu/sites/default/files/documents/RRA-seventh-update-Outbreak-of-coronavirus-disease-COVID-19.pdf - shows that people who never develop symptoms can still be infectious and also that the basic reproduction number (R0) for the virus is high at 3.28

Ofcom waves DAB radio licences under local broadcasters' noses as FM switchoff debate smoulders again

Duncan Macdonald Silver badge

Ofcom not thinking - as usual

FM can be received on simple low cost equipment with long battery life. (For years Poundland sold FM radios with earphones for £1.) DAB radios are much more complex, costly and power hungry. FM radio reception is built into many phones (provided that wired earphones are used - the phone uses the earphone wire as the aerial). In areas with low signal strength DAB fails completely but FM degrades more gracefully. Many cars on the road have FM radios not DAB.

The only reason for Ofcom to want to push for the end of FM broadcasting is that they hope to sell DAB broadcasting licenses.

Remember that clinical trial, promoted by President Trump, of a possible COVID-19 cure? So, so, so many questions...

Duncan Macdonald Silver badge

From the in-vitro tests carried out back in December, chloroquine inhibits viral reproduction. If these tests were correct and the same effect is observed in-vivo then a dose of chloroquine could give the immune system a few extra days to combat the infection. As chloroquine is a somewhat toxic drug, it is probably best only given to patients that need supplementary oxygen (people that are recovering without medical treatment should be left alone). It probably needs to be given before the patient reaches the stage of needing a respirator for best effect. (Once a patient needs a respirator, lung and possibly other organ damage has already started.)

SAP opens up certain online courses to locked-down tech learners

Duncan Macdonald Silver badge

MIT OpenCourseWare

If you want to do some study while cooped up at home take a look at MIT OpenCourseWare . MIT have made virtually all MIT course content available on the web for free.

Forget James Bond's super-gadgets, this chap spied for China using SD card dead drops. Now he's behind bars

Duncan Macdonald Silver badge

Stupid

If the data on the SD cards was decently encrypted then just sending it by post to China would have been easier and far less likely to be detected.

An alternative method (also assuming decent encryption) post the data on a Usenet newsgroup - there is no easy method to determine who has received the data.

Resellers facing 'months' of delays for orders to be fulfilled. IT gathers dust on docks as coronavirus-stricken China goes back to work

Duncan Macdonald Silver badge

Expect more problems

Look at the following websites to see why the problem is going to get worse before it gets better

https://www.itv.com/news/2020-03-11/italy-doctors-coronavirus-covid-19-quarantine-milan-health/

https://www.statnews.com/2020/03/10/simple-math-alarming-answers-covid-19/

Brit MPs, US senators ramp up pressure on UK.gov to switch off that green-light for Huawei 5G gear

Duncan Macdonald Silver badge
Black Helicopters

Cisco or the NSA

Is Cisco trying to stop people from buying from its much lower priced competitor or are the US spying agencies scared that people will buy kit without the US backdoors builtin,

Campaigners cry foul play as Oracle funds conservative lobby group supporting its court case against Google

Duncan Macdonald Silver badge
Flame

Who expects honesty and decency from Oracle ?

The title says it all.

Starliner snafu could've been worse: Software errors plague Boeing's Calamity Capsule

Duncan Macdonald Silver badge
Mushroom

Be nasty

Demand that Boeing does 2 launches - one a target to simulate the ISS without endangering the ISS itself and another Starliner launch to rendezvous with the target. Also require that the software is checked (at Boeing's expense) by a good outside software company.

Icon for what should happen to Beoing's senior management ===============>

Guess we have to do this the Huawei then: Verizon sued by Chinese giant for allegedly ripping off patented tech

This post has been deleted by a moderator

RIP FTP? File Transfer Protocol switched off by default in Chrome 80

Duncan Macdonald Silver badge

If FTP is disliked what about TFTP ??

Some items still use TFTP (basically a simplified FTP without usernames or passwords) for booting.

A number of websites still allow FTP access as for non-confidential files it has a lower overhead than HTTP or HTTPS.

The winners and losers of infrastructure clouds revealed: AWS, Microsoft, Google and Alibaba get fatter

Duncan Macdonald Silver badge

All doing well

Even the "Others" did well though their share has decreased they still increased their revenue by $8.1billion (and had a 23.3% growth rate).

At last, the fix no one asked for: Portable home directories merged into systemd

Duncan Macdonald Silver badge
Linux

Re: SystemD as a concept is ok

But then the systemd team would not get any nice backhanders from another OS maker.

It is notable that the biggest user of Linux on the planet (Android) does not use systemd.

Remember the M$ way "embrace,extend,extinguish" - systemd seems to be parts 2 and 3 of this procedure.

Cache flow problems continue for Intel: Yet more data-leaking processor design blunders discovered, patches due soon

Duncan Macdonald Silver badge
FAIL

Not fast enough

Any type of external memory is far slower than the level 1 cache memory. There are a number of unavoidable delays in accessing external memory (the speed of light being one of them). SRAM with the same cycle rate as the level 1 cache memory has a high power requirement. CPUs have only small amounts of L1 cache so the power consumption is acceptable - having gigabytes of memory with that speed would result in PCs acting as high power heaters (multiple KW).

You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically

Duncan Macdonald Silver badge

Time to switch to Huawei !!!

It seems that if you want networking gear that does not spy on you then choosing non-American equipment is the best choice.

The Curse of macOS Catalina strikes again as AccountEdge stays 32-bit

Duncan Macdonald Silver badge

Any program can be ported - but is it worth doing ?

Given that it is a program that has been around for many years, probably had many different maintainers and has probably had at least some of the design documentation lost then the cost of porting it to a new environment (macOS 64 bit) would not be cheap. Add to that the fact that it needs to meet regulatory requirements and could be sued if it produces incorrect results and the porting bill increases. Doing the port is only worthwhile if the profits from doing the port exceed the cost of the port by a large margin.

Given that the software is available on Windows and that the vast majority of businesses use Windows computers instead of Apple for most commercial applications, it is understandable that the company may think porting to the 64 bit version of macOS is not worth doing.

What was Boeing through their heads? Emails show staff wouldn't put their families on a 737 Max over safety fears

Duncan Macdonald Silver badge
Unhappy

If the FAA can be forced to do its job

Then the FAA would go through the full certification of the 737 MAX 8 as a new aircraft with no grandfathering of safety certificates or pilot type qualifications from previous 737 models. As Boeing have proved themselves untrustworthy, all the tests would be carried out by the FAA with none of them delegated to Boeing.

Given the amount of money that Boeing can afford to pay out in "election campaign expenses" (ie bribes), I do not have much hope that this will actually happen.

Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear

Duncan Macdonald Silver badge

Yet another reason for NoScript

See title

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020