* Posts by Mike 137

711 posts • joined 10 Sep 2009


Software bug in Bombardier airliner made planes turn the wrong way

Mike 137 Silver badge

Worse in principle

The interaction of the various ideally completely separate functions suggests insufficient process segregation. This in turn suggests that the software as a whole has "evolved" rather than being designed as an integrated deliverable. Most software today "evolves", so we need a radical rethink of our approach to application design.

Great news. Patch load drops 20% for the first time in 10 years. Bad news: Well, you've heard about coronavirus?

Mike 137 Silver badge

"... than any sudden improvements in the quality of code being written"

Any improvements in the quality of code being written will never be sudden - if they happen at all it will result from a complete redefinition of "software professional" making the requirement for formal expertise coincide with those of other more established engineering disciplines.

Software is the only engineering product that is accepted as created by entirely self-taught and unverified practitioners without recourse to ratified common standards. Not the case in civil engineering, not the case in electrical engineering - not even the case in plumbing or gas fitting. But as software gets ever more embedded in products otherwise engineered to more rigorous standards, these themselves get dragged down to its level. Witness several aviation incidents and near misses in the last few years.

Rich Communication Services: Nobody uses it, nobody wants it, but analysts reckon it's on the verge of a breakthrough

Mike 137 Silver badge

"My banks [...] all use SMS

A wide open plain text messaging service that can be read or tampered with in transit and has no permanence. For banking? Good thinking Batman.

5G mast set aflame in leafy Liverpool district, half an hour's walk from Penny Lane

Mike 137 Silver badge

"The answer is stupid people"

An alternative answer is fear. Fear doesn't have to start out as of something specific. It can start out unfocused and find something to attach itself to. What that something is depends on current cultural obsessions.

Fear can make us stupid in respect of the thing it attaches to while we quite possibly remain entirely rational in all other respects. Consequently, we are all probably stupid in some things without any of us being entirely stupid.

You E-diot! Formula E driver booted off Audi team after getting video game ace to take his place in online race

Mike 137 Silver badge

Re: Integrity?

""Integrity, transparency and consistent compliance with applicable rules ..." are zero priorities for most of us these days and have been for quite some time. The general rule is Crowley's "do what you will..." provided you can get away with it.

IBM's sacking spree reaches Australia – and as staff wait to exit, they're offered AU$4k to find new workers

Mike 137 Silver badge

"... grey hair is a mark of senility..."

Unfortunately, it's more likely a mark of being too expensive for the bean counters. Young new entrants are much cheaper and also better conditioned to being abused as they're mostly might relieved to have a job at all in an overcrowded market place. Expertise and experience are not significant decision factors, which is why software is mostly such a pile of excrement and projects fail so often.

The "bottom line" for most companies is not quality or customer retention, it's net profit. A cheap readily replaceable workforce is s significant contributor to this.

eBay users spot the online auction house port-scanning their PCs. Um... is that OK?

Mike 137 Silver badge

Could they do a better job?

"not all the code is obfuscated, so if the script's creators really wanted to cover their tracks they could have done a better job."

Maybe they're blindly using an obfuscation tool they don't really understand.

Microsoft brings WinUI to desktop apps: It's a landmark for Windows development, but it has taken far too long

Mike 137 Silver badge

"... it simply restricts the platforms on which it can run ..."

And thereby guarantees the churn that keeps these behemoths in funds. If computing kit was durable and standards were stable, the market would have completely saturated at least a decade ago. None of this "innovation" is really for us users, which is why it now takes four 4 GHz cores and 8 GB memory to run your word processor.

Wanna force granny to take down that family photo from the internet? No problem. Europe's GDPR to the rescue

Mike 137 Silver badge

"GDPR and Data Protection law historically is not about privacy ..."

I concur, it's not fundamentally about "privacy" per se. It's about ensuring that processing does not infringe the human rights of the data subject, of which rights privacy is just one. Unfortunately the law is not (and probably never can be) specific enough to ensure all eventualities are covered for.

On material scope the GDPR states:

" 2.This Regulation does not apply to the processing of personal data: [...] (c) by a natural person in the course of a purely personal or household activity;"

The definition of "purely personal or household activity" is the point at issue here. There's no definitive interpretation and negligible precedent. This case might indeed contribute some provided the opinion is explained properly. Nevertheless, as the legislation is only invoked on the basis of complaints by data subjects, the body of precedent is likely to be slow in accumulating, and in the meantime it's pretty safe for most organisations to ignore the law. That's not so much a fault of the legislation, but of how it's universally enforced.

Record-breaking Aussie boffins send 44.2 terabits a second screaming down 75km of fiber from single chip

Mike 137 Silver badge

"stuck with 50Mbps ..."

<bogus Yorkshire accent>"You're in clover. We get half a megabit at best..."</bogus Yorkshire accent>

Lawsuit klaxon: HP, HPE accused of coordinated plan to oust older staff in favor of cheaper, compliant youngsters

Mike 137 Silver badge

"A modern corporaton has no ethics ..."

Strictly, they do have ethics -"The rules of of conduct recognized in certain limited departments of human life 1789" [OED]. They just have no morals, just like some of those most active in a memorable event in 1789.

Could it be? Really? The Year of Linux on the Desktop is almost here, and it's... Windows-shaped?

Mike 137 Silver badge

"Just go with the flow ..."

Going with the flow would be fine if the flow wasn't entirely under the sole control of an unchallengeable commercial entity with its own vested interests. Choice is a fraud if you can only choose what you're thrown.

Mike 137 Silver badge


Windows on Linux on Windows. I believe it's called recursion.

Funny that nobody's talking about licensing though. Open source inside closed source? How does that work?

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months

Mike 137 Silver badge

Re: Javascript again

Why indeed is any client side processing performed on a card data capture page? A pure HTML form using POST over TLS should be sufficient to collect the data, with all processing server side. Client side processing is open to tampering and always has been.

Beer rating app reveals homes and identities of spies and military bods, warns Bellingcat

Mike 137 Silver badge

The wicked and the fools ...

The wicked and the fools both go to hell but the fools get there first.

Azure-hosted AI for finding code defects emitted – but does it work?

Mike 137 Silver badge

"Code that seems likely to be buggy is flagged for further investigation and testing"

100 per cent of code "flagged for further investigation and testing" then?

Easyjet hacked: 9 million people's data accessed plus 2,200 folks' credit card details grabbed

Mike 137 Silver badge

An exemplary response

"As soon as we became aware of the attack, we took immediate steps to respond to and manage the incident and engaged leading forensic experts to investigate the issue."

I'm amazed they responded like this - must have taken some serious thinking to plan for.

Open letter from digital rights groups to UK health secretary questions big tech's role in NHS COVID-19 data store

Mike 137 Silver badge

Transparency is not enough

Although the GDPR mandates transparency, just telling people that you're abusing them does not constitute genuine compliance even if it seems to fulfil the "letter of the law". The purpose of transparency under the GDPR is to provide data subjects with a basis for challenging processing that infringes their human rights. In the absence of effective mechanisms for redress, transparency alone is useless.

Equifax finally coughs up the money for its 2017 monster hack… to the banks for having to cancel your cards

Mike 137 Silver badge

Re: Business as usual

This is also a key reason why infosec has got worse rather than better over the last 30-odd years. All the losses are either externalities (the customers') or effectively coffee money for giant corporations. As far as I know, DigiNotar is the only company that actually went out of business as a result of a data breach, and that was because it was a subsidiary to a holding company that shut it down just to avoid embarrassment.

Another key reason (although not in the case of Equifax, where we don't have a choice) is that despite the breaches, "we" the public go on using the services (e.g. Yahoo, Facebook) so quite a bit of the problem is actually down to us as well.

Latest NHS IT revolution is failing to learn lessons from the last £10bn car crash

Mike 137 Silver badge

Re: a target to go "paperless" by 2018 has not been achieved.

Once, I got a letter revising the time of a physio appointment by one minute. On arriving, I waited until around 45 minutes after the appointment time without being called, then had to leave as I had to be somewhere else. The lack of control is not just in IT projects.

Everything OK with Microsoft? Windows giant admits it was 'on the wrong side of history' with regard to open source

Mike 137 Silver badge

The greatest joke of all

"... the Windows giant was "on the wrong side of history" when it came to open source ..."

Of course the original IBM PC that put Microsoft on the map was open source. I remember the manual including both full circuit diagrams and a complete BIOS listing. it was this that made it such a success. P/S2 failed because it didn't follow the same principle, so the add-on industry didn't support it.

What is unclear, though, is how open source licenses can be respected if open source code is absorbed into closed source products, which is clearly what is happening. That would seem to amount to breach of intellectual property rights.

Singapore’s mega-investment firm Temasek joins Facebook’s Libra cryptocurrency effort

Mike 137 Silver badge

"[...] like an ordinary, compliant payments processor — PayPal [...]"

I'd hardly call PayPal "compliant" - but of course that depends on compliant with what? For example, regulated banks tend not to suddenly freeze your account without warning and then fall silent on you.

NASA launches guide to Lunar etiquette now that private operators will share the Moon with governments

Mike 137 Silver badge


Basket weaving and macramé in zero gravity?

Mike 137 Silver badge

A key strategic asset

"Many states see the Moon as a key strategic asset in outer space, and several companies, including NASA, have proposed mining rocket fuel from planets and asteroids."

"Houston, the locust has landed".

Crooks set up stall on UK govt's IT marketplace to peddle email fraud services targeting 'gullible' punters

Mike 137 Silver badge

Honesty among thieves

""We develop bespoke Cloud-based online fraud solutions to target gullible consumers into parting with their cash ..."

Merely the ultimate extension of capitalism? At least they're above board about it.

Facebook to surround all of Africa in optical fibre and tinfoil

Mike 137 Silver badge

Re: Can someone explain?

From Conductivity Of Metals Sorted By Resistivity

Copper pure IACS 100%.

Copper deoxidised IACS 85%

Aluminium 99.99% pure IACS 64.95%

However aluminium is about a quarter the price of copper, so and Al wire 1.3 times the area (1.144 times the diameter) would have equivalent resistance per length to deoxidised copper and be a lot cheaper. Does make sense, except possibly for the greater difficulty of making long term reliable connections at the ends.

Worried about the magnetic North Pole sprinting towards Russia? Don't be, boffins say, it'll be back sooner or later

Mike 137 Silver badge

A local effect?

"The moving pole is a local effect and the remainder of the Earth’s magnetic field hasn’t changed much."

Sounds counter-intuitive. Can anyone explain this in a bit more detail?

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report

Mike 137 Silver badge

"up to 100,000 employee details were stolen"

In English law (applicable in this case), theft requires that the victim is "permanently deprived" of the article in question. Did they delete the source data after copying it? if not, it wasn't stolen, merely exfiltrated.

Vint Cerf suggests GDPR could hurt coronavirus vaccine development

Mike 137 Silver badge

"GDPR is there to prevent your data being used without your consent"

Actually that's not the case. Consent is only one of the lawful bases for processing.

And it won't hinder vaccine development. There's a specific provision - Article 9.2(i) - that permits the (otherwise prohibited) processing of the "sensitive" categories "[...] for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health [...]".

The GDPR is not a barrier to any legitimate processing by any organisation provided its requirements (intended to respect the human rights of data subjects) are fulfilled.

It's about time someone actually read the GDPR before pronouncing on it, particularly where the person pronouncing is high profile and likely to be taken as an authority..

NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?

Mike 137 Silver badge

"Design it to be secure from the start."

The problem with designing for security from the start is that it requires two rare human attributes: forethought and dedication. Both are spectacularly absent in government circles, where short term planning and knee jerk reaction provide an adequate route to the "top"..

Ampere, Nvidia's latest GPU architecture is finally here – spanking-new acceleration for AI across the board

Mike 137 Silver badge

Impressive, but ...

This is hardly just a "GPU" any more, is it? It may use the architectures developed for graphics processing, but it's more likely destined for deep data and AI rather than merely putting up animated screenfulls.

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

Mike 137 Silver badge

"The malware, named Mandrake by the threat intelligence agency"

I thought Bitdefender was an anti-virus vendor. When did it become a "threat intelligence agency"?

India says its brains saved the world from the last colosso-crisis – cough, Y2K – proving it can become self-reliant

Mike 137 Silver badge

Re: Are you insinuating something?

The best outcome for any identified risk is that you've pre-emptively reduced its likelihood to zero. Short of that, you've pre-emptively reduced its potential consequences as far possible. Either way, the common factor is pre-emptively.

Most incidents arise from ignoring the signs until it's rather late in the day to act. But Nassim Taleb was right in saying we rationalise after the fact to explain the incident away (typically as "unprecedented").

There's Norway you're going to believe this: Government investment fund conned out of $10m in cyber-attack

Mike 137 Silver badge

"an advanced data breach"

It always is "advanced" until the investigation shows it was a total push-over. Usually down to complete absence of management oversight. Technologies alone are not enough - as at Equifax and hundreds of others.

US-CERT lists the 10 most-exploited security bugs and, yeah, it's mostly Microsoft holes people forgot to patch

Mike 137 Silver badge

"it's mostly Microsoft holes people forgot to patch"

AKA "it's mostly Microsoft holes that slipped through the test cycle into release"

Driveway karaoke singer who wanted to lift lockdown spirits cops council noise complaint

Mike 137 Silver badge

'No. We'll take "The Sound Of Silence"'

Way back in the 70's there used to be a request to cafe musicians - 'can you play "Far, far away" please'

Now there's nothing stopping the PATRIOT Act allowing the FBI to slurp web-browsing histories without a warrant

Mike 137 Silver badge

So much for Privacy Shield

Bad for Europe, but of course once the UK becomes a third country there's be nothing to lose anyway (except your browsing history). We may have the "UK GDPR", but Privacy Shield is external to the Regulation and is negotiated between Europe and the USA, so unless some very creative machinations are negotiated the UK will not be party to it.

Azure low-priority VMs become non-existent VMs, replaced by new Spot VMs

Mike 137 Silver badge

"When you've got them by the balls ..."

"If you are running and the cheapest spot price exceeds the ceiling you’ve set, your workload will be “evicted” with as little as 30 seconds warning."

Their hearts and minds will probably follow, if the alternative is getting screwed.

Breaking virus lockdown rules, suing officials, threatening staff, raging on Twitter. Just Elon Musk things

Mike 137 Silver badge

Dear Elon ...

One day he'll trump Trump.

Lawyers hail 'superb result' in Facebook biometric privacy battle: They'll get 25% of $550m, Illinois gets the rest

Mike 137 Silver badge

Re: Fucking lawyers...

How about F***ing Facebook? Who actually committed the offence? It must be recognised that behemoth corporations on this scale are essentially extra-judicial as they can wheel, deal and bargain with resources that outstrip all other interested parties. This is the real problem, and until we have internationally consistent laws to prevent such abuses of position, no legal action against these corporations can really be made to stick.

Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week

Mike 137 Silver badge

To paraphrase Yoda ...

"A total of 111 fixes [...] none are being actively exploited ..."

Now they've been announced, to paraphrase Yoda "they will be ... they will be". So grit your teeth and hope none of the fixes bork your systems.

Nine in ten biz applications harbor out-of-date, unsupported, insecure open-source code, study shows

Mike 137 Silver badge

Thanks you Dvon of Edzore!

That has needed saying for a very long time. Constant or even recent "support" is not a mark of quality. At best it's irrelevant and at worst you've nicely identified the true reason for it - buggy code.

Russia admits, yup, the Americans are right: One of our rocket's tanks just disintegrated in Earth's orbit

Mike 137 Silver badge

"65 chunks, littering Earth’s orbit with debris"

Hardly "littering" considering how much junk is already up there and how long it's been accumulating. As long ago as 1991, Heinz Wolff suggested we needed a "vacuum cleaner - to clean the vacuum up there" and it's been increasingly necessary ever since. However the real hazard of these events typically comes later. Collisions with other debris can break up large fragments, but even tiny fragments can be lethal at orbital speeds. You can track and steer past big debris, but pebble size bits are virtually impossible to avoid.

I've seen things you people wouldn't believe. Spacecraft with graphene sails powered by starlight and lasers

Mike 137 Silver badge

Re: OK, great, we can get something to Alpha Centauri with a lightsail. Now what?

"... deploy its lightsail again and return to Earth ..."

Driven by what? This is necessarily a "square rigged" spacecraft. It can probably tack a bit but can't sail into the wind or even close to it.. The Earth-based laser (supposedly) got it to Alpha Centauri, but it can't bring it back.

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps

Mike 137 Silver badge


"... the apps, which are supposed to be pro-privacy, use Google Analytics and the Firebase Analytics framework, configured in a way to allow personalized web advertisements."

Translation: "Where there's an opportunity, however slim, to monetise, we will. That's our definition of capitalism".

However, it's possibly unlawful. Quite apart from any "cookie" use, we need a decision to set the precedent - are personalised adverts "electronic communications" within the definition used by the Privacy and Electronic Communications (EC Directive) Regulations? If so, prior consent would be required. But who actually cares? Practically nobody it seems. Business and government currently stomp all over personal privacy and the ICO mostly seems to turn a blind eye.

Samsung to launch debit card and financial-health-as-a-service service

Mike 137 Silver badge

Yet another unregulated financial service?

It took over a century all told to develop the financial regulation regimes that silently protect all of us from expensive fraud. Now (at least for the last couple of decades) we're happy to abandon that safety by signing up to entirely unregulated financial intermediaries. Can't see why...

As coronavirus catches tech CEOs with their pants down, IBM's Ginni Rometty warns of IT's new role post-pandemic

Mike 137 Silver badge

"... I'm going to really accelerate automation ..."

Great idea, provided the automation is not set running and left unsupervised ("fire and forget" management). Equifax had all the technology and automation it needed to prevent the massive 2017 data breach. The problem was an almost total lack of management control, so nobody knew, not only whether they were vulnerable (and subsequently whether they were under attack) but even who was responsible for finding out.

Blind faith in technological "solutions" does not protect against harsh realities, particularly where the technologies are so fundamentally flawed (take a look at the CVE or the national CERT notices).

'A' is for ad money oddly gone missing: Probe finds middlemen siphon off half of online advertising spend

Mike 137 Silver badge

"middlemen siphon off half of online advertising spend"

and they get it whether the advertising converts to sales or not.

I have a strong suspicion that "personalised" ads that aren't relevant to the page content against which they appear are likely to have a very low conversion rate. Relevance to the page content is much likelier to convert (basic human psychology). But of course content-relevant ads are harder for the middle men to place, and are a lot less amenable to high speed auctioning.

So you've set up MFA and solved the Elvish riddle, but some still think passwords alone are secure enough

Mike 137 Silver badge

"... believe the humble password is a good enough security measure"

Good enough for what?

There are purposes for which well defined passwords are sufficient, and other purposes for which they are not. There are no purposes for which the normal idiotic password rules are sufficient - "Pa55w0rD!".

Zoom bomb: Vid conf biz to snap up Keybase as not-a-PR-move move gets out of hand

Mike 137 Silver badge

It'd be fascinating

It'd be fascinating to work out how any given fragile slurpy service gains such take up considering how widely its fragility and slurpiness are publicised.



Biting the hand that feeds IT © 1998–2020