* Posts by Alex 72

28 publicly visible posts • joined 6 Nov 2009

'Maybe the problem is you' ... Linus Torvalds wades into Linux kernel Rust driver drama

Alex 72
Stop

Logically Linux development ought to be collaborative

Many of the arguments here like this one which seem to make technical points are logically flawed this one for example "begs the question" the premise (e.g. Linus not accepting C++ is a similar incident and equally flawed decision since memory safety is desirable and a move away from C to a so called memory safe language will help) assumes the conclusion (e.g. Linux should use Rust now).

<rant>

The major open source communities seemed to be on a path to more respectful collaboration Linus Torvalds efforts to moderate his tone perhaps being one of the best examples of this. It is reprehensible that as Microsoft Oracle IBM et al have begun to contribute to open source more one of the major impacts has been a return to flame wars and identity politics.

On the Rust for Linux front the way Rust and other "memory safe" languages are deemed to be "memory safe" depends on libraries maintained by humans. Just like the security and utility of the linux kernel is maintained by humans known as maintainers. It is not clear to me that outsourcing this security to another project that whilst by introducing opportunities for standardization and re use may reduce the diversity of error cases and vulnerabilities will also reduce the number of developers actively working on problems of memory safety and fully conversant in these considerations would in the long term actually improve the security of projects which move to memory safe languages solely for this purpose.

The idea that C cannot be developed securely as there "are not enough young developers", the language lacks the capabilities, not using the RUST or C++ apprach and outsourcing this to an ever smaller community is not sustainable seems flawed to me and invites the question well why is the security record of Linux distributions compared to Windows and other operating systems which have of late fully embraced this approach comparable if not better than these rivals?

</rant>

I do not claim to know the right answer but allowing contributors to collaborate respectfully on proposals and the open source community projects to move forward without inviting lay people, anonymous accounts run by community members, vested interests, and trolls who want to see the world burn to weigh in on social media and attack volunteers who are often unpaid seems like a better approach to a viable solution for my money.

Uber CEO warns robotaxis can't find a fast route to commercial viability

Alex 72

Re: Autonomous vehicles

Whilst AV's might in future be how we reduce Road deaths with technology, We are not there yet. As even Uber are admitting the superhuman safety record is not yet proven. In the mean time Automatic Emergency Breaking, Lane Keep Assist, and dynamic cruise control have advanced exponentially in recent years. Focusing on deploying the mature technologies like this, whilst being honest about their capabilities seems to be a much better bet for reducing fatalities in the near term. Longer term we already have electrified autonomous capable (many lines already have autonomous trains as there are less unknowns its already safe) intercity passenger/freight options in the form of Rail. Moving traffic from road to rail in Europe and America would make for fewer direct emissions (could help reducing global emissions as part of a low carbon electricity market), reduced traffic would result in safer roads. We are not investing effectively in additional rail capacity because the tech bros prefer to fritter away billions on automation and making futuristic technologies that will enrich the 1% if and when they mature to dealing with Rail regulations and unions, and governments are all claiming to be too poor to invest or are just inept (see HS2).

No, I can't help – you called the wrong helpdesk, in the wrong place, for the wrong platform

Alex 72
Coat

Re: BYOD is a terrible idea - it is is if you half a** it

It is if you let Microsoft set the standard for separation but with a bit of effort you can use roll your own FOSS, airwatch or backberry enterprise server and have all corporate apps in a sandbox that is administered by the work including a voip phone app and even use dual sim so staff can have a work sim if needed. This allows less e-waste, means that some staff can just BYOD, some can get a subsidy towards a better single device rather than two mediocre or sub par ones, and staff who have company phones with personal use allowed can have some privacy. It is alot more work than just enabling authenticator as 2fa byod setting a minimum security patch lever for droid and apple and requires an understanding of existing company policy or agreeing new policy in many areas. Hence most people don't bother to get it right, for a myriad of understandable reasons because the organization leadership don't agree they are responsible for setting this policy or the time frame to get this available at the behest of leadership is too tight or free open source software is not accepted and the budget does not cover a sufficiently capable solution. In many cases clarity on these policies, and solutions for these technical challenges would be beneficial even if BYOD is not pursued but I digress. Due to this common organizational dysfunction i often find myself forwarding calls from a superfluous corporate Samsung droid or apple device whilst I am under the yoke. These devices cost money and too often go to landfill when used for fear of data leakage .

As Ron Swanson and even Nick offerman in his stand up would say don't half a** two things whole a** one thing.

UK Ministry of Defence gets into chipmaking game, buys gallium arsenide fab

Alex 72

Re: Sensible

In an existential incident an arc furnace would have plenty of steel from scrap and non essential goods to recycle. The UK has had a trade deficit in steel since 2016. We need to import iron ore as we dont mine it anymore. Given this longstanding dependence as even when we did mine it it was never enogh recycling may be more self sufficent than any virgin steel we make at port talbot. But mor importantly we would starve long before we ran out of steel our population has grown and our crop/dairy/meat output hasnt kept pace we depend on just in time delivery for tesco, asda, sansburys et al to feed us.

UK government's bank data sharing plan slammed as 'financial snoopers' charter'

Alex 72

So many exceptions that are un nerving so hypocritical of the government of a country who introduced ITIL and encourages best practice in industry. Rereading the legislation I guess I should have said compliance with the letter of the law was acrobatic or authoritarian. As there are suggested justifications and then most of the ways a secretary of state can set regulation end with the phrase or in the exercise of authority. I thought Labour like to rule by consent in the public interest not by decree in the self/elite interest.

Alex 72

UK law says personal data must be "used in a way that is adequate, relevant and limited to only what is necessary" https://www.gov.uk/data-protection. There are already provisions to allow the reporting or investigation of suspected crimes and this is neccessary. I do not see how this complies with the spirit of the data protection act and imagine any way that the have managed to comply with the letter of the legislation is acrobatic. As noted in the article this seems to automate suspicion and presume guilt. I also don't imagine that the amount recovered would be a patch on what could be gained by improving big firms voluntary compliance in paying tax, closing loopholes and encouraging growth, all things the government in opposition and during the election campaign claimed to want to do .

Disney claims agreeing to Disney+ terms waives man's right to sue over wife's death

Alex 72

Re: Kind of a self-answering question ?

Well there is probably not a corporate manslaughter case against Disney, but the operator of a restaurant that incorrectly said there were not traces of an allergen in food, when there were and that causing death probably does have a criminal negligence charge of some kind to answer. That case however would be against who ever operates the restaurant day to day trains the staff sets policy for cleaning teh kitchen... Given the attempt to get the case to arbitration and claims Disney should not be named in the case as the website is the only place they make assurances about food safety that is pointedly not Disney themselves. I guess it makes sense an animation firm doesn't cook the food at its mall outside of its park and has a partner do it. However given the massive disney logos everywhere the cast member licensed to dress as Disney characters.. Anything other than admission of a mistake and bending over backwards to ensure compensation is paid when someone dies of negligence is just asking for reputational damage. The only reason to defend such a case is to avoid setting president of liability. Asking lawyers to minimize the cost of such a thing or taking their advice to do so is an exercise in foot shooting.

Too late now for canary test updates, says pension fund suing CrowdStrike

Alex 72
Coat

I hate to defend Microsoft...

Unless you are apple the diversity of hardware, bios, OS and other configurations make a test lab difficult even if you can afford it trying to ensure that you have every possible configuration represented and the updates that will be applied by other vendors like Microsoft if you are CrowdStrike or OEMs like HP, Dell, Lenovo... if you are Microsoft have been tested with the patch you are putting out is a large undertaking, and a large part of the reason even when hardware vendors are onside getting full compatibility for new hardware in free open source software maintained by volunteers can take time. So whilst Microsoft have dumped a number of dud releases on us they have not quite messed up like this and being the vendor of a whole OS and security product for the same OS their record doesn't look so bad compared to the Crowd now.

Still given the over 660 million shareholders and a major fraction of the global population being customers, over 200 billion in revenue in 2023 one might expect Microsoft to keep improving.

Tesla parental controls keep teenage lead feet in check

Alex 72

No this one is Fair

You misunderstand the concept of insurance, the idea of insurance is to share the risk among a population so if you are higher risk, you pay more. The option to do a manual test even if you only intend to drive automatic cars means it is your choice to be in the same group as risky drivers. The complication with car insurance is that unlike other insurance it is a legal requirement so even if you are higher risk, there is a tendency for some to see it as unfair, that younger people and people of modest means are often paying higher premiums. The only way that we can get around that is government intervention like the NHS in the UK or medicare and medicaid in the US, and its been many decades since that actually improved anything so this is the least worst option. The other thing that would in the long run reduce premiums is safer cars and continuing driver education from government that actually works but again that involves multi national firms and governments coordinating to do good, I just won't hold my breath. Forcing low risk drivers to cover the cost of insuring high risk ones without subsidy from the government will reduce the number of low risk drivers on the road as it gets too expensive and push everyone's premiums and accidents per 1000 miles/kilometers up even further.

Long-term supported distros' kernel policies are all wrong

Alex 72
Linux

Debian

Just use Debian they already use the LTS kernels as a base and would work with anyone willing to help in good faith. Even though Debian will help you use it longer, maintain a staff that can handle an upgrade every 2 years. Organizations that can achieve this tend to be more secure and agile saving more than the investment in skilled Developers, Operations and Security staff over the long haul. In the cases where an unavoidable delay means you need to go beyond this parts of that same staff can help maintain the kernel whilst others work on the issue causing delay. Just my 2¢ YMMV

Industrial robots make people feel worse about jobs and themselves

Alex 72
Holmes

So once again philosophers, mathematicians, software developers and electrical engineers working at the nanometer scale in large companies R&D and academia have developed tools. Literature has been published which explains the possibility of decades or centuries of gradual improvement if they are adopted and refined slowly and carefully ensuring for example the sheet metal workers and technical authors whose jobs are automated to some degree get input in the design and that those retained in the industry get a sense of control so the workplace can be more productive and better for workers. As well as ensuring that each stage actually achieves its aims starting out with pilot projects and experiments and only moving on when consensus is reached that there is benefit and no harm is done.

No one reads this stuff too long and too boring. There is one report that says you can do it in 5 years (during the life of your bonus structure if your in the C-suite) and a few companies decided to follow meta to "move fast and break things". Now that's what Wall street expects and everyone knows they never get it wrong, look at the .com bubble, a perfect and restrained motivator of careful and considered economic activity is that market and all the better in a new unregulated space.

Want to keep Windows 10 secure? This is how much Microsoft will charge you

Alex 72
Windows

Not yet but soon

These usually run windows embedded it was pos ready or embedded now its Windows 10 IoT Enterprise LTSC 2021 with support to 2027. https://learn.microsoft.com/en-us/lifecycle/products/windows-10-iot-enterprise-ltsc-2021.

Big companies often also run them past end of life, dont pay for extended support when it does end as the project wont be too late and put all their faith in an airgap or firewall. This does not always go well.

Fujitsu to shutter operations in Republic of Ireland

Alex 72
WTF?

I know they're Japanese but

Isn't it a bit insensitive and risky to make these changes when there is still any chance that it could be linked to the misdeeds in the UK without clarification. Any suggestion that the Irish are being punished for the conduct of the English just seems unwise. Also why kill the profitable consultancy contracts for newer tech along with the mainframe business this whole thing just seems like a manager from another continent was asked to make cuts and came in with a machete instead of a scalpel.

Euro-cloud consortium CISPE calls for investigation of Broadcom

Alex 72
Coat

Anything big enough to be a PLC should be a benefit corp and be required to have some basic societal benefits as part of its founding documents not just because evil is bad but because over the 10.. 15.. or 25... year horizon.. making your customers lives better and sustainable sustains the business and the shareholder value. Like politicians investors and fund managers tend to work 1 to 5 yaer time horizons and demand bailouts when the outcomes come home to roost. Also that would be radical and we don't have radical centreists in governments at the moment we have right wing and left wing radicals and centerists with shell shock just happy to still be there.

UK finance minister promises NHS £3.4B IT investment to unlock £35B savings

Alex 72

Re: Ah yes, Mr Hunt...

Maybe they can get 10:1 ROI if they keep that Mr ?unt as far away from the project as possible.

Why the end of Optane is bad news for all IT

Alex 72
Linux

Re: Not the idea, the implementation

Yes, this could have won in the marketplace if Intel opened it to all CPUs including ARM, and worked with UNIX/Linux vendors and OSS projects and Microsoft to build OS varients that used it the way google and apple do before a hardware launch. If as many people here believe there was benefit to be had demonstrating this at launch and opening up potential customers to everyone could have built demand (it would have brought competition but Intel would have first mover advantage and the segment would still be there now). Oh well, I guess it's a lot to expect Intel to manage their own IP carefully and to look out for the long-term health of their shareholders and the industry when it is easier to try to put everything new in an intel walled garden like the apple one but with none of the benefits because reasons.

BSA kicks multiple holes in India's infosec reporting rules

Alex 72
Alert

Re: The BSA

Whilst I have no wish to defend the (B)SA, I must take exception with the implication that it is wise for India's CERT to ignore the collective experience of companies many of whom have 75+ years of experience in this space and spend Indian taxpayers money on measures that will not work.

I do agree that these firms have responsibilities for software vulnerabilities and bad architectural decisions from decades ago but most if not all of them release patches every month. These firms are at least trying to deliver secure software. CERT-In if it is not taking feedback seriously or attempting continuous improvement are making themselves part of the problem and not the solution.

Australian digital driving licenses can be defaced in minutes

Alex 72

Re: Stop Using Phones for This

The iOS wallet works on the lock screen and I assume Google wallet will too.

If a plastic card option is still an option and this allows people to get an instant id I can see it being useful. I think a physical doc as a backup like chip and pin cards now would be helpful they could even print the qr code on the physical doc too so you can scan it at car rental places the way you do passports and e-tickets at the airport.

So I can see there are ways with public keys to allow verified entitres to confirm a license is genuine based on a decent PKI, trusted entities to verify the holder meets age requirements and the driver number and the government and police to do what they want as well as allow users to share what they consent to with verified third parties. But that all assumes that the app enforces an alphanumeric passcode at the os level like every decent BYOD registration that provides mobile tokens and productivity apps and the org in question has or can build and maintain a decent PKI and when vulnerabilities are responsibly reported software is patched. As the author said government systems of old do not inspire confidence these conditions will be met and without them paper and plastic are far superior.

VMware customers have watched Broadcom's acquisitions and don't like what they see

Alex 72

Ahh Broadcome the harbinger of doom

Even if Broadcom mean it: that they intend to keep all of VMware's customers and grow the business as an independent unit I am not sure they know how. Broadcom will also have the same advisors (accountants lawyers managers whoever) telling them there is an opportunity to hurt the competition by ending support for a competitor.... If they mismanage it or break legacy kit for the sake of it as everyone has pointed out those on the road to public cloud can go to Azure, AWS, Google cloud... instead of whatever VM Ware are doing and those stuck with VM's can use Microsoft Hyper V or KVM or even IBM system i or Joyent or PROXMOX. There is also the container space Docker and LXC/LXD and Kubernetes and so on. And as noted all of these can work with Terraform, PowerShell desired state config, ansible, and so on just as well as VMWare. Most of these alternatives are all still adding features and if VMware stips support and drops stuff well you know. Even those customers who have custom solutions and decades of investment after being forced to replace all the kit in a DC will not have the same brand loyalty in the long run and may use a different platform for greenfield systems.

So I hope Broadcom can pull it off and grow a profitable company without destroying it but much like the people the Reg talked to I will not hold my breath.

Spies still super upset they can't get at your encrypted comms data

Alex 72
Coat

Why break encryption

Given that the main issue the 5 eyes seem to have is with default on encryption for things like imessage and android messages as well as whats app and facebook if there were a system like the one describe below which was built in to client device (laptop desktop and mobile) OS's and made available to developers maybe mainstream comms and software providers could still have some security and allow "lawful" access but mainstream software isn't the problem for the real threats like terrorists they use telegram and ricochet and custom onion router code to communicate and even if they could find a way to incorporate this in to the those technologies without making them completely useless no one would use them after that as another open source app without this would appear in a day a fork of the predecessor from the last commit before it was added most likely with a shiny new name an no oversight. It's not the people who generate keys and share messages in the light you need to worry about.

With Shamir's Secret Sharing surely a key could be assigned with 4 or 5 factor authentication to allow authorise organisations with a warrant (i.e. anyone who can get a software or hardware token activated and a valid smart card for an approved organisation and a password for an ldap account on a trusted directory (with audited access so that anyone doing without a warrant gets caught) plus 2fa secured passphrase based on the device info from an approved manufacturer employee or something similar to de-crypt a built in key which is random and unique generated at manufacture. This key would never be stored on the device or anywhere else un-encrypted (other than volatile memory on the device creating it) but in encrypted form on a worm chip plus a manufacturer whilst this back door is still a potential attack vector it is cumbersome enough to achieve that traditional blackhat hacking would be easier. The only problem with something like this is that 5 eyes may not like it as the manufacturer 2fa would mean that in circumstances where they would rather no one knew how many communications were being encrypted by agencies who have blanket warrants or who "don't need them" the manufacture would know and could insist that agencies provide authorisation or a aren't every time would report it to other agencies and the media if anyone ever fraudulent claimed to have a warrant but didn't...

Brit cloud slinger iomart goes TITSUP, knackers Virgin Trains, Parentpay

Alex 72

customer 1st

Maybe throw gamma or bt some money to lease another line i get that some of the traffic cant go on the public internet unencrypted but encrypt it and pay for the overhead I doubt there isn't at least provider who could lease them enough bandwidth to get tier 1 services back up. It would be expensive on this level of notice but so is publicity like this

UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping

Alex 72

Bye bye encryption

WTF no encryption you can't break so no encryption: "RIPA requires CSPs to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates."

Alex 72

No encryption that works

WTF so TDM and VOIP providers can't provide encryption strong enough they can't decrypt. "RIPA requires CSPs to provide communications data when served with a notice, to assist in giving effect to interception warrants, and to maintain permanent interception capabilities, including maintaining the ability to remove any encryption applied by the CSP to whom the notice relates."

Would putting all the climate scientists in a room solve global warming...

Alex 72
Thumb Down

Straw Man!

Straw Man! that is all

Microsoft's Hotmail flicks finger at UK students

Alex 72
FAIL

UWS is ok but

Outsourcing uni mail servers saves space money and and its better isnt it.... oh wait it isnt and its a single point of failure apparently YAY

Vint Cerf mods Android for interplanetary interwebs

Alex 72
Thumb Up

Mars on the number 25 ?

So we tried to figure out how to send data to mars and along the way made downloading **** on the train or in a tank whilst moving work well LOL