* Posts by veti

3118 posts • joined 25 Mar 2010

Canadian insurer paid for ransomware decryptor. Now it's hunting the scum down

veti Silver badge

Re: Not paying!

Tapes are pretty pricey, these days.

Reliable tapes, if there is even such a thing, will be even more so. When was the last time you tried to reinstall from one of your 2-year-old backup tapes?

UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it

veti Silver badge

So, your suggestion is that I should be required to have an annual audit on my home PC? At my expense, presumably?

Yeah, thanks, but no thanks.

Petition asking Microsoft to open-source Windows 7 sails past 7,777-signature goal

veti Silver badge

Re: This is about as deluded..

And how exactly do you propose to isolate them from "human intervention", with 7.5 billion people on the planet? How about those species (including nearly all currently living land mammals - ob XKCD) that wouldn't even exist in their present form without human intervention?

veti Silver badge

Re: Uh!

Unfortunately, when someone releases a patch, you wouldn't get to see the colour of their hat before installing it.

So there's nothing for it but for every company still using the software to apply some sort of trusted reviewing service, to decide what hacks - sorry, patches - to apply, and what not. If you were really, really stupid you might try to do that in-house, but I suspect 99% of companies would prefer to subscribe to some trusted third party for that service.

So... there they are, paying a subscription for extended support. How is that an improvement on the present situation, again? Oh sure, more hackers (of both kinds) reviewing the code, but the flip side is a markedly increased chance of a deliberate exploit being inserted (and mistakenly passed by the reviewing authority).

veti Silver badge

Re: RMS left the building and Don Quixote entered.

Don't worry. Boris has made it clear with his Huawei announcement: the UK is not moving into the US's orbit, but rather China's.

IoT security? We've heard of it, says UK.gov waving new regs

veti Silver badge

Re: One big mistake

To handle that - let us reset the password once we have plugged something in to a USB port on the IoThing itself. If we have local, physical access, assume we're authorised (to wipe all data on it).

Would be more meaningful, I think, to restrict the data that vendors are allowed to collect, and what they're allowed to use it for.

Microsoft: 14 January patch was the last for Windows 7. Also Microsoft: Actually...

veti Silver badge

Re: Freebies?

They are if the system is past its extended support date, as originally published and advertised when you bought the license.

Rockstar dev debate reopens: Hero programmers do exist, do all the work, do chat a lot – and do need love and attention from project leaders

veti Silver badge

Re: There's a big difference...

I suspect the difference in many cases may be "about five years". A hero at the start of the project may morph into a rockstar once it reaches maturity and the team has grown enough.

veti Silver badge

Re: A matter of context...

Because they know people who self identify as such stupid terms will respond to ego stroking, which can be provided pretty darn cheap, at least for a while, rather than demanding real money.

veti Silver badge

Re: We have "hero" CEOs, executives, marketdroids, sport players, singers, etc.

Not true. Oh sure, the real megastars get stupid money, but the vast hordes of merely mid-ranking entertainers are often much less well off than you think. Even those who've been household names across four continents for a couple of years - are not necessarily financially secure.

The biggest money in entertainment goes to publishers. Just like software.

veti Silver badge

Re: "..manage these people more efficiently by retaining them."

I hope you appreciate the irony of this post.

Stiff upper lip time, Brits: After bullying France to drop its digital tax on Silicon Valley, Trump's coming for you next

veti Silver badge

Re: "because it can deliver quicker, cheaper and easier"

Contrary to popular belief, laws are not (in general) made to benefit the rich and powerful.

It's the other way round: people and companies become rich and powerful by successfully exploiting the laws. The legitimate loopholes (or "economies", as we used to call them) exploited by Amazon are available to anyone. Amazon merely figured out a cost-effective way to do it.

It's important to understand this, because it gives you a valuable predictive insight: if you change the rules, you will not prevent companies or people from becoming rich and powerful by exploiting them. If not Amazon, someone else will do it.

I'm not saying the rules can't be improved on. I'm sure they can. What I am saying is that any attempt to change the rules that's inspired by, basically, spite against Amazon - or anyone else, for that matter - is unlikely to be an improvement.

veti Silver badge

Re: He's threatening Italy as well

No, the rules were published beforehand, but it was also conveyed that those rules would never be applied. (If they had been, then Italy could never have joined, and the whole thing would have been pointless.) The actual rules were, and still are, either a closely guarded secret, or being made up as they go along.

One-time Brexit Secretary David Davis demands Mike Lynch's extradition to US be halted

veti Silver badge

Re: Would you trust a USA court ...

Well, no.

But would David Davis be standing up for him, if he wasn't a millionaire, OBE, public school and Cambridge graduate...? Fairness, or rather unfairness, works both ways.

Beer necessities: US chap registers bevvy as emotional support animal so he can booze on public transport

veti Silver badge

Re: No beer on the train?

Yes, but an unspoken requirement of beer drinkers is that the supply needs to far exceed any plausible level of demand within the time of the journey. A single thermos wouldn't last you long, you'd need to bring a six-pack of them. That gets a bit unwieldy.

If you never thought you'd hear a Microsoftie tell you to stop using Internet Explorer, lap it up: 'I beg you, let it retire to great bitbucket in the sky'

veti Silver badge

Re: Needed for SharePoint

If your company uses SharePoint, you've got a bigger problem than the browser.

I don't understand why IE attracts so much hate, yet SharePoint seems to be relatively accepted, as if it were somehow a necessary evil.

Help! I'm trapped on Schrodinger's runaway train! Or am I..?

veti Silver badge

Re: Enquiries

Well, I do see such a reason. Email is a terrible tool for communicating with a school. Even worse than with a bank.

For one thing, if I want to let the school know my child will be absent, it's nice to know that I'm communicating over a secure channel. (Of course someone may have nicked my phone, but if that's true then I'm likely to know about it.) With email, anyone could fake my address well enough to fool an average school secretary.

For another thing, I have all my communications with the school in one place. No filtering required, no filling up my mailbox with PDFs I don't want to keep. No having to hunt through a stack of correspondence to find stuff like term dates, appointments, special events, or old newsletters - I know exactly where to find all those things.

And last but not least, I'm reasonably sure that if I contact the school through the app, they'll actually receive my communication, and vice versa. With email that's by no means a sure thing any longer, such is the enthusiasm of current spam filtering.

tl;dr: email sucks.

veti Silver badge

Re: Enquiries

What's the attraction of email over an app? A decent app is simpler, easier to file and keep track of, and way more reliable.

The only counter case I can think of is people who don't do apps - but it seems to me that those people are just as likely not to do email either, so if you're concerned about them, you should be advocating for all-paper communications.

US court rules: Just because you can extract teeth while riding a hoverboard doesn't mean you should

veti Silver badge

Re: Sedation for tooth extraction?

You wanna make sure the tooth fairy gives you a decent price for that. Palladium is worth around $100 per gram, currently.

South American nations open fire on ICANN for 'illegal and unjust' sale of .amazon to zillionaire Jeff Bezos

veti Silver badge

Re: All of this would have never happened ...

Conversely, once they did make that decision, this was inevitable. The fact that they didn't see it coming and write something into their rules up-front to handle it - speaks volumes to their failure of planning.

Whoa, whoa... Tesla slams brakes on allegations of 'unintended acceleration' bug: 'Completely false and was brought by a short-seller'

veti Silver badge

Re: Sure, deny it and point to the evidence that supports your position...

The thing is, Musk wails about "short sellers" all the frigging time. Anytime Tesla gets any kind of not-totally-rave press, it's malicious lies planted by short sellers. It's getting old.

Just because someone has made a bet that your shares will go down, which is all short selling is, that doesn't mean that their complaint is without merit. Maybe they're selling short because there's a problem, not inventing a problem because they want to sell short.

To catch a thief, go to Google with a geofence warrant – and it will give you all the details

veti Silver badge

Re: Dumb, dumb, dumb

Who cares that they can identify the phone, if they have no way of telling who it belonged to?

No Mo'zilla for about 100 techies today: Firefox maker lays off staff as boss talks of 'difficult choices' and funding

veti Silver badge

Re: Still my number 1 (only just though)

"Phones", in their basic design, reached "100% functionality" in the 1980s, when cordless handsets and programmable dialling became mainstream. Everything since then has been adding new features - such as the ability to take pictures, read books, browse the web, download apps...

veti Silver badge

Re: Still my number 1 (only just though)

Ob. XKCD.

Spanking the pirates of corporate security? Try a Plimsoll

veti Silver badge

Re: A decent backup strategy is very expensive.

If I have to pay 10% of my annual profits, for a form of insurance that mitigates a risk that has a 5% per year chance of occurring, then the rational choice is not to buy that particular insurance.

Of course you can quibble about how the percentages are calculated, but ultimately it's a judgment call. There is no single "right" answer in every situation.

veti Silver badge

Re: Wouldnt work - without some modification.

1. Yes, precise rules remain to be specced. Who decides what industry your company falls into? How do you decide what level of fines should be applied to it? If someone finds a hole in the website of (e.g.) a hotel, that allows an intruder to double-book, it seems unreasonable to charge thousands of dollars - or even many hundreds - for that. On the other hand, a similar exploit for an airline would be more serious (because it would expose the airline to security threats that have no real relevance to hotels). Likewise, there needs to be flexibility in the timeframe allowed for the victims to fix their problems. Not every system has to be taken offline immediately, or fixed within 48 hours of notification. Who makes all those rules, and how?

This is a non-trivial problem, and one I can imagine sinking the whole idea once you get into the nitty-gritty of it. But it's not self-evidently insurmountable.

2. This is not a problem. If the BOFH blows the whistle on a particular issue, that's good, because it means the company is now motivated to do something about it. If they threaten to blow the whistle, that's even better, because it means the company is motivated without having to pay off the bounty.

veti Silver badge

Re: A decent backup strategy is very expensive.

The operative pronoun being our backup. Not theirs.

Then we showed, by our collective choice of banks/building societies we dealt with and the choices we made with them, that we weren't in fact willing to pay the costs of that backup. And so they stopped providing it.

veti Silver badge

Re: Absolutely.

There's not much point in naming the director responsible, that would just lead to someone being designated the official fall guy for this purpose (and remunerated accordingly).

"Numbers received, closed, fixed" - I think a case could be made that these would give away too much commercially sensitive information. I suggest a single headline number, which is the total amount of fees/fines levied by the regulator against the company - which, for fairness and to forestall accounting shenanigans, could be published by the regulator, not the company.

China tells America, with a straight face, it will absolutely crack down on hacking and copyright, tech blueprint theft

veti Silver badge

Re: Dealmaster

Every president in 40 years has had that discussion. Trump got lucky in the timing.

Casting back across America's history, in the 19th and early 20th centuries, the USA was a hotbed of IP theft of every kind. It stole designs and machinery, art and prose - mostly from Europe and the UK, but later also from Japan and yes, even China.

In the mid-20th century, the USA suddenly realised that it now had quite a few artists, creatives, engineers and designers who were doing original work of their own. And at that precise moment, it had an abrupt change of heart about "IP" in general and started its movement toward its present position as the number one global champion of it.

That's the position China is at today. Across the board, Chinese designers have reached the point where they don't need to rip off "the west" any longer. Sure, in some areas they still lag - but in others they're our equals, and in some they've actually taken the lead. Suddenly, "IP" looks less like a restriction and more like an opportunity. And yes, you can cavil about how they got to that point, but the awkward truth is that it's the same way every other country got there.

US hands UK 'dossier' on Huawei: Really! Still using their kit? That's just... one... step... beyond

veti Silver badge

He'd be a fool to do a deal with either one, at present.

Only a real idiot signs any kind of "deal" with Donald Trump. America's graveyards and prisons are full of people who learned that lesson the hard way.

As for China, its present government has used the cover of Trump's sheer malevolence to expand its own evil into a shadow that falls on everything it touches. Just ask the American NBA, or the people of Hong Kong or Taiwan, or Prof Anne-Marie Brady,

veti Silver badge

Re: It's cute

You watch. Boris is about to announce a plan to develop all-British-designed, -coded and -built 5G kit, thus pissing off both the Americans and Chinese.

World's richest bloke battles Oz catastro-fire with incredible AU$1m donation (aka load of cheap greenwashing)

veti Silver badge

Good grief

So, he should just have kept the money then? Since making a donation attracts nothing but vitriol...

OK, it's not much. It's still a lot more than I've heard of from, say, Bill Gates, or Larry Ellison, or Mark Zuckerberg, or Elon Musk. Why aren't we piling on to them? While it's true that they've all made huge donations to other, no-less-worthy causes, for all we know the same is true of Bezos. There's a lot of problems in the world, it shouldn't be up to a handful of billionaires to fix all of them, or even any of them exclusively. That's what governments are for.

I'm personally very impressed that, in particular, Pink and Ms Jenner, as celebrities with no obvious connection to Australia, have given of their plenty. But one thing I learned from Negotiation 101 is that any concession, no matter how small, should be accepted with grace, gratitude and smiles. That makes it much easier to extract more, later, and harder to take back the concession you've already got.

veti Silver badge

Re: Not exactly a reasonable comparison

You want to pay $1m for my home? Come here and make me that offer in writing, in legally binding form, and then it'll be a market value. Words on the internet are too cheap to count.

Someone needs to go back to school: Texas district fleeced for $2.3m after staff fall for devious phishing email

veti Silver badge

The irony is that making overseas payments - to, e.g., friends or family members - is much harder now than it was 20 years ago.

Y2K quick-fix crick? 1920s come roaring back after mystery blip at UK's vehicle licensing agency

veti Silver badge

There are some cave paintings in the south of France, and probably a few other places as well, that are quite a bit older than that.

Also some archaeological sites, and approximately all fossils.

But nothing that you would probably describe as "still around", exactly.

What was Boeing through their heads? Emails show staff wouldn't put their families on a 737 Max over safety fears

veti Silver badge

Re: "designed by clowns managed by monkeys" type comment sounds damning

Step 1 in software development: fire all the "rockstars" except one. I don't want your goddamn rockstars, I want honest workers who will do a solid 3-4 hours' work a day.

Step 2: get an honest project manager who will tell you how things are really going.

Step 3: put in place verifiable, objective milestones to make sure the PM is honest.

Step 4: whenever a milestone is missed, tell the sponsors that there's a revised timeframe and it cannot be negotiated with. It may technically be possible to buy it off, but you really wouldn't believe how much extra that will cost.

Step 5: remember that rockstar we kept? - put him (it's bound to be a "him") in charge of the test team, make it clear that he's solely responsible for signoff. You need someone in that role with the self-confidence and bloody-mindedness to say "no" to the whole goddamn company.

Flying taxis? That'll be AFTER you've launched light sabres and anti-gravity skateboards

veti Silver badge

Re: "Lightsaber"

Their subscription lapsed in 1776. Since then they've forked their own version.

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?

veti Silver badge

To answer your title:

... Because hosting is cheaper there.

Duh.

Microsoft engineer caught up in sudden spate of entirely coincidental grilling of Iranian-Americans at US borders

veti Silver badge

Re: And the consequenques fo failing to act?

There is no meaningful definition of "an act of war". Basically, it's like "high crimes and misdemeanors" - it's whatever some politician wants it to be. If you want to start a war, and someone attacks your embassy, then you say it's an act of war. If you don't, then you don't.

Contrary to appearances, I doubt if even Trump is crazy enough to try to invade Iran. (Which would be approximately 6x harder and costlier, in both blood and treasure, than the Iraq war, with the added burden that America would have *no* allies supporting it at all, not even the Saudis, and the Chinese and Russians would actively help Iran.) On the other hand I'm sure he's quite happy to bomb it to buggery, and doesn't care what happens when the Iranians develop their own bomb because that'll be his successors' problem.

The Iran crisis is entirely of Trump's own making. He's the one who torpedoed the nuclear deal and announced that instead of negotiating, he would simply apply "maximum pressure" to Iran. Everyone, but everyone, warned him that Iran would retaliate by stepping up its efforts to thwart American interests in the wider region, but he did it anyway. He's a bully who instinctively expects enemies to fold when treated harshly enough, and is taken aback when they don't. Which they don't.

North Korea has shown the way. Iran will have its own bomb before long, and nothing Trump can do - short of a full-scale invasion, which would cost tens of thousands of American lives - can stop them. Start getting used to it.

If at first you don't succeed, pry, pry again: Feds once again demand Apple unlock encrypted iPhones in yet another terrorism case

veti Silver badge

Re: Yeah, sure

Look, the Feds have done everything right. They've seized the phone, they've got the search warrant. All the concerns about "search and seizure" and "due process" have been satisfied. They're not trying to get in through some back door, they're trying to kick down the front door.

At this point, I really, really want them to have access. Because if they can't get it, then our days of being allowed to use proper encryption at all are numbered.

Watching the watchmen is a balancing act. Sure, keep them from overstepping the bounds. But if you're trying to thwart them even when they do everything right, then you are the one who has crossed the bounds, and now you're their enemy. Expect to be treated as such.

We live so fast I can't even finish this sent...

veti Silver badge

Re: Now you know what 2020 is going to look like

"Early/mid/late Victorian" were periods invented well after the event. People in, e.g., the 1880s used to have a very clear idea of what they meant by "the 50s".

People like to wank on about the pace of change today, but Victorian Britain was arguably changing even faster. There's a huge difference between the London of 1850 and 1890 - much more so than from 1950 to 1990. It's the difference between a loose conurbation of small towns, and a single big city.

Politically, the period saw the invention of trade unions and socialism. Culturally, it's the distance from Emily Bronte and Lewis Carroll to Arthur Conan Doyle and JM Barrie. Militarily, it's the introduction of breech-loading rifles, machine guns, percussive shells that actually worked, ironclad steam warships. Homes went from candle and lamplight, through gas, to electric lights. Tap water became drinkable. First trains, then telegraph, then telephones. Heck, even cars were invented in the period.

Sure, times are changing now - but to say that the changes are bigger or faster than ever seen before is very doubtful.

I'm the queen of Gibraltar and will never get a traffic ticket... just two of the things anyone could have written into country's laws thanks to unsanitised SQL input vuln

veti Silver badge

Re: The king of Spain is the king of Gibraltar would have done the trick

I was thinking more of a law requiring every able-bodied citizen to report outside the parliament building on 1 April for archery training.

Linux in 2020: 27.8 million lines of code in the kernel, 1.3 million in systemd

veti Silver badge

Re: Systemd = Marmite

The sheer objective wrongness of your attitude to Marmite tells me everything I wanted to know about Systemd.

From Soviet to science fiction icon, the weird life of Isaac Asimov 100 years on

veti Silver badge

Re: frustrating genius

I too went through an SF phase, from the ages of about 15 to 25, but gradually devolved more into honest fantasy, which is to say "SF that doesn't try to pretend it's based on science".

However, I can still find "SF", of sorts, to grip me. Have you tried Connie Willis, or even Kazuo Ishiguro's Never Let Me Go?

veti Silver badge

Re: Asimov was a letcher

By "drastic" failure, in this context, he's imagining getting slapped or shouted at, or at worst a punch in the face from a third party. Not legal proceedings or a scandal that would get him fired from his job or barred from polite society.

"Not entirely proper", sure. But not "utterly beyond the pale", either. People looked at things differently 50 years ago. Just watch a couple of Carry On movies.

EA boots Linux gamers out of multiplayer Battlefield V, Penguinistas respond by demanding crippling boycott

veti Silver badge

Re: EA hardly needs Linux as an excuse to ban people

It's not about the lawyers. (Well, not directly.) It's the sheer amount of hassle. After a while it just wears you down.

I had a similar experience with the company formerly known as Atari. This was back in the days when "copy protection" meant you had to keep the original DVD in the drive while playing, but when I launched their damn' game, it gave me a "Insert original disc" message, even though the damn' disc was already in there.

So I contacted their support team. They asked me to tell them - some serial number printed in very small, barely legible print on the inner rim of the disc. I did that, and a day or so later they sent me a patch that, I later discovered, was basically a "noCD" hack. The whole transaction took at least a couple of days.

And that was fine, until they updated the game - whereupon it broke again, and I had to go through the whole rigmarole again. At this point it must have dawned on them that now I had the magic serial number in my email, I could have flogged off the original disc and be lying to them about it, so the process to convince them of my bona-fides grew steadily more convoluted. After a few iterations, it would take several days to get the hack back. I could almost hear them scratching their heads to come up with new ways to test my honesty.

And this game was still quite new, which meant patches were coming out about once a week.

By the time I'd been through this cycle three or four times, I was thoroughly fed up with the process, the company and the damn' game anyway, so I contented myself by bad-mouthing the game, the publisher, and SecuROM on every relevant forum I encountered for the next 15 years. But it never even occurred to me to try to pursue any "claim" against the company. I'd just - spent enough of my life on it by then.

A Notepad nightmare leaves sysadmin with something totally unprintable

veti Silver badge

Re: Support ticket

Seriously? You came into computing already knowing this lesson, you never had to, y'know, learn it?

veti Silver badge

Re: That triggered a memory...

You can retrieve the OS from its own recycle bin?

Colour me impressed.

veti Silver badge

Sure, but we're not born knowing that. For everyone, there must have been a Time Before they knew it.

Didn't you have at least a tangentially similar experience, just once? (Once is usually enough to learn the lesson. But it does take "once".)

Train-knackering software design blunder discovered after lightning sparked Thameslink megadelay

veti Silver badge

Re: Tell me about it

Peterborough to Milton Keynes - is over an hour's drive, according to Google. You could have got to Leicester or Cambridge in the same time, which makes Milton Keynes seem an odd choice.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020