* Posts by Richard 26

187 publicly visible posts • joined 21 Jun 2010


Microsoft closes Windows LSA hole under active attack

Richard 26

Re: CVE-2022-29972

CVE numbers aren't sequential, starting at 1. Big outfits like Microsoft are authorized to issue their own CVE numbers and have a range allocated to them.

Ubiquiti sues Krebs on Security for defamation

Richard 26

Re: Yay for the link to the article.

"That's the first rookie error - second is not suing for defamation in the UK. That's where the big bucks are, and our lawyers will take anyone's money as they've been keen to demonstrate over the previous decades."

That used to be true; however the Defamation Act 2013 moved the balance more in favour of the defendant, making 'libel tourism' harder (amongst other things).

And in 2015 the US passed a law making UK libel judgements unenforceable.

Co-inventor of Ethernet David Boggs dies aged 71

Richard 26

Re: Ethernet turned out to become the network winner

Ethernet does not scale is largely IBM FUD, trying to persuade people that there were good reasons to prefer their more expensive 4Mb/s system to 10Mb/s Ethernet.

Words like 'deterministic' get tossed around, conveniently ignoring the fact that it is only achievable on a LAN with a BER of 0. As soon as you accept the possibility of random noise corrupting a bit, determinism goes out the window.

Some theoretical studies of ALOHA have the performance tending to 1/e, which at 37% is remarkably convenient for token-pushers. However, ALOHA isn't CSMA/CD.

It's true to some extent that in ridiculously worst-case scenarios e.g. 1000s of nodes on the same collision domain, all constantly sending minimum size packets Ethernet starts to break down.

(Digression: For Gigabit Ethernet 802.3 specified a somewhat complex half-duplex mode because the idea of publishing an Ethernet standard without it was too contentious). When (I think) precisely nobody developed a half-duplex 'repeater' later standards dropped it entirely)

So what I am going to do is what I usually do at this point, which is to refer you to the classic WRL paper - Measured Capacity of an Ethernet: Myths and Reality (Boggs et al). RIP David.

Richard 26

Re: ..without using his network tech

DECnet changed the MAC address bypassing the need for an ARP equivalent. It also used things like reserved multicast addresses. It wasn't until IPv6 that 'IP' stopped requiring broadcasts.

Richard 26

Re: We might have made the wrong call

I think you were robbed. Why would you assign a MAC address to a transceiver? It's a level 1 device. If you genuinely had one like that, I'd be interested to know why.

How much would you pay me to develop a COVID tracking app that actually works? Ah, thought so: nothing

Richard 26

Re: Ursula Le Guin

"Why do people keep leaving out the K ?"

Probably because her publishers often do.

Scottish biz raided, fined £500k for making 193 million automated calls

Richard 26

Re: it's 2020

Well yes, because they committed the offence before GDPR came in. You don't apply laws retrospectively, it's a serious abuse of power.

RIP Ursula K Le Guin: The wizard of Earthsea

Richard 26

Re: Six Earthsea books

I would recommend leaving a gap of twenty or so years after reading the first three Earthsea books, before reading the rest of the series. It doesn't pay to rush things.

User dialled his PC into a permanent state of 'Brown Alert'

Richard 26

Out of paper

I was called to fix a printer that wasn't feeding paper. The user pointed at the paper tray, saying "it says it's out of paper but it isn't". I opened the printed, extracted the jammed paper from the fusing unit, and it sprang back into life.

"You might have worked that out for yourself, had you not changed the printer UI to Norwegian", I said, on my way out.

HPE wraps up $8.8bn Micro Focus software dump spin-off

Richard 26

Re: Prescient

I thought it was more like CA: a residential home where you can pay premium prices for your aging software to be mistreated by indifferent support staff.

RBS sharpens axe again: 900 IT jobs to go by 2020

Richard 26

'IT, for a bank, should not be regarded as a cost centre, but rather as their core business asset.'

The thing to do is to not let the beancounters take over in the first place; then you don't have to waste your time arguing you're a special case.

Sysadmin jeered in staff cafeteria as he climbed ladder to fix PC

Richard 26

"A sysadmin that doesn't know where an IP address is physically located on his own network ?"

Not so easy in those days: could easily have been an flat thinwire network. And nobody said anything about using IP. Kids today, don't know they were born, etc. etc.

AMD shocks the world by only losing $16m

Richard 26

Re: Read your links much?

...or even the SMT problems we talked about with Skylake last month: https://www.theregister.co.uk/2017/06/25/intel_skylake_kaby_lake_hyperthreading/

Chips have bugs, film at 11. Might be worth seeing if AMD can patch this bug in microcode (assuming it is their fault). You'll be a long time waiting for a faultless chip of this complexity though.

systemd'oh! DNS lib underscore bug bites everyone's favorite init tool, blanks Netflix

Richard 26

Re: Underscore?

They are legal in general in DNS, just not in hostnames. It's a hostname, therefore not legal; although probably not a client's job to reject them (be liberal in what you accept, and all that).

Global Switch suffers uptime blips at London Docklands DC

Richard 26

Re: At least 10 floors for a DC?

Moving out of Canary Wharf is probably a good idea because the last thing you want is a datacentre full of Daleks.

Juicero does to its staff what your hands can do to its overpriced juice sacks

Richard 26

Great company tag line

Jeff Dunn has inadvertently come up with a great tag line for his company: "Juicero, neither new nor relevant."

Someone's phishing US nuke power stations. So far, no kaboom

Richard 26

Re: watering hole attacks?

The idea is that you wait for your prey to come to you: so rather than send phishing mails to their place of work, you target weak spots where they may turn up. For example, web forums where they might hang out, manufacturer sites, etc.

Mine's a pint in my local with the compromised Wi-fi.

UK Parliament launches inquiry into NHS WannaCrypt outbreak

Richard 26

Re: Umm...

No extra cost because the outsourced suppliers just aren't the kind of people who do the minimum their contract will let them get away with.

Bonkers call to boycott Raspberry Pi Foundation over 'gay agenda'

Richard 26

Re: "pushing LGBTQI"

LGBTQIA, do keep up! I think the A was for Alien.

German e-gov protocol carries ancient vulns

Richard 26

‘Never ascribe to malice that which is adequately explained by incompetence.’ is a saying by Napoleon Bonaparte.

It's a saying often attributed to Napoleon Bonaparte but it's doubtful whether he actually said it.

PC, Ethernet and tablet computer pioneer 'Chuck' Thacker passes

Richard 26

Re: I first met him at Stanford ...

@ Graham Cunningham

jake is the Register's version of Forrest Gump. Whatever it was, he was there. This story is more plausible than most though.

Boeing preps pilotless passenger flights – once it has solved the Sully problem, of course

Richard 26

Re: Such a pessimistic bunch

OTOH, there was a few times when I engaged the docking computer after a long mission, gone for a break, and found it making a hopeless mess of the final approach. Even in Elite, the docking computer wasn't foolproof.

Sainsbury's IT glitch spoils bank holiday food orders

Richard 26

Re: There is a simple solution

"and that is go and get the stuff for youself. Even go to other supermarkets. It isn't the end of the world."

It isn't the end of the world but it is annoying to be stuck in waiting for a delivery that doesn't arrive. And your delivery is probably out on the road somewhere, so you can't cancel it. Twitter is a useful tool, not because your groceries are terribly important in the great scheme of things but because it's a good way to get corporates' attention when they don'thave enough staff to answer the damn phone.

Bankrupt school ITT pleads 'don't let Microsoft wipe our cloud data!'

Richard 26

Re: Price googing?

Going through the filing a bit: they have 40 000 students, and what Microsoft are saying is effectively "feel free to renew for another year". That works out at about $60 p.a. each, which is about what an Office 365 subscription costs. You would have thought they would have got a better discount but OTOH there are other unspecified items.

Hackers emit 9GB of stolen Macron 'emails' two days before French presidential election

Richard 26

Re: "far right" is a misnoma

"It seems being unable to spell misnomer is the least of your worries."

I'm sure it comes after "trying to reproduce the transporter accident that brought him here from the mirror universe".

Peace in our time! Symantec says it can end Google cert spat

Richard 26

Re: No.

Closed on January 29, 2016 apparently.

Wikipedia: https://en.wikipedia.org/wiki/Veritas_Technologies

Carlyle Group: https://www.carlyle.com/media-room/news-release-archive/carlyle-group-closes-veritas-acquisition

Veritas: https://www.veritas.com/news-releases/2015-12-21-symantec-and-the-carlyle-group-plan-to-close

Richard 26

Re: No.

"This is a bigger deal for users of Veritas products in the enterprise"

Why? They aren't part of Symantec any more.

Webroot antivirus goes bananas, starts trashing Windows system files

Richard 26

Re: Quarantined *signed* files?

You have a good point but it's not as if compromised certificates and signed malware doesn't happen.

Cuffing Assange a 'priority' for the USA says attorney-general

Richard 26

Re: Is an Australian even allowed to run for Parliament?

According to the parliament site: "A citizen of a commonwealth country who does not require leave to enter or remain in the UK, or has indefinite leave to remain in the UK".

So he might be eligible but more likely he is on a visa, which would have expired by now.

Hard-pressed Juicero boss defends $400 IoT juicer after squeezing $120m from investors

Richard 26

Re: All the cost of a juicer at considerably more of the price (HP printer business model)

In the HP model, a firmware update would make third-party fruit go mouldy.

30,000 London gun owners hit by Met Police 'data breach'

Richard 26

Re: Its all in the interpretation

"in pursuance of maintaining public safety or the peace" is so vague, that this and almost anything else can be justified by it.

Perhaps. It's still a private company though and despite the italicization, no reasonable person would parse the sentence that way.

IPv6 vulnerable to fragmentation attacks that threaten core internet routers

Richard 26

Re: Considered Harmful

Niklaus Wirth, actually. That's editors for you ;)

Thousands of NHS staff details nicked amid IT contractor server hack

Richard 26

Re: NI number? Why?

It is a requirement that your lifetime dose records are taken. Yes, theoretically you could do it by assigning a separate unique lifetime number that all employers and providers of dosimetry service agree on. In practice, the NI number is it: http://www.hse.gov.uk/pubns/irp2.pdf

Yes, mine too. Also innumerable henchmen who work in secret underground bases in a volcano will also doubtless have had their name and address disclosed.

Road accident nuisance callers fined £270,000 for being absolute sh*tbags

Richard 26

"It always has been "innocent until proven guilty", and it has to stay that way, whatever you think of the offence or the people perpetrating it."

Sorry, but your argument is completely misguided. Innocent until proven guilty does not mean the burden of proof is on the prosecution on every point. Plenty of laws operate this way: for example, if the police stop you and ask to see your licence, you don't get to say "prove I don't have one". Likewise if you are speeding and claim it was because of an emergency, the police don't have to prove no emergency existed.

Royal Navy's newest ship formally named in Glasgow yard

Richard 26

At least it's a real ship and not a fixed installation. Otherwise it would be "Who's on Forth base?"

HPE's Australian tax failures may have been user error

Richard 26

In related news

HPE engineers on Scarif warn that attempting to service thir tape autoloader whilst their equipment is live can lead to a catastrophic failure.

Who do you want to be Who? VOTE for the BBC's next Time Lord

Richard 26

Re: Alterangular

"To think about it from the other angle, what kind of Doctor would you need to try and counter the Trump/Brexit age?."

Michelle Obama, obvs.

Tell us about that $1m horse, Mr Samsung: Bribery probe slips deep into South Korean giant

Richard 26

Re: Hmmm

If I paid that much for a horse, I'd expect it to be an invisible one. They are very popular in Korea, or so I'm told.

Kingpin in $1m global bank malware ring gets five years in chokey

Richard 26

Re: Kingpin and man-in-the-middle attacks

" I thought 'money laundering' was taking the proceeds of someone elses drug business..."

That is the conventional meaning: however, you are pretty much committing a money laundering offence when you are a) a criminal, and b) using a bank. Or on a bad day just b).

In this case when you are have mules to withdraw the cash it's not even a stretch to add that as a charge.

Why does Skype only show me from the chin down?

Richard 26

Re: Ethernet fan out

It's probably ever so slightly late in the day to make this observation but there aren't actually magic spots on the cable where you are allowed to make taps. They are merely there so you don't put them too close together.

Oracle finally targets Java non-payers – six years after plucking Sun

Richard 26

I reckon Oracle is run by hostile alien entities that feed off negative emotions. If we all have a few beers and relax over Christmas, perhaps by the time we sober up they will all have died off.

It's a longshot, I know. Worth giving it a go though, I reckon.

HPE 3PAR storage SNAFU takes Australian Tax Office offline

Richard 26

They probably have less formal processes in Oz, instead of a full CAB, they just need to get Bruce, Bruce, Bruce and Bruce to sign it off.

DDoS script kiddies are also... actual kiddies, Europol arrests reveal

Richard 26

Re: Back in September

It's really strange to see Brexiters posting about how much they love EU organizations and how unfair it is that they will no longer be members.

Neo-Nazi man jailed for anti-Semitic Twitter campaign against MP

Richard 26

Re: Two years?

"He'd have received a shorter sentence if he had actually beaten up the guy"

He'd have received a shorter sentence if he hadn't been a serial offender and committed further offences whilst on bail.

NHS IT bod sends test email to 850k users – and then responses are sent 'reply all'

Richard 26

Re: It did not need "reply all"

"Gets Croydon on the map I suppose."

Sadly, Croydon is already on the map at the moment.

Met Police issues £350m tender for future IT procurement framework

Richard 26

Re: Is it just me?

That is more or less what a framework is in procurement speak. Except that the supplier will commit to sell at 25% off list or whatever, and various other terms up front. Google "framework agreement".

Flash crash trader takes plea bargain, cops to 'spoofing' and wire fraud

Richard 26

Re: Though there is no English crime of "spoofing"

Lawyers for the US argued that whilst there isn't an exact equivalent under UK law, what he did amounted to fraud. The CPS probably couldn't make that stick but that isn't (legally speaking) reason enough not to extradite him.

Extradition ruling here:


Uber drivers entitled to UK minimum wage, London tribunal rules

Richard 26

"Now we are gonna let heavy machines hurtle along within a few feet or cm of kids walking to school."

They do that already.

VMS will be ready to run on x86 in 2019!

Richard 26

It's not such a dumb question. The answer is it really depends whether you what you have now is an ancient VAX from the 80s, or a pile of Itanium blade servers with a few TB of RAM. If the former, you could probably replace it with emulation on a Raspberry Pi, the latter not so much.

The money, such as it is, is with the people who have ported from VAX to Alpha to Itanium and would prefer to move to x64 next, and forget the whole sorry Itanium business. I wish VSI luck - insourcing a product from India, and rehiring the senior engineers that HP laid off to give it some love deserves it.