Posts by DaemonProcess

Slow improvements

Things are getting better, slowly. Remember the Chrysler vulnerability of a few years back which allowed root dbus calls directly from the internet with a default password, so that anybody could crash a car remotely?

Computer security as applied to the automotive industry is now being taught at the University technical colleges in the UK, so some cars of the future (e.g. JLR) should at least have better authentication and a chain of trust. But how much of this software development is being guided by this when the cheaper programmers are elsewhere in the world and the directors think that sales depend on features/benefits more than security?

The problem here is that most of these attack vectors involved hacking the manufacturer and getting hold of the credentials from the inside, so it doesn't matter if you have a strong password, trusted certificates or even blockchain tech, people get to your car and account through the front door with that.

So it's more a matter of if, rather than how, hence the PR efforts to prevent widespread panic about car security.

the new standard

Happened to me once.

The only thing more evil than being laid off is being told you are not being laid off but there isn't a job for you any more. Basically forcing the employee to find themselves a new job without being paid redundancy severance.

Ironically I had just saved the company over a million pounds in the previous 4 months.

So I went contracting and doubled my salary for the next 15 years. Ironically my contracting roles tended to last longer than all my permanent roles... a lack of staff appraisal system is probably the reason.

Techies are bad a selling themselves, always better to have a recruiter sell you.

Hurley burly

I saw Elizabeth Hurley tweeted at BA saying she was stuck in Antigua for 20 hours. I was about to say lucky for some but she said nobody had been given food or water or access to a hotel.

31,250 bps - from a Spectrum!

Hi. In case nobody said it previously, well done for getting 31,250 bits per second midi out of a Speccy! And if you kept it all in sync then even better. I struggled to send serial faster than 9600.

price increase

April's big price increases caused a few companies to jump to AWS. GCP also offers some good deals. Azure's growth is partly because Microsoft are forcing customers into it by putting more features into Azure AD and associated products, such as Purview and Sentinel, many of which need Azure AD P1 or P2 to get the full features. Its very hard to fight that in the Enterprise and means a lot of companies feel forced to keep at least a minimal Azure account to integrate all identities.

nasty process

I agree with the report.

Recruitment by the Tiktok generation for the Tiktok generation.

kill me now

Sorry, that should be kill -9 $ME and I don't care what gets left open and hanging.

or in WSL: sudo systemctl stop $MYSERVICENAME and maybe it will stop it or maybe it will complain and leave it running.

Now if systemd could go a bit further into Windows it could improve the powershell horror

the amount is an issue

Crypto.com have been laying off staff.

Interesting to note that for a large sum of money they are willing to go to the court to get refunded in dollars, yet when a user of their exchange makes a mistake that loses tokens Crypto.com are unwilling to accept any liability.

For example I transferred my last 1 Eth from Crypto.com to my coinbase Eth wallet, something I had done a few times before - except that being very tired I stupidly accepted the "default" option of using the Crypto,com owned chain "CRO" which means that my Eth magically vanished from the world.

Yes I accept it is my fault for not being careful enough to assume they would try to dupe me.

The fact that the same target wallet address on the cro chain isn't owned by anybody individually means that Crypto.com have my Eth by default and will not send it back.

You cannot reverse crypto transactions. It's also very hard to get support from any crypto exchange and harder to start legal action when they are based offshore.

Some good advice came from someone above, always test transfer the minimum amount and check it gets there before you send the rest.

In other advice, I'm right out of crypto now, back into shares - caveat emptor.

Asimov

So now we know where to put Robot Daneel Olivaw.

insistently dumb

Every week I hear of users who _demand_ to open any email and attachment they receive. Regardless of all the security training they get. Then they say it's our fault for allowing malware through. The question is... what legally constitutes enough protection these days - 3 different AV scanners, sandboxes, what else?

proof

As stated it will be bring proof that a transaction has taken place. Hopefully a weapon against fraud and corruption by officials and private individuals. But only if it has been designed properly with no single control over the chains.

The 1 party system puts all the power in 1 place with 1 single version of the truth, including re-writing history.

hate them

what a total waste of time. Embarrassing. Hurtful. Stressful. Darwinian. Only the most persuasive survive. Large employers only run them to quantify who to lay off with some data that they think can stand up in a tribunal. No other reason. Same for 'objectives'. If you do your job and your manager is happy there doesn't need to be anything else. Its when your manager isn't happy that they want data to kill you with.

Thanks

Bless these guys for my 33 year career in IT, I would probably have been digging holes in roads otherwise.

ID theft

NCSC recommend stopping SMB2 where possible, also. Unfortunately it shares Windows internals with SMBv3 so cannot be disabled in your registry without also clobbering SMBv3. I don't know if NFSv4 is any better, but a lot of devices won't support it out without re-configuration.

Now that 1gbit broadband is becoming more common, a lot of these home NASs will be replaced by Cloud storage. The only thing stopping me at the moment is the pathetic 1.2mbit/second uplink speed.

Your home NAS may also photos / scans of your passport, driving licence, utility bills and bank statements someone in your house once needed to apply for something.

Yes it needs to be secure, encrypted and protected from all access. I use a mirrored pair of USB drives on a raspberry pi with nft protection.

Preferably behind a 2nd firewall because you shouldn't trust the broadband provider's router/firewall to be right up-to-date with patches. I just discovered my Sky Q router has a 2nd non-visible set of firewall rules that we cannot see - for example try blocking 10.123.234.1 both ways and then point your browser at it - yep it still works and sends you out to the internet. There's no way of knowing if that is a second chain or forward/pre-routing rule, or what else they have hidden from us. I don't even know if my rules to stop UPNP are worthless now, because it don't have anything that uses it.

high cost and accounting

The Sunguard place near Heathrow is basically a huge American design. I can't believe they did a sale and lease-back on their own design. Given the huge amount of debt these companies happily run, they would have been better off owning it under a commercial mortgage. The building would be worth more and their balance sheet would be much better, but accounting principles....

Also the nature of the recovery business isn't helping them - they have to own and operate old kit - many items are off mainstream support now and they are not power-efficient - e.g. small capacity spindle disk drives and old slow CPUs.

As for barbers - the town centres have been gutted by Amazon and Ebay - only service industries such as beauty and food remain, where you have to be on premise. Ok I will make an exception for estate agents but that's only because their profit margins are obscene.

cryptus cunning lingua interruptus

Go back far enough and the idea of purchasing an operating system for your computer was optional. The manuals described the hardware architecture, processor registers, i/o processing, data storage formats, switch functions etc. You could purchase an o/s or write your own in any language you could write a compiler program for.

Fundamentally at a low level, the o/s language needs to able to cater for operations direct in CPU registers with specific hardware instructions, shared memory segments, the ability to read from / write to direct memory addresses, indivisible (test+set) instructions, interrupts,volatile latches or semaphores at known (fixed) addresses. Most languages these days try to abstract all this away from the possibility of harm. As CPUs these days are gaining more high level instructions (e.g. AES, TLS) then the number of languages to support it all reduces.

Big sparks

I personally witnessed a 3 foot spark between the phone line and the central heating when our house was struck by lightning. Surge protectors are fine for protecting you when someone else in the area has been struck but not much use when you yourself are struck.

The surge down the phone line blew up much of the green junction box before the line was broken/vaporised. I guess electricity can flow along liquid metal for a microsecond. A strike is several 3-15 consecutive rapid strikes down and up as the potential balances out between ground and sky. All this time it is seeking other ways to find ground. I witnessed plasma glowing up the standard lamp and it also blew our land line phone right up the stairs.

The question now is whether anyone has had a strike blow up the diode on the end of their fibre connection. If it sits in a metal box which is earthed I guess the answer is yes and if situated close to ground then a constant stream may also melt the thin fibre strands at point of connection. I once got one of those stuck in a finger - worse damn splinter ever due to brittleness. Dont ever breathe them in.

Local Wimax had been installed in our old French village for those people STILL stuck at equivalent to isdn speeds on their adsl. It works well, but would be even better if the church would only allow the aerial to be moved to the side of their steeple.

I certainly feel for the people in rural Australia and USA who are stuck with monopoly suppliers and terrible customer service. Starlink is a disruptor if you can also afford battery backup and that isnt fried. A solar panel and Powerwall set-up would be useless after a strike, which would start by blowing up the control circuitry and then fry wires in all of the panels. Our strike travelled 30 metres down the shielded electric cable through the garden and took out the light in the garage on it's way to the remote earth connection.

Monero not so secret

The fact that they tried to hide behind the ultimate privacy coin Monero and were still found out tells you something about the crumbs you leave behind and watching out for the big picture, not getting too confident in your mathematical cryptography.

Maybe the size of the trades. It may also be related to a reverse audit of the found BTC - get the details either side and dont worry about what went on inbetween.

In the UK you can be forced to reveal the source of your sudden wealth or have it seized. Other countries just take it or torture you and your family until you hand it over.

VAT

One key difference between private and public sector contracting is the public government sector VAT effectively goes in a loop - outside IR35 contractors in government charge VAT from the government (through an agency) which is re-paid (minus the purchase VAT which isn't much for contractors).

For the private sector the government effectively gets new money out of VAT, therefore more income from the economy.

Therefore the gains from IR35 inside government world are limited to increased PAYE (tax/ni) less a reduction in dividend tax, which Sunak increased recently.

harder to use more features

I started pre-Windows, used Windows 1.0 (program manager or file manager camps and Mah-Jong appeared), then 2.0 (a bit more colourful and more fonts), then 3.0 (big changes because you got the Smartcache under DOS 5 which really helped it move, then 3.11 which was more business focused.

After that I think Bill realised that he had to start taking stuff away at the same time as giving new features, so that something that used to be simple to change required 2 sub-menus and an Advanced button press. He needed to keep giving people a need to upgrade to keep the cash rolling in.

I downloaded Linux at that point in 95 ( 13 hours over a 33k modem with X11 ) and have been running them both side-by-side.

I liked XP especially for games, but it was 32 bit and a half with that annoying 3GB memory limit (why not 2 or 4 signed or unsigned I don't know).

The other feature of Vista of course was the very annoying double-confirmation pop-ups, which was thankfully fixed in 7. I liked 7. 10 I think was a step backwards and my jury is still out on 11, apart from of course yet more things being unconfigurable in Control Centre.

scope

Do ensure that all of your essential systems are covered by the UPS, DR processes, backups, even documentation...

I did once hear of heartwarming successful UPS tests, building power-cycles and application recovery tests for a company - BUT when the power to an office building cut out they discovered one particularly important infrastructure server was still sat under somebody's desk from 15 years previously and had been forgotten about. Bringing down everything else had never tested this part because up until that point it had stayed operational.

As for loud bangs and flashes, our house was once stuck by lightning. The land line phone was blown right up the stairs as was one neighbour's phone. Clocks blew up as did the TV. I saw plasma glowing around bedside lamps. There was a 3 foot spark from the phone system to the central heating system, which told me that simply switching off or even unplugging probably isn't enough. I even distrust lightning surge protectors now, although to be fair if someone else's house in the street is hit it may help. Our strike even blew up somebody's expensive HiFi valve-based amplifier which was left on permanently - he lived 6 houses away. What saved us was the cast iron Victorian guttering to ground. The only building infrastructure to need replacing was a vertical line of roof tiles from ridge to gutter.

Resurrect Goonhilly

We should never have chopped Goonhilly in Cornwall. Putin is already threatening to chop our internet cables and our gas over Ukraine.

Of course, these days, it would be better to have 1000 micro-Goonhillies communicating over Starlink or similar.

WSPR anyone? :-)) We will soon be back to short wave and the Lincolnshire poacher.

+O9

Well I have seen large (300%) gains from optimisation, partly from profile-based and partly by letting the compiler go to the max and also enabling linker optimisations. Most developers go for fastest compilation, put whatever is working into test and then nobody wants to change anything for production.

Some optimisations can even effectively re-write source code so that +3 and then +4 gets turned into a single +7 machine instruction.

What cannot improve though is dependency on i/o. A single stream will not go any quicker; - but you will probably be able to run more processes in parallel and have them all blocked on i/o... This is have also seen, but not since 20 years ago.

So, yes, I can believe gains in non-i/o bound cpu-hoggers, such as ML learning in memory, but not for anything much else.

1 vs 3

Airbus - 3 sensors - more cost - but a far more reliable quorum.

Boeing - 1 sensor - cheap - Donald Ducked.

When my car window had a short-out the polarity (hot-cold) of my heater controls was reversed. Weird things can happen when electrical parts go bad.

When one goes bad out of a pair then it's hard to know which is right. That's why you need 3 of them.

The same is true of piezo speed sensors (Air France from Brazil icing).

Loving all the comments.

decryption

Since these techs are based on 256-512 bit hashes and public/private key cryptography, I wonder how long it would take a re-programmed mining farm @ 2000 terahashes per second to actually decrypt some of these public keys so the large wallets (even off-exchange ones) are cleaned out. I also wonder whether any state has already started this effort into producing new ASICs for the purpose.

As for NFTs being useful, to me they are just like Tamagotchi or Pokemon trading cards - on the face of it useless and worthless apart from collectors and they will sooner go out of fashion. I never saw the point of it. Maybe a company will NFT it's software releases one day, to replace certificates.

The other problem I have with the Crypto ecosystem is that so much of the 'use case' is based on financial services itself - a massive house of cards.

It's ironic that some of the pegged stablecoins like Tether and co are the ones being targetted by the authorities because those surely have better integration capabilities to the real world - hopefully each government will sort out it's own digital 'denarius' (=10 asses) soon, once they have got beyond quantum decryption worries and the fact that transactions cannot easily be reversed without owning 51% of the market cap etc.

In spite of that I find the article to be full nay-saying without backing up with much evidence. To help further argument I have to point out that crypto fraud is less reckoned to be less than 10% of the value of currency fraud (e.g. trillions in tax havens, billions stolen by corrupt leaders and banks themselves laundering hundreds of billions (e.g. Danske bank 200Bn told by this guy in this youtube video /v=f8iPIV9cBAs ) Also that the banks themselves now hold hundreds of millions of dollars worth of crypto for themselves and clients.

Vertu us?

I wonder what happened to all those Vertu Nokia's that were comparatively expensive back in the day. I also wonder if the people who bought them actually care.

so not fast enough for a bug ?

I wonder if anyone already thought of using that tech for a remote bug device. Instead of RF EMR you have radioactive particles. DIstance / rmeote source?, detection, power, bandwidth, etc...

memories

There was a Tron-like Spectrum game called Blind Alley which had the most recognisable sound on tape. I could identify that from about 3 seconds of audio, when fast-forwarding through my tape player.

One thing I did manage once was to use 2 tape recorders and a phone call to transfer a program to my mate round the corner, with a simultaneous SAVE and LOAD and some silence it worked like a non-flow-control modem.

Mareva order

There used to be something called a Mareva order to freeze assets anywhere in the world that does accept UK high court judgements. So with a judgement under their belt the solicitors may be able to trace the hacker's money to an offshore location and seize it - or even attempt to seize an entire global blockchain of crypto currency if the hackers use that (probably). It would be fun to watch them try especially with a de-centralised project - 'all your mining and validator nodes belong to us now, that's 2 trillion usd' and you have to stop them all from transacting and rewind everything to yesterday morning when the order was signed. Not mathematically possible.

Quiet victory I hope/

I hope the companies don't eventually win because because they will use high court judgements to put groups of more expensive employees outside of regulatory protection. I would suggest they get their MP to ask a question in Parliament but that wouldn't change a thing with the current mob who really want to remove employment protections. Ultimately TV and other mass media may be the employees best bet. I also suggest intensive cloud training like the rest of us.

unable to delete either

In the beginning I was stupid enough to try the Lightsail service of "quickly" standing up a server. ( Little did I know that its actually easier to do it all yourself and

it's easier to understand ). Then when I tried to delete it as my ROOT account it told me that I didnt have permission to do this. But...er... I'm root and can delete anything can't I? Well a few queries into the forums found some very smug unhelpful people who said that I had to do some advance IAM to grant my root account the permission to delete what it had just created. This is another way that AWS tries to lock you in for good. Cloud is more of the same old IT business of the past 40 years - vendor lock-in is top priority. I've closed the account completely now, gone to the opposition.

too late

Yes this was needed by IBM about 13 years ago, they would have kept more customers if they had had the vision and weren't run by accountants. The internal MF lobby high up in IBM's US management is too powerful and even today is continuing to de-relevent (see wot i did there?) the company as a whole - by saying that people still have a route back to MF if the required performance can't be met. They haven't got a clue. Desperately holding on to the 1970s. Actually in 1989 I was briefly a COBOL programmer, you kind of get into it and it can be enjoyable up to a point.

51% attacks, de-fi, tracing/fungibilty

For a start, the blockchains are hackable if you can get 51% of the vote to roll-back transactions and insert your own. This has happened in a couple of cases, e.g. "ethereum classic". However these are publicly available audit-logs, so everyone will know that it happened.

What is more likely is that your NFT's blockchain will simply go out of use in 10-20 years time, to be replaced by something else, so your 'provenance' turns out of be worthless by the year 2050.

Secondly on fungibility Bitcoin is a token which is fully traceable - a multi-million dollar industry has built up in tracing every transaction through every wallet. This means that if you buy some BTC off a dodgy exchange you may end up with a coin that was created and previously used in funding crime and is therefore subject to confiscation by the authorities, together with a nasty audit of yourself. They may be fungible in theory but you had better know who had it before you or else buy through one of the big exchanges that are approved by the FDA/FCA. Only the deep cryptography tokens like Monero offer the best fungibilty and many exchanges are getting out of that because that's the sort of token the dark web prefers.

On the subject of using certification (private/public) instead - the difference with modern blockchains is full de-centralisation (de-fi) which means that they aren't in theory capable of being taken-over by someone gaining control of the root CA because there isn't a root. Transactions must be approved by an accepted number of nodes. Bitcoin is terrible for commerce because of 500+ nodes need to approve everything so it takes hours to do anything. Other modern sharded chains hope to fix this in the next 2-3 years. It's still early days and largely you are betting on a lack of bugs, quality of testing and market take-up. In my opinion there is a lot of FUD being thrown around for and against this, but the tech is incoming regardless.