Posts by I Am Spartacus 307 posts • joined 17 May 2012
"Our investigation found that your name, email address, and travel details were accessed for the easyJet flights or easyJet holidays you booked between 17th October 2019 and 4th March 2020."
But I haven't booked a holiday with EasyJet for well over 3 years. Certainly not between 2019 and 2020.
Me thinks the greek complains too much.
It was interesting when I looked as the Oxford University app. I am somewhat anally retentive abuout EULA so I downloaded theirs. Oh, yes, lots of happy-clappy statements about how safe the data was, how it won't be misused etc. And then it came to who they will share data with:
Amazon
AWS
MailChimp (and here comes the spam)
....
This list goes on. Unfortunately, I can't find it in the app store to confirm all of this. But safe to say, I was extremely concerned.
The issue is not how long Hello World is in Cobol (it's 5 lines, if your asking).
No, the problem is how long the JCL is to compile it on IBM/MVS - that can be twice the size of the program. EASILY!
Oh, and only truly experienced programmers remember that the compiler was called: IGYWCLG
Like you, I was glued to the TV and my little transistor radio. I had watched as Apollo 8 went around the moon in wonder and awe. I woke up at some ungodly hour to watch Armstrong and Aldrin walk on the moon. I was a child of the space race and it never, ever gets tedious.
I just rewatched the movie, obliviously knowing the ending, but never getting bored by it.
And yes, I highly recommend both of Kevin Fong's podcasts "13 minutes to the moon". The testament of those who are played out on the screen is fantastic, chilling and inspiring.
Whilst I agree the steps are necessary, and that the moon is likely to be up there for some time (assuming Seveneves was not a prophesy), there is a problem. The James Webb space telescope was already running behind schedule and is fighting to make a launch window. If it misses the window, I don't know when it will launch.
If budget cuts happen (looks likely) then its just possible JWST could be another victim of COVID
With respect to the cruft that develops over time, Monzo say that they include metrics with each of these microservices. This means that they can detect what is cruft by monitoring what doesn't get used. They can then decommit those services that become unused over time as business models change.
Furthermore, if they record which services do get used a lot, and which are slow to deliver, then they know where to spend engineering effort to optimize.
I actually think this is very smart indeed.
Hat tip and a virtual pint to Monzo.
Yeah, loved working on the VAX. Ours was an 11/780. VMS was a sweet joy after working on JCL and HASP.
We did have to satisfy one user who point blank refused to have a terminal. He only used punch cards. So I think we had one of the few VAXen with a card reader and card punch, and still had to retain a very noisy manual card punch.
That is indeed true.
It is also true that writing RIST code is not easy. It is very hard indeed, and requires taking a step back from what we normally consider the way to do things in languages like C, C++, C# or Fortran. In RUST memory has to be treated with respect. By comparison, if you treat memory with respect and code to RUST's exacting standards, the compiler will created and guarantee memory and thread safe code for you.
But if you start saying that this is just too hard, or too slow, and that you know best, you can quite easily create UNSAFE code that basically tells the compiler you know best. Sometimes you have to do this, for example when interfacing to raw block structured devices. You have to map the memory array in to a RUST structure and yes, you do know best.
But if you do this in application code, you are building a product that breaks the contract. Users will take your library and rely on it, because, well, it's written in RUST, so if it compiles, it will be 'safe' (for what the RUST compiler thinks is safe). But if it turns out that its not thread safe, or it doesn't play nicely with dandling pointers, etc. you are leading the users up the garden path.
So, a better approach would have been for those people who wanted a RUST safe version of Actix to fork the project, correct what they perceive as coding errors , and benefit the whole community.
I know you're going to take some stick for this, but I do see your point. Personally, I dislike doing too much of anything in the browser, and certainly nothing that can be done on the server. Only things that really need to be done in the browser should be done there.
Mine's the one with Thymeleaf for Profit in the pocket.
AT Uni we ran a couple of old IBM 360's but they didn't run TSO or CICS, they ran the Michigan Terminal System MTS. This was an OS designed for connecting a whole load of dumb terminals to a central processor and act as a timeshare system.
That's all well and good, but they gave us access to the OS source code. Computer Students, beer at 17p a Pint, time on our hands, and source code: What could go wrong?
What went wrong was when we found an undocumented command that allowed us to send messages to the central operators console, an IBM 3270 connected directly to the processor. So, a bit of experimentation with IBM control characters, and we sent the commands to clear the Ops console and write four words to it: BIG BROTHER IS WATCHING.
Who knew that the operators were unionised, and in a dispute with the University? They just got up and walked out.
And we got our knuckles severely wrapped for that jape!
Last year I got a call. On News Years Day, hung over from the night before. Lying on the sofa, not really doing anything and the mobile goes.
It was someone I shall call Paul, because that's his name and I don't see why he shouldn't go unpunished. He wanted to quiz me about a problem that had occurred overnight when the clocks changed. One specific application I had something to do with was giving weird error messages.
At first I had no idea what he was on about. But. after listening to him cour a couple of minutes, I realised what he was on about.
"Err, Paul, you do know I was made redundant by the company, don't you?"
>> "Oh, really? When was that?"
"Three years ago."
>> "So, can you help me anyway, because your mobile is still in the on-call list".
I suppose I shoudl be proud that the app had run for 3 years with no calls required!
My son managed to poor a can of Fosters in to his X-Box. Of course, it didn't work at all after that and naturally he was devastated.
So, we looked through you tube, and carefully disassembled the drunk gaming console, cleaned the boards and connectors with de-ionised water using Q-Tips. Dried it out overnight, reassembled it and lo --- The damn thing actually came back to life.
Icon, obviously
Next door to me, and one letter different in address but a different post code was a care home. Postie was intelligent and knew that post not for Mr and Mrs Spartacus went to the care home.
I can't get this changed because Land Registry and Post Office have two different post codes, one of which is mine.
Then the care home shutdown and postie retired. Our mail is now delivered by a man with a van and changes every third day. He has no idea that the letters are not for Castle Spartacus at all. The residents of the care home were there because they couldn't cope with such details things as change of address, so when they moved they just keep the mail coming through to us. The home is barricaded now, so all post comes to us.
If you think its hard getting your own address changed, imagine how hard it is getting it changed for a care home and 30+ residents.
The absolute worse was some years ago, when we had a repeated knocking on the door late at night. When the y refused to go away, I went down to see who it was expecting a child who had locked themselves out. I found six men in black suits, black ties and a coffin - "We've come for the body". I almost went full BOFH and gave them one for them to take away.
Not necessarily fishy.
You have something I want. I have something you want. We jointly agree that both are broadly equivalent in price, and that the price is $X. I arrange to buy your product today and pay you $X, provide you agree to buy my product and pay me $X in, say, a months time.
It's only fishy if either (or both) of us decides we don't actually want or need the others product and quietly can it. That would be fishy.
However, we could always claim that we thought we needed it, we purchased it, but then our business changed and we no longer needed it. Proving that was the intent will be challenging.
I worked as a compliance manager on a national infrastructure project. I was chosen for this because, as I contractor, I was expendable if it all went bad. I could be the sacrificial lamb. I was warned the auditor was coming and so was duly prepared.
Said auditor arrived at me desk and immediately asked to see my copy of the compliance manual. So I asked for his ID and letter of appointment. He gave me a card from [insert name of big 5 consultancy here] as his ID. I tore that up, threw it in the bin with a comment "that's no good, I can get those done at ProntoPrint for a tenner". He fumed and offered to call my boss. I duly invited him to do so, and when boss arrived to find out whats going on, I explained that this man claimed to be an auditor and wanted access to the national infrastructure compliance data. I had refused, because under standing instructions, I had been instructed only to provide such access to people identified to me by senior management - that was above my bosses pay grade. As I had no such instruction, I was therefore refusing access. Politely, but firmly.
Boss told me to give the auditor access. I refused because he wasn't on the authorised list to see the documents himself, let alone grant access.
Auditor fumed and said I was being unreasonable. My boos, reluctantly and through gritted teeth confirmed that actually I was obeying my remit, just rather for forcefully than he ad anticipated when I was handed the poison chalice.
Audit was forced to go away, obtain a formal letter of acces approval, and make another appointment.
I awarded my self a BOFH beer that lunch time!
I was in the US, Houston to be precise, to demo a piece of software that relied on the internet - as in, it was hosted on web servers. Got to the board room, with all the fresh faced young hopefuls and a wizened older guy (WOG) wearing , I kid you not, cowboy boots and a stetson.
WOG: So whats this network software, let see it in action.
ME: Sure, can I have the wifi password please?
WOG: No - thats a security risk, we can't let you have that.
ME: OK, let me connect via 4G then
WOG: No, the building is shielded against cellphone signals. Can't have the traders doing deals on phones that aren't recorded.
Me: Then can one of you log in and I'll demo on your laptop?
WOG: No. There are no network cables in this room (security again) and anyway, we block all sites that are not explicitly white listed.
ME: Err, this demonstration is not going to get very far, is it?
WOG: Pretty shit software then, isn't it.
The meeting deteriorated and I didn't make the sale.
Calling Asange a journalist is stretching the point beyond breaking.
He doesn't report things. He simply republishes what people have sent, often illegally, to him. Now, if he had read the leaks from Manning and redacted names, places, dates etc. he might have a fighting chance of being a journalist. But describing him as a such demeans the whole of the fourth estate.
Like me going in to do a demo for a very large trading company, only to find that the only projectors they had were circa the turn of the millennium and only supported a 640x480 VGA display. Their desired configuration on the desktop was two 22" DVI connected monitors. It didn't go well.
Or the time we went to demo the software to another oil company. This was a web-based document management software. But they would not provide us with a PC or laptop, refused to let us connect to the wifi, and the building was Faraday shielded to block cellphone signals. That demo didn;t go at all!
I totally agree. This form of optimistic speculative execution, with no cache erasure on non-use, is ridiculous. Where was the peer review when this was done?
This is a fundamental flaw in chip design.
If this was a car we would be seeing punitive damages through class action law suites and a massive, world-wide recall. What we got from Intel was the equivalent of "I know we told you the car could do 70mph, but to be legal with emissions you can only do a max of 30mph. OK?"
I said this at the time - we need to look at the chip designs from the ground up. There is a lot of cruft in the X86 design that simply does not need to be there in the 21st century. Only IBM had a real go at this with the Power Series, and proved that low power, high speed chip could be built. Then you can have the performance without all this dicking around in speculative execution horror.
When I was a contractor I was advised my my accountant that I needed to spend some money from the company because otherwise we would have net profits that hot a tax band. We were going to lose the money one way or another. So, best to spend it ourselves, Right?
So we organised a research trip to investigate the effect of distant nuclear fusion on granular land/sea interfaces.
And that's how I got a holiday in the sun on a beach rather than paying tax.
a/c - OBVIOUSLY!
Long time ago, on a DOS system, I was talking to a new colleague whilst he insisted on typing on the new PC we had provided. Not being totally computer literate, he has was talking to the computer rather than listen to me. At one point he typed that immortal command:
c:> del *.*
I asked him to check what he had typed. t. He looked at the screen and said, to the computer "I didn't mean to do that". Sure enough, DOS repsonds with "Are you sure?". "Yes", he replied, "I'm sure I didn't mean to do that".
And that is why I spent the next hour or so searching for the install floppies and rebuilding his PC and all the application software.
My Y2K nightmare happened on 1/1/2001. It seems the billing engine on the so called "intelligent network" device decided that 1/1/1 was a test day and started tossing billing records in the bin. Somewhere, some people has a great January as we had no data to bill them against.
I was 10 at the time. It was one of the most amazing feats of human engineering I had seen up til then. I have posters of Apollo 8's mission on the walls of my bedroom. My best friend at the time - whose name I have sadly forgotten - and I spent (wasted?) a fair amount of school time working out how we could make models of the command module, with consoles and seats, out of paper and glue!
They keep a lens cap on to protect the under-deck camera from the dust that blown up during landing. They have 12 descent rockets, firing in pulse mode, to bring the lander down to walking speed. That kicks up quite a bit of dust. So they have a lens protector that will be jettisoned today, all being well.
A better photo is from the camera on the robotic arm on top of the deck.
Well done JPL. I watched the 7 minutes of terror yesterday, and had to keep reminding myself that everything we saw 'live' had already happened 8 minutes ago.
But el Reg? Utter Fail. The headline says that Mars Insight beamed back it's first pictures from Mars, but el Reg uses a stock photo of the ground based duplicate lander.
Score 1 for the article. Lose several 100 for lazy journalism.
Home users and SOHO deployments use router / modem devices to interface easily with their broadband supplier. It's simple: you buy your broadband from your favourite network supplier and they send you a modem that you plug in to their socket and it's up and running: Robert is you mothers brother.
To try and then say that this is also a firewall is nonsense. The vast majority have extremely limited firewall capabilities. Many only support limited port forwarding.
And in the main, this should be fine. Little Johnny, playing call of duty, only needs a port open to the game server, which he opens. Little chance of hacking this line, and provided the network initialisation is such that the game can authenticate the game server, and the game server can check that the game is not a hacked version, all should be well.
Two problems remain:
The first is that the router people throw in a wifi hub for free. Oh, look, it's easy, I can use my [insert name of PC, tablet, smart phone, IoT device here]. And this is whats wrong. The user has sacrificed all security because they want easy access. Get the phone to open up some of its security (Yes, Android at the back, I'm talking to you here, and Windows, you can stop sneering as well) and then you have a real problem. It's not the router per se that is at fault, it's the users. Most will never even know that their internal network is now part of a botnet.
The second problem only comes when someone wants to open up the ports (email server, web server, etc) and run these at home. Then you need some sort of firewall capabilities. And some really hardened, trusted software for your server.
The final problem is the remote administration. WHY did anyone think that this was a smart thing to do on a cheap router? Unless it is protected by some form of 2FA, any supplier who sells their products with remote management even available, let alone enabled, should really be taken out and beaten with a club until they can understand the risks involved.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
SUBSCRIBE
Biting the hand that feeds IT © 1998–2020
