* Posts by HildyJ

935 posts • joined 2 Nov 2012

Page:

Bad news: Your Cisco switch is a fake and an update borked it. Good news: It wasn't designed to spy on you

HildyJ Silver badge
Facepalm

Still Cisco

It might be good that they weren't designed to spy on you but it should be noted that the kit was able to work for so long because it used "previously unknown vulnerability in a security component, to defeat this Secure Boot process." Cisco being Cisco.

Cornwall councillor suggests authority paid £2m for Oracle licences that no one used on contract originally worth £4m

HildyJ Silver badge
FAIL

Re: Information and Experience Asymmetry

You forgot to add -

Red corner will promise that their software can meet all of blue corner's requirements.

Red corner will use every change, no matter how small (and all contracts will have them) to demand a contract mod with an increase in cost (and probably due dates).

Disclaimer - none. This is reality.

As the FCC finally starts tackling its dreadful broadband maps, Georgia reveals just how bad they are

HildyJ Silver badge
FAIL

Ajit Pai

Ajit Pai and his cronies aren't interested in regulating anything. They are only interested in deregulating and issuing press releases to show how well deregulation is working, whether or not it's working in practice. FCC reports have become the epitome of fake news.

Citrix denies dark web claim of network compromise and ransomware attack

HildyJ Silver badge
FAIL

Trust

Due to the problems mentioned in the article (and others), I have a low level of trust in Citrix.

A step to regaining trust would be to be open about this. They should name the third party and describe the attack and the changes put in place to prevent this in the future.

With a wave of Nokia's wand, behold as your 4G network magically becomes... 5G

HildyJ Silver badge
Holmes

Re: Whats not to like ?

I'd like to see real world speed tests before I'd 'like' it.

As I understand it, they will enable 5G protocols to run on 4G bands. T-Mobile in the US has deployed low band 5G equipment which runs on bands similar to 4G and, so far, the speeds are similar.

At this point it sounds like a way for carriers to claim they offer 5G, probably at an increased cost to consumers, probably with noticeable benefits.

Four years after swallowing Arm Holdings, SoftBank said to be mulling Brit chip biz sale

HildyJ Silver badge
Angel

Re: Here’s a thought - UK.gov to purchase

"(Just trying to see whether we can peg the pedantry meter in this thread.)"

Since that's not a complete sentence (as it should start with "I'm") it should not include the period.

(I'm just trying to help.)

Burn baby burn, infosec inferno: Just 21% of security pros haven't considered quitting their current job

HildyJ Silver badge
IT Angle

Re: Where to get competent staff?

Keep in mind that resumes get screened for experience and not what they learned from that experience.

To be successful you need someone who is intelligent and motivated because you can train them, assuming you have a training and mentoring program set up.

Of course this requires management buy-in (and budget).

Google employs people to invent colours – and they think their work improves your wellbeing

HildyJ Silver badge
Facepalm

Re: we brought back the green color, Quite Mint, which is my favorite

Green will forever be associated with institutional green walls that are supposedly calming, green and brown office carpet that doesn't show stains, and green beer for St. Patrick's Day. All of these are disgusting.

York Peppermint Patties are near black and near white. Case closed.

You've think you've heard it all about automation in technology? Get a load of this robot that plugs in cables

HildyJ Silver badge
Facepalm

Re: USB

Or can it tell a Mini USB, Micro USB, and USB-C cable and port apart?

Pakistan pitches ‘most relaxed tax structure’ in the world to tech investors

HildyJ Silver badge
Facepalm

Nut butter

Since when have religious mutters (or corruption) been a barrier to multinational investments?

Multinationals have experience in blending the nuts into a smooth butter they can spread on their profits.

Japanese probe to land asteroid rock sample in Australia on December 6th

HildyJ Silver badge
Pint

Joking aside (if that's possible on ElReg)

Hayabusa2 brings to mind the Grateful Dead's "what a long strange trip it's been."

The trip out seemed uneventful and the rovers worked as expected but then it took them a year to find an appropriate sample site on an asteroid only 1km in diameter.

One hopes the return will go back to being uneventful. Kudos to the boffins who designed and managed the mission and a pint in anticipation of it's successful completion.

Guilty: Russian miscreant who hacked LinkedIn, Dropbox, Formspring, stole 200-million-plus account records

HildyJ Silver badge
Thumb Up

Just a side note

The FBI managed to track him down without a backdoor (or facial recognition).

Just good old fashioned police work

Detroit Police make second wrongful facial-recog arrest when another man is misidentified by software

HildyJ Silver badge
Big Brother

The real news

The real news would be the times facial recognition actually worked correctly.

That would be something the police and the software company would trumpet.

The silence tells me it has never happened.

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now

HildyJ Silver badge
Angel

Wishy washy

The replacements for master and slave don't seem to capture "do what I say or die" spirit of the original.

How about dictator and minion?

The world's nonsense keeping you awake in middle of the night? Good news. Go outside and see this two-tail comet

HildyJ Silver badge
Pint

Re: "For the UK, the comet is circumpolar"

Not to mention that the light pollution from ElReg's readers' collection of devices will wipe out any chance of seeing it even if the weather cooperates. Which it never does.

Yet another event that we'll have to "experience" via someone else's pictures.

Cheers to the comet for avoiding travel restrictions.

If the Solar System's 'Planet Nine' is actually a small black hole, here's how we could detect it... wait, what?

HildyJ Silver badge
Pint

Re: Ah, so 5-10 *earth* masses

It will go boom around Friday at 17:30 (using the astrophysics understanding of "around"). But given the speed of mass loss due to Hawking radiation, that will happen gazillions (to use the technical term) of years from now. However, in the interest of science, I am willing to raise a pint each Friday, and the rest of the days as well (just in case), until it happens.

HildyJ Silver badge
Holmes

Re: Five to ten EARTH masses

Black hole collapse happens in fractions of a second and happen inside the star's outer corona. The first thing we see is the shock wave from the collapse hitting the outer corona. Voilà, super nova.

HildyJ Silver badge
Devil

Re: Great just what I need in 2020

Worse - Gigli Revisited

Tata Consultancy Services says pandemic's most powerful punches landed in Q1 - and it's still dancing

HildyJ Silver badge
Facepalm

Re: They're some bunch...

TCS, like many Rent-A-Developer companies, seems to use its contracts for on-the-job training of its developers.

Also I fail to see how Q2 is going to be an improvement unless their fiscal year doesn't start on January 1st.

Digicert will shovel some 50,000 EV HTTPS certificates into the furnace this Saturday after audit bungle

HildyJ Silver badge
FAIL

Due diligence?

I feel for the users caught in this but I can understand the time frame which was put in place because of the prospect of false, malicious EV Certs.

Digicert, OTOH, I have no sympathy for. The company should be punished, severely, for failing to exercise due diligence in verifying ICAs in advance of their issuing any certificates, much less 50,000 of them.

A volt from the blue: Samsung reportedly ditches wall-wart from future phones

HildyJ Silver badge
Facepalm

Re: Orphans

And Anker sells their intelligent fast chargers starting at under $10. Still not convinced I need a new one.

Mind you, it would be nice if Samsung (and Apple) reduced their prices a bit. Like that will happen.

HildyJ Silver badge
Thumb Up

Orphans

Everyone buying a phone, with the possible exception of orphans at an orphanage, already has a charger or lives with someone who has an extra charger.

The production of chargers uses electronic components and plastic and creates electronic and plastic waste. The inclusion of a charger requires a bigger box which increases shipping, warehousing, and inventory space and their environmental impacts.

Unless the charger does something special (and I have no idea what that might be) it would be a good thing if all phones shipped without chargers.

FYI: Someone's scanning gateways, looking for those security holes Citrix told you not to worry too much about

HildyJ Silver badge
Facepalm

And I'm supposed to be surprised

It's news and should be reported.

But, really, didn't we all see this coming when ElReg reported the original story yesterday?

Road trip on Mars: Thrill as Curiosity rover races up to 0.06 miles per hour. Marvel as it takes a mile-long detour

HildyJ Silver badge
Devil

Thrill . . .

"Thrill as Curiosity rover races up to 0.06 miles per hour. Marvel as it takes a mile-long detour "

Sounds like my normal rush hour. Not sure I'd call it thrilling.

Heir-to-Concorde demo model to debut in October

HildyJ Silver badge
Holmes

Re: The rich are getting richer

You mistake the market. Rich tourists who flew the Concorde will be more attracted to space or edge of space tourism.This seems targeted at rich companies' executives and their aides who are more concerned with time (and connectivity) than price.

SAP rolls out early Q2 numbers, says 18% decline in licensing revenue is an 'improvement'

HildyJ Silver badge
Facepalm

Welcome to Wall Street

Wall Street, where bad can be good and good can be bad. Quarterly reports are all about out performing analysts' predictions for the numbers and influencing analysts' predictions for the next quarter. Actual profits and revenues no longer have much impact on stock prices. It's all a game.

Google forges Open Usage Commons to manage open-source project trademarks, lobs hot-potato Istio at it

HildyJ Silver badge
Holmes

Re: “We want to take on this problem of trademark policy. We think it’s important.”

I'm cynical about a lot of Google's actions but not this one.

As the article points out they already have their own framework in place to protect their own trademarks. I suspect that most applications you've heard of are also trademarked. They are offering this for smaller, independent developers.

Linux already has something similar for Linux developers - the Linux Mark Institute.

Oracle tempts users to run its cloud in their own data centres – for a mere '$6 million' commitment

HildyJ Silver badge
Devil

Surely not

"Other commentators said they were concerned that the switch could drive up costs for customers in the long term."

Oracle wouldn't use such tactics, would they?

Can you imagine Oracle saying "your contract doesn't cover that but for only 20% more we can upgrade it."

Can you imagine a similar conversation taking place at least yearly?

If they do it's only because they are trying to maintain their very thin 95% profit margins.

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

HildyJ Silver badge
FAIL

Low bar

"none of the bugs are as serious, or as easily exploited, as the infamous CVE-2019-19781 "Shitrix" vulnerability in December."

That seems like a low bar that I don't find particularly reassuring. Sort of like saying that the coronavirus isn't as serious as the bubonic plague.

HildyJ Silver badge
Devil

Re: "No untrustworthy traffic"

You forgot the epoxy to disable all the ports.

NASA trusted 'traditional' Boeing to program its Starliner without close supervision... It failed to dock due to bugs

HildyJ Silver badge
Stop

Certification and Funding

Hardware certification is something NASA and the FAA know how to do but both are constrained by their funding. Software certification is something neither of them really knows how to do and their funding doesn't allow them to build up a competent staff to do it. Plus, both are subject to political pressure and artificial deadlines.

Boeing, OTOH, has few funding constraints due to their Congressional support won by political donations and lobbyists reminding Congress that they or their subcontractors have a significant presence in almost every Congressional district.

Boeing could use a small portion of this largess to improve its software development process but it's cheaper for them to chop up the software and farm it out to subcontractors. Ultimately, this approach benefits the shareholders and that is management's top priority.

Besides, their contracts allow them to increase the price to fix the problems that they should have seen earlier.

LibreOffice community protests at promotion of paid-for editions, board says: 'LibreOffice will always be free software'

HildyJ Silver badge
Thumb Up

Re: Free

Red Hat is a great example (and there are many). Ultimately, software applications for an enterprise need to be able to offer reliable enhanced support and that costs money. A major barrier to enterprise adoption of open source is the lack of this support. Not having this just makes M$ more entrenched.

Fret not, Linux fans, Microsoft's Project Freta is here to peer deep into your memory... to spot malware

HildyJ Silver badge
Facepalm

Re: coming soon

No joke. That's what Red Hat Enterprise Linux Premium support costs.

We'll pay £400k for a depth charge-proof robot submarine, says UK's Ministry of Defence

HildyJ Silver badge
Devil

This is a job for Elon

Slap his Tesla autopilot onto his Thai cave rescue submarine and job do.

When Facebook says you're not a good 'culture fit', it means you're not White or Asian enough – complaint

HildyJ Silver badge
Facepalm

No

You lost that argument when you smashed into Asia 25 million years ago.

You may be distracted by the pandemic but FYI: US Senate panel OK's backdoors-by-the-backdoor EARN IT Act

HildyJ Silver badge
Big Brother

Remember the French

As was recently shown - https://www.theregister.com/2020/07/02/encrochat_op_venetic_encrypted_phone_arrests/ - you don't need a backdoor to break an encrypted crime ring, you just need smart investigators as opposed to lazy cops.

But in Trump's America, surveillance is necessary because of the left wing radicals who, as believers in Pizzagate know, are responsible for child porn.

No way out.

ITAM Forum asks software giants to stop browbeating customers onto their clouds with threats of licence audits

HildyJ Silver badge
Devil

Re: Stop 'forced' migration to the Cloud?

In related news, pigs were asked to fly.

Experts feel that this has a greater chance of happening.

Detroit cops employed facial recognition algos that only misidentifies suspects 96 per cent of the time

HildyJ Silver badge
Big Brother

Not surprised

Having posted a link to the Ars Tecnica article discussing this back on 30 June (in a comment on NeoFace), This is old news to me but I will repost my concluding comments (modified using Pink Duck's brilliant Spoonerism).

Farcial Recognition is, always has been, and always will be fraught with error.

Farcial Recognition is, always has been, and always will be an invasion of privacy.

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript

HildyJ Silver badge
WTF?

Re: Data not at risk?

Standard company lines:

"Your data is not at risk."

"No active exploits have been seen."

"We apologize for any inconvenience."

"We have solved the problem."

Unsaid lines:

"We are not holding anyone accountable."

"No, you will not get a refund."

Same as it ever was.

Dutch national broadcaster saw ad revenue rise when it stopped tracking users. It's meant to work like that, right?

HildyJ Silver badge
Thumb Up

Replicable?

Not only does this make sense from the user's perspective, I think it would make sense for ad spewing services as well.

If all targeted ads were banned, companies wouldn't stop advertising, Goods would still make money, and ads might be more, not less effective.

Erudite, insightful, self-aware and almost human: Give your local database admin a hug – it's DBA Appreciation Day

HildyJ Silver badge
Pint

No hugs, please

With half Osman distancing in effect, hugs are out. Besides, most DBAs I know are not the hugging type.

So, as far as a gift, get your DBA something they will appreciate. Since nobody expected the holiday, get them something nobody expects - a comfy chair.

Holy Guacamole! Researchers find Apache remote desktop software was silently pwnable for snooping on sessions

HildyJ Silver badge
Devil

So you're saying

Avocado is toast?

Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up

HildyJ Silver badge
Thumb Up

Re: So...

You are right (and many of the comments are wrong). According to a more detailed description in Vice - https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked - the French hacked Encrochat's servers and had them install malware on the users' phones. The malware accessed the users' text inputs before they could be encrypted by the alternate OS and sent them to a police (or intelligence) server.

Encrochat didn't put encryption chips in the photos although they did physically disable the GPS, camera, and microphone. Encrochat didn't have their own backdoor to the phones. The police didn't have to crack any encryption. It was just a sophisticated malware attack.

No need for backdoors when you have brains.

UK space firms forced to adjust their models of how the universe works as they lose out on Copernicus contracts

HildyJ Silver badge
Angel

Thank U UK

Living in Trump's fiefdom, it's amusing to hear of someone else's unintended consequences.

Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

HildyJ Silver badge
FAIL

Re: Old as the hills and still being perpetrated

It's much, much older than that. It predates OWASP, the GPL, Linux, and even GNU.

It used to be called GIGO (Garbage In, Garbage Out) and it was taught in introductory COBOL when I learned it in the 70s. We were taught that all inputs needed to be verified and intermediate results needed to be bounds checked.

The term dates to 1957 when William Mellin wrote "sloppily programmed inputs inevitably lead to incorrect outputs." I think that sums it up.

N.B. Old Brits may know it as RIRO (Rubbish In Rubbish Out) but, to me, that sounds like something Scooby-Doo would say.

Remember that black hole just 1,000 light years from Earth? Scientists queue up to say it may not exist after all

HildyJ Silver badge
Thumb Up

Re: It's called rigour

It is a great example of rigour but also an example of how the public misunderstands science.

Scientists analyze observations and develop hypotheses to explain them (generally using mathematics that is way beyond my capabilities). Multiple groups of scientists will often analyze the same observations and come up with differing hypotheses to explain them. Additional data will allow some, but not necessarily all, hypotheses to be rejected. Especially in astrophysics, where observations have all sorts of limitations due to technology and the availability of analogous observations, multiple hypotheses are the rule, not the exception.

That said, we can rule out a Vogon Destructor Fleet because the observations do not show any signs of a star's destruction. Quel dommage.

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer

HildyJ Silver badge
FAIL

"the outcome of this is the way we should view Cisco from now on - IF the DALIT guy WINS, they ARE listening, and MAYBE things will change"

Maybe? You aren't cynical enough. If he wins he will be paid out of Cisco's pocket change in return for an NDA and an agreement to seal the records. Cisco will continue to act like it has in the past.

Born slippy: NASA Mars rover Perseverance to persevere on Earth a little longer as launch date pushed back again

HildyJ Silver badge
Facepalm

Like it or not

At this point, regardless of Elon's dreams. SpaceX doesn't have any proven launch vehicle to fly Perseverance to Mars.

Of course this could change if they miss the launch window and delay until 2022.

Note that the launch window is a date with very little wiggle room. As Mars moves away from Earth the Atlas will no longer be able to get Perseverance there.

Reviewing and profiling your code is boring? Well, Amazon will now sell you an AI editor to do it for you

HildyJ Silver badge
Devil

Re: So,

No. The service stops at random intervals.

Followed by press releases saying that everything is now fine and they're sorry but nobody's to blame (and, no, you won't get a refund).

Boffins baffled as supergiant star just vanishes – either it partially blew itself apart or quietly turned into a black hole

HildyJ Silver badge
Devil

Clearly

Alien hackers hit the star with ransomware and when they didn't pay up its output was deleted.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020