* Posts by OliverJ

62 publicly visible posts • joined 8 Mar 2013


Sysadmin told to spend 20+ hours changing user names, for no reason



.... this can be scripted? So: Spend a few hours to write the script and maybe even test it. Then run it on a number of users every day. Bill 8 hrs. per day on task "renaming users". Head over to the pub. Repeat daily for a week or two.

WhatsApp, Apple and a hidden source code F-bomb: THE TRUTH


The facility used is log.d. Hence my quotes. 'nuff said. And how "FUCK APPLE: Fail to add new user" is supposed to help debugging live code one or two years in the future, or when the dev has left the team, will remain your secret. I had to dig into code from someone who left the company based on such helpful "debug logs" more than once.


So, coding for the Apple ecosystem was a little bit more demanding ....

... and the coder was a little bit stressed out? That doesn't exactly increases my confidence into the technical competence of WhatsApp. And I agree that this "debug log" has no place in shipped code.

While I agree that Apple may not provide the ideal environment for dev's (which ecosystem does?), I think that this discovery is more revealing regarding WhatsApp, their QA, and the maturity of their staff.

Das ist empörend: Microsoft slams umlaut for email depth charge


Re: Microsoft or Americans?

@AC - "I'll be on moving to Canada by the end of Jan 2017 if he gets elected."

Let me correct you little mistake, of course you meant "when", not "if" ....


Re: English is wonderful

@Herby, be glad that the Allies won the war. Otherwise, there would be no ASCII, the standard would be named DIN-23452-A (Bin.Drstl.v.Zchn.f.d.Vrwn.i.dtnvrb.Systm.) or something similar, all Umlauts would be in it (of course), and strange historical symbols like $ would be accessible via one of the more obscure UNICODE pages (which would not be called UNICODE either). That isn't funny at all.

US govt says it has cracked killer's iPhone, legs it from Apple fight


Right to refuse to testify for brain extensions ?

I wonder if it's not time to rethink the whole matter in a radical way. I perfectly understand the reasoning behind the request of the FBI to gain access to this - and other - encrypted data. To solve criminal cases, or prevent terrorist acts, it is often necessary to invade the privacy of suspects.

But given that electronic devices, and especially smart phones, are now an integral part of not only our daily lives, but also of how and what we think, I wonder if we should not extent the right to refuse to testify to such devices. A smartphone is so much more than a simple phone. Or a letter. Or a set of files in a register. Or a conversation behind closed doors.

It always knows where we are, and why, and with whom. It begins to know more and more about what we think. What we are going to do in the near future. What interests we have. How healthy we live. In short - they start to become an extension of our own biological brain. But they are still treated under laws which date from the "pre-silicone" age.

Getting access to a smart phone is not the same as getting access to phone records. Or even reading private letters, or a diary. It is a direct uplink to your brain, and this interface will become more and more all-inclusive. It is not far fetched to speculate that in ten or twenty years the ability to "snoop" on your smart device will be comparable to having your brain bugged.

Did you know ... Stephen Fry has founded a tech startup?


This private vendetta of yours with the aforementioned Mr. F ...

... is becoming quite a bore.

California cops pull over Google car for driving too SLOWLY


StVO §3 (2). Google it. Good luck in Germany with your friendly slow-moving Wonka-wagons, Google.

Citrix wants a buyer, fast


Truth be told...

I don't want to spoil the outrage about bad inve$tors and their cynical, selfish, greedy capitalism (cf. the latest AIDS pharmaceuticals outrage). But truth be told, many people who are working with Citrix products for many years (in my case since the year 1999 if memory serves) think that the company lost focus lately.

"XenApp is dead, go XenDesktop" in one year, followed by "No no, forget about this, we are now all doing XenMobile, you know, 'work is not a place' ?" followed by this year's "What we actually meant is that it's all about the app, you know, 'software defined workplaces', btw we are all so excited about XenApp now!"

Combine this with questionable acquisitions (AppDNA springs to mind), and problems matching old version features in new product releases, I can understand that an investor becomes nervous. Not that I think that selling off Netscaler would be a good idea. But it's too simplistic to make a scape-goat out of Elliot here.

XCodeGhost iOS infection toll rises from 39 to a WHOPPING 4,000 apps


4.000 affected applications?

I would take this information cum grano salis. FireEye may be trying to milk this incident to promote their Mobile Security solutions. If you check their web site for the list of these 4.000 apps you find that you have to be a customer to access this information.

Also, "that some 4,000 apps were hosed indicates that a lot of developers were sucked into what must have been a very well-executed attack by highly capable malefactors". Or, and I find this more likely, that many app-programmers (in China and elsewhere) are incredibly lazy and gullible. Or stupid. Or all of the above.

Our cookies save you from TERRORISTS, Facebook thunders to Belgian judge


Cynical and disgusting

Facebook lawyer probably thought that the "info-sec" approach is a clever spin due to the Thalys incident in Belgium lately. How cynical and disgusting to describe a marketing tool for optimizing a users profile by gathering more data about him and ultimately sell more ads as a public service to improve cyber security. Facebook is a disgrace for the community.

CHEAT! Volkswagen chief 'deeply sorry' over diesel emission test dodge


Let me visualize my reaction


Or, if you don't want to watch this: Duh. How is this a scandal? Or even news? Practically everybody does this, i.e. having some logic recognize that the car is on a test rig and in a test cycle, and then switching over to a super-eco, low emission program. Engineers call this Zykluserkennung. Google the term, > 1.000 hits. Hardly a secret.

Jeremy Corbyn wins Labour leadership election


Re: i for one, welcome... (actually I don't but that's by the by)

"as a pro-military liberal; a pro-nuclear green; an anti-pansurveillance patriot and a fervent believer in both market capitalism and a state health service, I have no idea who I could vote for anyway."

Maybe we should start a party; my views are the same.

CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS


Re: Bit of a shame most of you can't read

So, your logic is that it is okay to buy a Thinkpad - thereby supporting Lenovo, of which Thinkpad is now, sadly, a kind of product line for people who have fond memories of the good old time - because the specific piece of hardware they have given *you* isn't FUBAR like the majority of stuff they sold?


Document history

The document history of the linked webpage describing WPBT is also very instructive ...

November 29, 2011

First publication

July 8, 2015, 2015

Revision to include security guidance and requirements

Black Helicopters

The Redmond giant was not available for immediate comment.

"We forwarded your request to our superiors in Fort Meade. We will return to your question as soon as we've been told what to say."

Exploding Power Bars: EE couldn't even get the CE safety mark right


Conformity marking

The CE label is a mere conformity marking. It is applied by the manufacturer in a self-certification process, indicating that the product complies to certain european standards, including product safety.

If you want some kind of quasi-independent, external testing, look for the VDE markings, or the various TÜV organizations. The UL has a similar role in the US market I believe. Obviously, these are often falsified as well on "China Export" imports.

Wanna harvest a stranger's Facebook data? Get a mobile number and off you go


... industry-leading proprietary network monitoring tools ...

"The privacy of people who use Facebook is extremely important to us. We have industry-leading proprietary network monitoring tools constantly running in order to ensure data security ..."

So, basically, we have written a bunch of scripts (hence "proprietary") which monitor how many datasets are read per second by a given IP, and when the number is larger then our arbitrarily set threshold, a real human being (tm) will look into the matter. At the appropriate juncture, in due course, in the fullness of time.

And as no one else does this kind of approach, we are not incompetent, but "industry-leading".

That's like having a shop with expansive goods, and your whole concept of security is having a guy looking at the door for an unusually high number of people coming out of your shop with stuff under their arms.

Of course, one could design a product to be (or at least aim to be) secure by itself, instead of monitoring the rate of theft to spot an intrusion ...

Biggest security update in history coming up: Google patches Android hijack bug Stagefright


@Coward: Incredible!

At least I'm not hiding, Mr. A.C., which of course in your case seems to be a sensible approach, as you started your posting in rather bad form with pointless invectives. Usually I find that doing so doesn't improve the quality of one's argument. But I digress.

Please note that I made no comment on the complexity of this rollout, which is indeed a challenge, as you rightly pointed out. But if you read the quote attributed to Adrian Ludwig, you will see that this wasn't his point, either. It was simply the number of devices patched which he found "incredible".

Obviously, my remark was half in jest, but I was indeed a little bit baffled by the naivety of this statement.

You are really reading to much into this, lighten up! You're taking this way too serious. I mean, "ignorant", "fanboi", "kiddies pool" - really?


Re: Re asdf: Incredible!

"I hear what you're saying but It's not the count, it's the diversity."

Point taken. Diversity. Such as, I don't know, Microsoft Windows? :-)


Re asdf: Incredible!

Just for the record: I made no comment on which of the ecosystems is the most secure. I was simply surprised by the statement that patching hundreds of millions of devices seems to be an "incredible achievement". Last time I checked, iOS was deployed on more than a billion devices world wide, so rolling out an update to hundreds of millions of devices doesn't seem to be an industries first...



"Hundreds of millions of devices are going to be updated in the next few days. It's incredible." - Like as in when Apple releases a new version of iOS? It's incredible! (that the lead engineer for Android security at Google says such a thing)

'Fix these Windows 10 Horrors': Readers turn their guns on Redmond


@nematoad Cars

5. to occupy oneself with trifles; trifle.

Oh, the irony...! :-)

MORE Windows 10 bugs! Too many Start menu apps BREAK it


@GregC Feature parity

Apparently, Windows 10 is pretty much a work in progress, i.e. not ready. But had to be shipped. So don't be surprised to find a lot of functionality coming with the next Service Pack which you expected in the product from the beginning.

I learned a new euphemism recently. If you ship a new version where half of the functionality from the previous version isn't working yet, that's "we haven't got full feature parity yet".


512 apps ought to be enough for anybody...!

Move along folks nothing to see here.

Facebook SSD failure study pinpoints mid-life burnout rate trough


Re: Bathtub curve

I beg to disagree. The second graph looks like a bathtub curve with QA doing a better job compared to the good ol' days, when we had cold solder joints which tend to fail after a few hours of "burn in".

Snowden latest: NSA planned sneak attacks on Android app stores


Wait, let me see if I can find an appropriate comment.... voila:


Choose Deutsche Telekom for all your bargain spying needs



It is perhaps illustrating or amusing to note that, only quite recently, the German Bundestag (parliament) kicked out Verizon when it transpired that the US based company was allegedly giving assistance to the NSA eavesdropping on foreign nationals. Oopsie.

Popular crypto app uses single-byte XOR and nowt else, hacker says


Re: Bitwise XOR is a completely legit way to encrypt...

"Bitwise XOR is a completely legit way to encrypt assuming the key is long as the message and random."

And, of course, only used once (hence the name OTP :-)

It also has another useful feature: Complete deniability. You can always prepare a second set of keys that decrypt your dick pics (thank you John Oliver) into cute kitten pics instead. :-)

'Hi, I'm from Microsoft and I am GOING TO KILL YOU'


Use a counter script

Great ideas here, I can't wait trying out the transfer game. In the meantime, here is a counter script which is around for ages: http://egbg.home.xs4all.nl/english/counterscript.pdf

MELTDOWN: Samsung, Sony not-so-smart TVs go titsup for TWO days


Re: Preferred by 9 out of 10 cats

Quite literally. https://www.youtube.com/watch?v=MlvxgOa6IbM

There is a longer version also of about 30 mins.

So long, Lenovo, and no thanks for all the super-creepy Superfish


What a remarkable piece of PR twaddle

"Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping," Lenovo said in a statement on Thursday."

Apparently, Lenovo ships about 30 million units p.a. Making the assumption that half of them are "consumer" notebooks, this "short window between September and December" translates into something like up to five million affected devices. Clearly, there is no need for immediate concern.

I also like (not) how they describe "inserting unwanted ads" as "helping customers potentially discover interesting products while shopping".

Having been a big fan of ThinkPads in the past, I'm quite worried by this. And not only by the incident itself, which seems to be distressing enough, but also by the meaningless or even misleading statements from their PR units. To regain consumer confidence, Lenovo needs to be fully transparent on this; own the problem, then own the solution. I'm quite disappointed.

Stop viewing Facebook at work says Facebook at work on Facebook at Work

Thumb Down

Re: Perfect for corporate communications, HR, etc.

I would assume that there will be a like button - and a like-it-even-more button.

Well, I definitely have a strange and very intense sensation in my lower parts when I start thinking about it. Or, bowel movement, as it is called more prosaically. Probably yesterday's curry on it's way out.

Scary code of the week: Valve Steam CLEANS Linux PCs (if you're not careful)


Re: Scumbag Steve Meme goes here

AC, Steven R - I respectfully disagree. The programmer knew he was doing it wrong ("scary"), but obviously didn't act on it. More importantly, this issue raises the question how this code got through quality assurance in the first place.

This takes the case from the "accidental" into the "gross negligence" domain. IT firms need to learn that they have to take responsibility for the code they dump on their customers.

And regarding your argument of making backups - that's quite true. It's good practice to make backups, as it is good practice to wear seat-belts in your car. I do both all the time. But this does not mean that the manufacturer of my car is allowed to do sloppy quality assurance on the ground of my requirement to wear seat belts to minimize consequences of an accident - as GM is now learning...


Re: Scumbag Steve Meme goes here

IANAL, but doesn't the comment provide enough legal ground for a class action lawsuit against Steam on the base of gross negligence?

THE GERMANS ARE CLOUDING: New AWS cloud region spotted

Black Helicopters

Publicity stunt?

I agree, considering the "NSA scare", which is very important in Germany today, this is more or less a publicity stunt only, as the physical location of the DC doesn't really matter if you can twist the arm of an sysadmin in the US or the UK, and get her or him to access your data. OTOH, there are good reasons for having another DC in continental Europe, like latency, HA/DR/BC requirements, etc.

IPv4 addresses now EXHAUSTED in Latin America and the Caribbean



Any chance of you guys moving on regarding this whole Stephen Fry thing? This is becoming a distraction for your readership. And what is worse - it's no longer funny. Actually it stopped being funny quite a while ago.

Stephen Fry MADNESS: 'New domain names GENERATE NEW IP NUMBERS'

Thumb Down

Your vendetta...

... against Stephen Fry is becoming a bore, justified as it may have been in the beginning. Leave the man in peace, he's an intellectual after all, not a technologist.

Sprint eyes T-Mobile, grabs $32 BEELLION from wallet, prepares to SLURP


What a bummer...!

Just when T-Mobile USA gets the media coverage it deserves and all the buzz that comes with it due to the extensive covering of their products in the Colbert Report (-> http://tinyurl.com/nnne7sc), they take the whole outfit and sell it to the highest bidder? What a bummer! Or... is the fix in, and Colbert was part of this plan?

100% driverless Wonka-wagon toy cars? Oh Google, you're having a laugh


Spell checking blues

This becomes an IT thread again. :-)

"An automated spellchecker will only pick up obvious misspellings. Personally, I believe it's bad practice to rely on spell/grammar checkers, you should learn to proofread your work; an automated tool is no substitute for a human brain, it can't know that you've used the wrong word, all it can do is check spellings according to its internal dictionary".

Well, actually, yes and no. I guess I typed something like "braeks" and the spellchecker "corrected" it without me noticing it. Proof-reading, yeah, point taken, but here we enter the reality of the way the human brain works: Often, we do not read what is there, but we expect to be there. That's why it's always a good idea to wait a little bit between writing and proof-reading. But of course, that's tricky in a "fire&forget" medium like reader comments :-)

You're right, though, English isn't my native tongue...


Re: Put it on the Autobahn, then

"Oliver!!!!!' (TG meme, for those that might enjoy such a thing)"

I'm not an Opel Kadett A, though. :-)

"Your Audi *breaks* on the Autobahn? Terrible. You should get that fixed."

Yes, and this happens all the time! I seriously consider getting a Jag as my next car, so that it only breaks occasionally while still on the motorway access :-)

Well, I better blame the spellchecker then.


Wonkacars today

So, they are basically a kind of semi-mobile roadblock of limited intelligence? :-)

Okay, I'm getting it, instead of driving my Mercedes or BMW or Audi into the financial district in the city itself, I leave my car somewhere in the suburbs, hop into a Wonkacar, mutter "Bishopsgate" and chug along merrily. Brilliant.

Only problem here is: I can do this already, it's called "public transportation", or "cabs", and actually works today. Last time I checked, the inner cities were still crowded with cars.

But, guess what, I just came across a brilliant idea and application for autonomous driving: forget about the usefulness of driving the car while I'm in it (as I mentioned in an earlier post, I'm not against this concept in itself, but I'm not buying into the claim that this makes road traffic more efficient) - but consider the endless possibilities of the car driving itself AFTER I got out!

In front of the building where my office is, I tell my car "park yourself", hop out, and that's it! Brilliant! It would be like having a chauffeur driven car! Or valet parking EVERYWHERE I go. And if I need my car, I get out my smart phone and summon it, wherever I want it. Excellent. THIS I would buy into.

IT Angle

Put it on the Autobahn, then

... and let's see how it deals with 250 km/h traffic. Don't get me wrong, I like the assistance systems of my Audi very much, and it handles stuff like accelerating and breaking on the Autobahn very nicely. But I'm not buying into this hype at all. And that's why: To make this work on a grand scale efficiently, a lot of cars must become Wonkacars (I like this term).

If a Wonkacar is in "normal" (i.e. human operated) traffic, it will drive very defensively, if only for insurance reasons. So it will be like a driver who follows EVERY rule, ALL THE TIME. We know these kinds of people. They are a nuisance and break down the system.

Only if Wonkacars make up the majority of traffic on the road, they can operate smoothly, by communicating with each other, speeding up the same time at the traffic lights, for example, or forming "road trains" of several cars having the same destination, stuff like this. But even then a few human drivers have the potential to bring down chaos onto this choreography of Wonkacars.

There will be useful applications for Wonkacars, for example in door to door delivery, or for supporting drivers in a way my Audi already does in a rudimentary way, but unless you replace all cars with Wonkacars by government order, and make "human driving" illegal, the whole concept will not fly for the average motorist.

The whole idea also upsets me on a completely different level, and that is it's impact on society. Thanks to the health and public safety delusion we are now considering making people wear helmets on a bicycle. I'm not against wearing such things in general, actually, this makes a lot of sense for a lot of people, kids for a start, but making this mandatory is preposterous. Few days ago a kid in our area was very severely hurt at the skull when being run over BY a guy on a bicycle. So let's make kids wear protective gear all the time? All playgrounds here in Germany are now being "upgraded" to prevent kids from being hurt by falling down. So, they are having cushy floor mats now, etc. I don't advocate having playground which are by design dangerous, but falling down a tree and hurting your knee is also a very valuable lesson and experience. We are raising a generation of, well, sissies, who are afraid of life, and who are putting safety before freedom.

Whoa, this became a sermon. Sorry for this.

Google's driverless car: It'll just block our roads. It's the worst


Re: My spooky Audi...

I'm perfectly aware that there is very likely a completely plausible reason for this. And I already pointed out that my suspicion about this Audi being a supernatural being with the power to predict traffic light changes is probably caused by some faulty wiring in the human brain - like, trying to find patterns where there are none.

Nevertheless, even if I know this, it nevertheless gives me a little shiver when the engine of the Audi comes back to life, literally one moment before the traffic lights switch. :-)


My spooky Audi...

"Remember that the car has advance knowledge of when it's going to change (Audi just demonstrated that), it doesn't need to wait for it to actually change. 1 second is quicker than a human can react to the light changing and go from brake to accelerator (for the US), or select 1st and release the handbrake."

It's funny that you bring this up, but every time I drive an Audi with Start/Stop automatic (don't know how this is called in the UK, it shuts down your engine when the car is standing still) I have the creepy feeling that the car somehow KNOWS that a light will become green in two seconds. I just sit there, hands on wheel, foot on brake, engine off, and suddenly the engine comes back to life, and two seconds later, the light turns green.

Now, if this would happen at crossings that I know well (i.e. I know how the traffic lights are scheduled), I could understand this. Maybe some unconscious twitch in my arm or leg. But this happens to me all the time, everywhere! Spooky...

It may be that the engine sometimes starts more or less randomly, and I only remember the occasions when the lights turn green the next second (kind of an "every christmas we had snow when I was a kid" thing), but it IS strange :-)

On the other hand, and back to your posting: One second reaction time? Come on... Are you an octogenarian? :-)


Re: Sorry to say...

"...and with human psychology (ever seen a car being added to a platoon at 120 mph? Looks pretty dangerous)."

This last argument of yours isn't very convincing.

1) I see this every day on a typical german Autobahn, and also

2) This argument reminds me of the "driving faster than a horse can go in these steam train will make you go bonkers!" yarn.


Let's all get those autonomous chairs to move us around...

... and in one hundred years, human beings will look, move and behave like the spaceship crew in WALL-E. Fat, immobile and frightened.

IT Angle

Re: Middle Laners Anyone?

"20 vehicles occupying 8 metres each is 160 metres. If your speed is 5mph faster then it will take you about 1 minute 15 seconds to safely clear the 20 vehicles. In that time you can travel 1.25 miles or 2km at 60mph (1.5m/2.4km at 70mph)."

This very aptly demonstrated the nonsense of having speed limits on motorways or highways. Move to Germany. :-)

Sacre BLEURGH: Google thinks London's Victoria station is on the PARIS Metro


Victoria - part of the Paris Metro system? But it is...!

Let's assume you are standing in front of Notre Dame, and suddenly it occurs to you that you have to be at the Tower of London this very afternoon. Why, you simply take the metro M4 from Cité to Gare du Nord, switch to Eurostar line in the direction of Victoria Station, where you will get out and take the Circle Line to Tower Hill. Voila.

Watch: Kids slam Apple as 'BORING, the whole thing is BORING'


Re: When I were a lad

... you forgot to mention the twenty inches of snow. And having no shoes.