* Posts by David 55

13 publicly visible posts • joined 17 Apr 2013

I think I'm a clone now: Chinese AMD Epyc-like server chips appear in China. What gives?

David 55


So if China will only get a mindbogglingly non-trivial list of gates and not the source code, how will they check for backdoors?

Researcher: DJI RCE-holes offered me $500 after I found Heartbleed etc on its servers

David 55

"Finding private keys on Github should not be happening to a company which presents itself as a successful multinational."

Mistakes (and shitty programmers) happen in successful multinationals too. Offering $500 for an exploit that provides access to customer data is a little extreme though.

Death, taxes, DXC job cuts: Three of life's sure bets

David 55

If they switched to competitive rates they'd have been bankrupt a long time ago. The best way to deal with this from a client perspective is to just not get into any deal with a company like CSC/DXC in the first place.

'Treat infosec fails like plane crashes' – but hopefully with less death and twisted metal

David 55

Good luck

And where they will get these millions of forensics and security specialists to go through the endless attacks? Even if that many existed wouldn't it be better to use them to make critical code more secure rather than do useless investigations?

UK private sector joins public in... Escape from DXC Max

David 55

Re: Shocking leadership

Don't hold your breath. Yes, nobody in their right mind will sign up with them now (or prolong a contract), but they still have a massive amount of hard to escape government and corporate contracts left that will expire one by one, and they still have 170000 (increasingly bad) staff left to cut. It will be a slow burn with plenty of drama and at the Register we have front row seats.

Massive US military social media spying archive left wide open in AWS S3 buckets

David 55

File listings

Can Amazon just disable file listings already and make it a hard option to activate (and then only for specific users)? This is getting ridiculous.

DXC spills AWS private keys on public GitHub

David 55

I am shocked...

that they found out about it at all. At least some beancounters are still paying attention. I bet if someone was using the keys to silently steal confidential information they wouldn't have caught it in a million years.

Oh dear, DXC: Outsourcer loses two UK.gov contracts

David 55

Re: Another one bites the dust...

There is no real solution. IT outsourcing may be growing, but with its massive overhead, DXC cannot deliver a competitive solution for any but a handful of cases.

Then there is a brain drain of quality employees rushing to get out of the sinking ship...

Java security plagued by crappy docs, complex APIs, bad advice

David 55

Remove MD5?

Obviously using MD5 for security purposes in a new application isn't a great idea, but it's still a commonly used hash, especially for legacy purposes. Completely removing it will just lead to people using crappy 3rd party implementations, which would be worse for security in the end.

David 55

Did you just say you are a Notes developer? Like Lotus Notes? In 2017?

Aw, not you too, Verizon: US telco joins list of leaky AWS S3 buckets

David 55

Disable file listings already!

Amazon should really have made the ability to let others do file listings on a bucket that you own an obscure feature hidden away in the permissions. I can barely imagine a usecase for it.

Amazon Drive bans rclone storage client

David 55

These things happen for the same reason that you made a grammar mistake in your post. People aren't perfect, and you don't always have the time/resources to do everything to 100% perfection.

Boffins: Tireless star spurted deadly jets for half an hour at a time

David 55
Thumb Up

Re: Red Shift - red faces

Yes, I think astrophysicists are aware of doppler shifting.