* Posts by CliveM

25 posts • joined 8 Jul 2013

Ransomware crims drop Bitcoin faster than Google axes services


ARCHIVE non-changing data permanently to encrypted off-line storage. Store off-site in two locations. Place copies of it on READ-ONLY partitions as well, for fast access, but allow NO changes to this data. Make a fresh copy if you need to change something. This data does NOT need to be backed up, as it is already ARCHIVED.

Similar recommendations omitted for brevity and to reduce the risk someone regards them as a template. This isn't best practice, it is outright dangerous. Where have they come from? Nowhere, they've been trotted out with no reference to the volume or nature of data, regulatory requirements, budgets, user expectations, business needs or any of 101 other factors that should be considered. Without that any backup strategy is fundamentally flawed from the outset.

Archival is a useful tool for some forms of data, a menace that should be disregarded completely for others. It suits datasets that fit into neat little conceptually well-defined boxes of manageable size. The month's transaction data probably suits archival well, your customer database probably doesn't. It's one approach to consider alongside main backup, replication, clerical records etc but if it is advocated at the outset it is wrong by default.

Your main backup strategy is equally flawed - it is premised on the implicit assumption that you can afford to lose a day's data. In many contexts that simply isn't acceptable in this day and age - if you lose an entire day's transactions HMRC will be on you like a ton of bricks. Investors, too, since such a loss will mean you won't get your accounts signed off at year end. Your backup strategy ignores risks like that. Why? Because you never bothered to even consider it.

Even off site storage is not a sure thing 100% of the time. Every time you create a copy of your data, even if encrypted, you are increasing the risk of that data falling into the wrong hands. This risk is multiplied as the data moves off site. The vast majority of the time if you have one copy of the data and add a second then the benefits outweigh the risks, if you already have six copies and add a seventh you are raising the risk for no appreciable benefit. For some particularly sensitive data the thresholds could be lower than that - again it is something to consider before reciting a list of universal recommendations.

You also completely neglect any consideration of human factors, or the time and expense of management and administration. Too many places have technically watertight, appropriate backup policies that fail because of this. If backup takes someone two hours a day it isn't going to get done reliably. Where are your backups then? Again this is something that has to be considered at the outset long before recommendations are made. It's another thing you didn't bother with.

That isn't to say that simple bullet points don't serve a role, if they are factors to consider which will then lead you to actionable points when the particular circumstances have been considered. Taking short cuts does not serve you and here you begin with a fundamental and reckless short cut before you even start.

VMware fires Photon torpedo – a homegrown Linux for microservices


This approach is held to be a better way to scale than conventional tiered application models, with Google's two-billion-containers-a-week regime and Netflix's use of a containerised content delivery network often cited as validation for that assertion.

Personally whenever things like that are cited as evidence my gut reaction is that if that's the best you can come up with then their is no precedent at all. Things like NoSQL in particular come to mind there but let's get one thing straight: if you are in the position to be making decisions on things like this you are likely a much smaller shop. You are not Google, you are not Facebook, you are not Microsoft, and you are not Netflix.

These are massive companies with particular requirements. There may be at most fifty such institutions worldwide. What they need to do is on an entirely different scale to your much more humble requirements. Yes, they may use x, y and z but they have IT staff in the thousands and budgets in the billions: they have the resources available to keep the plates spinning on their sticks. You probably don't and unless they become available the comparison is not an appropriate one.

Philip Glass tells all and Lovelace and Babbage get the comic novel treatment


Please God no, don't put on a Philip Glass LP !

His music is the most boring, pretentious, rambling, self indulgent drivel I've ever had the misfortune to hear.

I quite like a lot of his music, and I think he would have to be considered one of the great composers of the 20th century although that is damning with faint praise to some extent.

Pretentious? Rambling? Certainly. He's one of those individuals of whom your opinion always nosedives the instant he opens his mouth. So, no, I'll pass on that I think, wouldn't want to sour the music.

Verizon FLICKS FINGER at Netflix with skinny à la carte-style TV package for fibre munchers


Re: so called "Custom TV" - this sums it up perfectly

So what's the difference compared to the crap they've forced on us this far? And at 65$ (to start with) looks like a great value (not). I can see converts lining up.

Quite. I've adopted the practice of converting monthly charges to annualized ones, or over whatever the minimum term is where that is longer. It's a lot more difficult for a salesman to justify when you remark along the lines of "$1500 seems a lot just for TV and Internet..." It seems they rely on people not seeing the bigger picture.

Nvidia's GTX 900 cards lock out open-source Linux devs yet again


Re: Terminology issue?

Yup, if it's in ROM/Flash/Patch-cables and survives power down, it's firmware. Otherwise it's software. Just because it is running on the processor over here instead of that one over there isn't a reason to change the terminology.

But what PRACTICAL difference does it make? In one case the code can't be altered. In the other the code can't be altered. The difference is?

They're making a stand based on principle alone here. That is fine by me but claiming that this stops them writing a DRIVER when it does nothing of the sort is disingenuous.

How the FLAC do I tell MP3s from lossless audio?


Re: Good source material and very good speakers or good headphones needed

Most headphones under £50 and most speaker systems under £500 cause far more alteration to the music than a high rate MP3 produced by a reasonable encoder.

Many mid range speaker systems have very good output. The problem tends to be crap acoustics: it doesn't matter if you spend £3000 on your speakers if you stick them in the corners of your living room - they're going to sound like crap and the price tag is more to do with pose value than acoustic fidelity.

At the other end of the spectrum there are some very good studio monitors from around £150/pair. When they get specified it isn't because the studio are trying to cut corners - it's because the people installing them know how to get a pair of speakers to sound right.

Boffins' better blues beat battery blues


No, the new step here merely allows them to use what they were already using with green and red LEDs for blue ones: blue photons are higher energy than the others: that bigger punch causes photodegradation that doesn't occur with punier photons.

Rack-mount 24TB RAID 5 disk array for $5,000. Let's just check the label here. Uh, it's TiVo


Re: What a waste of money

But they'd need to offer way more than 6 tuners - these people have dozens of TVs!

In which case they already have dozens of tuners - remember you said TVs, not monitors.

I don't see this as a super-rich only thing so I don't suppose it's relevant anyway. I see as going after much the same audience as would buy a $1000 amplifier - you're probably talking about relatively affluent middle class males who like their shiny, but they're not necessarily super-rich.

There are plenty of people out there willing to spend seemingly silly amounts of money on home entertainment equipment. If they have the money and they want to why should anyone stop them. It's more than I'd ever need but it'll appeal to those "1080p video is way too low res" types that come along here whenever 4K is mentioned.

Heavy VPN users are probably pirates, says BBC


So you don't like the BBC. I don't like trolls who start long soapboxing rants about pet peeves that do not address the matter in hand. Your entire post has a hell of a lot of vitriol and very little substantive comment about the BBC's submission. That comment is worth as little as the BBC's was.


Re: BBC Worldwide

Yes. BBC Worldwide, the commercial arm of the BBC rather than the Beeb itself. It has a duty to maximise its revenues for the benefit of the BBC and ultimately the British licence payer.

On the other hand, this does seem a ham-fisted approach. Even with a VPN the endpoints are visible which provides a lot more clues than this submission suggests. If you spend the working day VPNed into a major employer with a lot of valuable IP it's a fair assumption you are telecommuting or remoting in for some other legitimate purpose. This is true regardless of how much traffic flows back and forth.

There are a few justifiable reasons for the "VPN service" providers that encrypt the first hop after which it reverts to clear text but be fair, that isn't how they are marketed, or why most of them are bought. That is to evade blocks and/or provide a layer of anonymity for illegitimate traffic of various forms.

Ignoring that simple and easily made distinction suggests fuck all thought has actually gone in to this rather than a knee-jerk "We have to protect our property" response. Fuck all is thus the amount of weight it should receive when reaching policy decisions. Sadly it doesn't seem to work like that.

Thirteen Astonishing True Facts You Never Knew About SCREWS


Re: Can of worms opened.

A set screw holds something in position with friction against the point, without a hole - a set screw "sets" the position. The classic example is to fix a gear on an axle. A set screw will invariably have a finished point - on the "not a screw" picture it's clearly what is left after casting and thread cutting.

US Supremes just blew Aereo out of the water


Re: Sad? probably. Surprising? no.

With that kind of mindset, one wonders why courts are even needed. You can have a presidential cretin disbursing unassailable wisdom by decree.

Still it's good to know that one is permanently "in error" about patent law, copyright law, spying on the populace, the war on terror, indefinite detention, bailouts, bailins, disbursements to cronies, extrajudicial but perfectly legal killings, etc...

If there is a legal dispute the courts are the people charged with sorting it out. If the law needs to be interpreted it is the courts that decide how it is to be interpreted. If a case gets as far as the supreme court that interpretation becomes definitive. There is no scope for speculation after that point - the issue is settled.

Bringing in straw man irrelevances does not alter that, indeed the counter position is if anything more contemptible than any of the above. We have a panel of judges who have listened to the entirety of the arguments and reviewed the documents and other evidence presented. They have the training, experience and authority to reach a decision. They have done so.

Destroy All Monsters doesn't like the outcome so we set all that aside and substitute his opinion in its place. We no longer have a legal system, we have a dictatorship.

Elite Systems pulls ZX Spectrum games after deluge of 'unpaid royalties' complaints


Basic membership is free, but qualification for each product (a required step) is a chunky $8000, although there is a discount for small caps that bring it down to $2000-3000. Add a thousand or so for getting your paperwork together and another couple of thousand for EMI/RFI testing even if it passes first time.

The other end of the telescope: Intel’s Galileo developer board


Re: All the Arduino IO is connected by a single I2C port

You might have been discussing the speed of generic I2C in an ideal world, but the rest of us were discussing the speed of the GPIO that's provided on the Arduino headers on this board.

No. You start talking about the speed of the I2C it's reasonable to assume you are talking about the speed of the I2C, not connected devices. This isn't "ideal world" stuff but real world stuff - bit banging protocols is generally bad practice, especially for devices such as this with vanilla operating systems. GPIO is generally intended for simple stuff - indicators, switches, switch-like sensors etc. Running something higher speed on a bus not intended for it is a recipe for all kinds of headaches. Sure, I've bit banged all sorts of protocols in the past where the circumstances demand it, but on on devices of this class. What is regarded as acceptable changes between the £1 devices described by the refined chap and what you would do on a device into £100 territory.


Re: All the Arduino IO is connected by a single I2C port

I2C runs at a maximum of 3.4MHz, well there is a 5MHz standard as I recall but that's new and I haven't seen any actual parts. If we believed your figures since it would run the bus at 320MHz - it's a serial bus and the minimum transaction is 16 bits.

Do you think you have missed the point slightly, and perhaps are not comparing like with like?

Yes, HP will still sue you if you make cartridges for its inkjet printers



Having the print head be easily replaceable is a great idea, as it is the common cause of death for inkjet printers, however having it as a separate insert in the carriage is a much better design, which a small number of HP and many Kodak printers use.

It's a nice idea in principle but if they're only needed once in a blue moon they soon get regarded as "spares" instead of "consumables" - you lose the widespread distribution and pricing goes up even further. Laser toner fuser units have a finite life expectancy and so did dot matrix print heads. Both are/were designed to be easily replaceable but in practice that rarely happens. If a fuser unit goes the savings are so small over a new printer that going for the completely new device is generally a no-brainer over fixing a printer with 100,000 pages on the clock. Dot matrix heads, even while they were still in their prime, were almost as pricey even if you did somehow manage to track down a supplier.

Citizen Kano pitches easy-build Raspberry Pi for code-hungry kids


Why do I sense...

...the kids would learn more knocking together a crystal radio for less money? I still remember building mine aged 9, being taught how to solder it up on a piece of stripboard by my Dad, making it not from "parts for a crystal radio" but from "parts".

Now, just where did I stash those new old stock OA90's for my kids...

Personal web and mail server for Raspberry Pi seeks cash


Re: Hang on a gosh darned minute...

"This is basically asking for twelve month's salary for a bit of meta-packaging and a certain amount of PHP/Javascript coding. There's no way to know precisely how much work is anticipated there but you could do a hell of a lot in a couple of weeks, certainly enough to cover the common set of tweakables."

It's actually written in Python but I suppose the real point still stands - namely it doesn't need a lot of work to get something reasonably feature-complete. This has been around for a while and purely out of interest I got a copy to have a look at and I have to say I'm underwhelmed. The very first file I looked at was the Genesis Makefile to see how everything fits together: it's full of those lone-developer assumptions that should have been bounced out long ago for a project that has got to the point of needing public support. For example it assumes it will be built directly in the user's home directory: has ANYONE else tried building this code? If so why is that still there?

I then looked through the actual source code. I didn't go through it in fine detail but it simply doesn't LOOK like good Python. Dynamically typed languages in particular need a very defensive mindset if non-trivial apps are to be sufficiently robust, but you don't see anything of that kind in the code. You might be able to get it working but it isn't even the beginnings of professional grade code.

Yes, this smells bad and I can't help but feel people are going to go away disappointed.

Microsoft founder Paul Allen's money man wants Redmond to break up


Re: Oh dear

"""Linux was the first operating system kernel to run the x86-64 architecture in long mode, starting with the 2.4 version in 2001 (prior to the physical hardware's availability)

While NetBSD was working on x86-64 since 2001 it didn't run until after Linux.

Well have that completely pointless bone if you want it. He's clearly not talking about the same thing. You are talking about getting isolated code fragments running on an EMULATOR versus device drivers and everything else that makes up a complete system on HARDWARE.

Two different metrics entirely, and all you are doing here is emphasizing how long the work actually took. Linux ISN'T always the first with everything, we already knew that. How long did you have to wait for real POSIX threads or NAT, again? Yes, I know you had cheap copies of each - clone() and IP masquerading - but the real deals?

HP fires sue-ray at makers of Blu-Ray


Re: @Pascal Monett

"No, it's for a new unit. I didn't think I needed to make it clear I was searching for a like for like unit."

"But then I guess I forgot that the internet seems to work at the level of the stupidest person on the planet :)"

The only such drives I see on ebay right now are laptop drives in those USB external housings. Used drives from scrapper machines, in other words, although the housing and box is new. Since the external cosmetics are taken care of the sellers suppose they can get away with claiming them to be new. Look at the economics for a moment: those USB drives are cheaper than the new desktop units. Compare the prices of each at a reputable source and you'll see that is the wrong way around by a considerable margin. The difference there is there is no shiny new housing to conceal a used desktop drive.

Been there, done that with similar DVD drives from the same sellers. I opened up one such "new" unit a couple of months back, to find a drive manufactured in 2008 if I remember correctly. The indisputable giveaway was the Acer OEM label. I wasn't really that bothered to be honest - works fine and what do you expect for twelve quid - but that isn't a like for like comparison.

So, Linus Torvalds: Did US spooks demand a backdoor in Linux? 'Yes'


"A biased sequence can still be random in some senses. The comment to which you reply is correct: all pseudo-random sequences are deterministic, because that's what the term means: a pseudo-random sequence is an algorithmically produced sequence which passes whatever your favourite statistical tests for randonmess are."

In isolation a biased sequence can't be considered to be random. To quote Knuth, "A distribution is generally understood to be uniform unless some other distribution is specifically mentioned" (TAOCP vol 2 section 3.1).

As for the meaning of pesudorandom, that simply implies an approximation of randomness. It says nothing about how the sequence in generated.

Optical archival system - where to buy from?


Re: Tapes

Why do I get the feeling you are talking about some CD or DVD-R's? No one speaks of "burning" the true enterprise media - the very term is an implicit reference to the record-in-one go use pattern necessitated by the crappy sectoring built in to the consumer formats.

You simply "copy" or "write" to the real enterprise formats just like you would any other storage. you wouldn't need to test them post "burn" either - they're generally tested automatically as part of the writing process. In that respect they area whole lot more reliable than magnetic media which basically takes it on trust that the write worked.


Biting the hand that feeds IT © 1998–2021