* Posts by MJB7

419 posts • joined 27 Nov 2013


Boffins promise protection and perfect performance with new ZeRØ, No-FAT memory safety techniques


User Training

User training is an excellent idea, but repercussions for the one person who happened to click on a malware link is pointless. For one thing it's too late - you've still suffered the attack, for another too many people are likely to click - it's that you've got to change.

Hubble Space Telescope to switch to backup memory module after instrument computer halts


Re: Yes, but can it give 110% like is expected in the workplace...

"exceed its capability" - I think that's short for "exceed its _design_ capability" (and is quite likely to be NASA jargon).

Icon: It _is_ rocket science.

Realizing this is getting out of hand, Coq mulls new name for programming language


There are two hard problems in Computer Science

- Cache invalidation

- Naming things

- Off by one errors.

Jokes aside, naming things _is_ hard, and it's important too.

Tiananmen Square Tank Man vanishes from Microsoft Bing, DuckDuckGo, other search engines – even in America


Hanging on to Hong Kong

If the British Government had offered full British Citizenship to all Hong Kong citizens it would have been possible. China would either have extended the lease, or got back a few square miles of territory with tumbleweed. In the latter case Britain would have had an influx of hard working grateful immigrants. That they didn't is mostly down to Norman Tebbit's racism.

Icarus moment: Mozilla Thunderbird was saving OpenPGP keys in plaintext after encryption snafu


Re: Encryption is very difficult to get right


It's easy enough (after the event) to see how to write a test to catch this particular mistake. (Search for the plain text of the input in the output - it shouldn't be there.) But that won't catch the mistake where the input is XORed with a fixed value, rather than a keystream derived from the password ...

It's REALLY hard to test that crypto code is secure.

Big red buttons and very bad language: A primer for life in the IT world


Re: Replacement hardware?

Paper? Use baked clay tablets - still readable after 5000 years.

BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw


That only works if the SW is on a writable flash drive. I would say it usually isn't.


Re: fix

It is perfectly well defined for unsigned types. GCC has an option to make it defined behaviour for signed types too (but that's an extension).

Airline software super-bug: Flight loads miscalculated because women using 'Miss' were treated as children

Thumb Up

And this is why air travel is so safe

There was a full blown investigation, with report, into why an aeroplane took off with just over the regulatory minimum thrust. It only needed a couple of other things to go wrong and it might have crashed.


Re: And little did they realise that they probably didn't save money on outsourcing.

"We did it by intuition, knowing what had to be done to achieve a 100% working solution,"

I call bullshit. I've been writing software for a living for more than 40 years now, and there has never been a time when there was any software without bugs.

Icon: Me.

It's official: Microsoft updates Visual Studio Code to run on Raspberry Pi OS


Why one of the most popular IDEs

I can tell you why I use VSCode: All my code is on my Linux workstation in the office, but I am at home running a Windows laptop supplied by corporate IT, I connect by ssh through a VPN. I don't want to run a GUI on the Linux box because I live out in the sticks. VSCode has a group of extensions that "just work". Click a few buttons, copy an ssh key in the right place, and I'm good to go.

I'm sure vim and emacs could cope, but I _never_ got on with modal vi, and emacs is just too alien from all the other editors out there (editors like the comment box I am typing this in). I just can't justify the several months I think it would take to get back into emacs after 30 years away.

NASA's Perseverance rover in brick form: China set vs unofficial Lego fan design


Re: No, sorry.

There is no other kind.

(Well, some of my parts are painted yellow, and I think I have a few silver coloured ones).

Ex-asylum seeker with infosec degree loses discrimination claim against UK cyber range provider after storming out


"We do not accept that this remark was made to the Claimant."

Of course they accept people lie. "We do not accept that this remark was made to the Claimant." is judge-speak for "The Claimant is lying about this remark."


Re: winding up

The UK is about mid-way between European levels of employment protection and that provided by "at-will" US states (where you can be fired with zero notice because the employer doesn't like the shade of your socks.)

Don't be a fool, cover your tool: How IBM's mighty XT keyboard was felled by toxic atmosphere of the '80s


Re: Smoking

I can do better than the "front half". In 1987 the smoking section of the Turkish Airlines flight from Delhi to Ankara was "the left hand half". It didn't help that my partner was about two months pregnant with our son at the time...

Icon: Suitable protective gear.

I haven't bought new pants for years, why do I have to keep buying new PCs?


Re: When you say "pants",

"Some trousers that are that old"? 2010? Today I was wearing the moleskin trousers I inherited from my father; he died in 1994 - and they were nothing like brand-new when he died.

I use them for DIY/gardening in cold weather, but they are starting to get a bit worn at the knees.

Icon: Similar era.

Valheim: How the heck has more 'indie shovelware with PS2 graphics' sold 4 million copies in a matter of weeks?


Re: Colossal Cave

I _stopped_ playing Colossal Cave rather more than 40 years ago - and the code was xyzzy, doesn't *everyone* know that?

Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gang


Honest thief

There are benefits to being an honest thief: your next victim is more likely to pay up. Or more precisely, there are disadvantages to being dishonest: your next victim is _less_ likely to pay up. As they now appear to have a brand, there is some value associated with that brand.

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?

This post has been deleted by a moderator

Apache foundation ousts TinkerPop project co-founder for tweeting 'offensive humor that borders on hate speech'


Not voting in a democracy is always an option

You can easily write "None of the above" on a ballot. That's spoiling your ballot and will be recorded as such. Not bothering to turn up to the polling station is very different.

LastPass to limit fans of free password manager to one device type only – computer or mobile – from next month


Re: 6 times the use for 1.3* the cost

No, they are guessing that only one person in a household will be clued up enough to want a password manager, but they can get that person to pay an extra 30% by allowing them to give it to significant other, children, parents, etc.

The price of something is what somebody will pay for it; not what it costs to produce.


Re: PwdHash

PwdHash hashes your master password with the domain name of the web site. It's a clever idea, but it fails when, for example, eBay has a data breach and forces everyone to do a password reset. Then you have to remember a _diffferent_ master password for eBay.

Mike Lynch extradition: Uncle Sam offered Autonomy founder $10m bail if he stood trial in the US


"I find it rather odd that, having the [auditors] been fined a nifty £15m for not properly doing what was expected of them ... that this Lynch chap is still on the hook"

The fine actually puts Lynch _on_ the hook. Lynch was required to behave lawfully, auditors or no auditors. His argument was "the auditors said it was OK, so it must have been OK". His problem is that the fine can be construed as the regulators saying "the auditors were wrong to say it was OK".

OTOH, if the civil case finds for Lynch, then it is going to be _very_ hard to argue that a fair criminal trial could find against him (because the standard of proof is so much higher in a criminal case). I presume that if the civil case finds against HP they will try to appeal, and they will try to use Deloitte's fine as part of that appeal.

You would expect a qualified electrician to wire a building to spec, right? Trust... but verify


Re: Building Regulationss require all electrical work to be signed off by a qualified electrician

That's not true. You *either* need it signed off by a member of the appropriate trade body (which is not the same as "qualified") *or* you need Building Control approval. It is usually easier to hire an electrician to do the work and sign it off, but I have a friend who rebuilt his entire house (for which he needed building control approval anyway), and did all the wiring himself.

Over long US weekend, GitHub HR boss quit after firing Jewish staffer who warned Nazis were at the Capitol


Re: I'm confused

I don't think German makes it easier. "Es" translates as "it" in English - and you wouldn't "Es" for a person any more than you would use "it", and for exactly the same reason.


members, supporters or sympathisers of the NSDAP

The point is that I think these individuals *were* sympathisers of the NSDAP.

Pizza and beer night out the window, hours trying to sort issue, then a fresh pair of eyes says 'See, the problem is...'


Re: Proof reader

I have a problem typing German. I'll think "und" or "oder" but my fingers will type "and" or "or" (and of course it's invisible to this native English speaker).

I built a shed once. How hard can a data centre be?


Re: No wonder St Catz is a bit... odd. ;-)

Probably because they can't spell Catharine properly.

Yes, mine's the one with the St Catharine's College, Cambridge scarf in the pocket...

Watt's next for batteries? It'll be more of the same, not longer life, because physics and chemistry are hard


Re: So ...

There's a car charger in the open air near my flat in Switzerland which claims to offer 100kW charging. A little googling suggests it is operating (today) at about 1000V and hence must be shifting 100A. I find both those figures terrifying. (Particularly putting 100A through a connector which can be operated by an untrained little old lady, and one end of which gets bounced around in a motor vehicle!)

I think a *lot* more than 1kW gets dumped in the cable - some chargers come with liquid cooled cables. (Of course, this does nothing for the overall efficiency figures - but you only need this rate of charging for emergency charging, not the overnight charge at home which will probably cover most uses.)

Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm's CRM customers


Re: @sgp - Probase director Paul Brown

"If I try to fix the electrics in my house, and as a result of my incompetence, someone is electrocuted, I have committed a crime.": Maybe - but maybe not. Basically only if you are negligent (which is a higher bar than "incompetent").

GitHub will no longer present a cookie notification banner – because it's scrapping non-essential cookies


GDPR scope

Actually it's both anyone in the EU and EU citizens anywhere.

Seagate says it's designed two of its own RISC-V CPU cores – and they'll do more than just control storage drives


Re: Apple

On the scale that Apple works at, the licensing costs for Arm may not be that significant compared to the costs of switching to RiscV. Apple are probably using RiscV in their commercial discussions with Arm already.

Apple's M1: the fastest and bestest ever silicon = revolution? Nah, there's far more interesting stuff happening in tech that matters to everyone


Re: Low number of Thunderbolt ports

The OP doesn't attribute the low number of Thunderbolt ports to an inherent limitation of Arm (we know they can do IO). He attributes it to a limitation of the M1 SoC. If that is so, it is probably going to be a problem quite quickly.

A 1970s magic trick: Take a card, any card, out of the deck and watch the IBM System/370 plunge into a death spiral


Re: No recursion in Fortran

Some systems (for example Prime minicomputers) had a non-recursive CALL instruction: CALL X would store the current program counter at X and then jump to X+1. Return was just a matter of picking up the return address from X and branching there.

'We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash


Re: No more user names

Yes, I read "No one *in the organization* will be able to use Productivity Score to access data about how an individual user is using apps and services in Microsoft 365." (my emphasis) and wondered who, outside the organization, will be able to.

GitHub's journey towards microservices and more: 'We actually have our own version of Ruby that we maintain'


"Microservices doesn't replace good architecture."

The title is the best quote of the article (and it can easily be recycled by replacing "Microservices" with buzzword-du-jour).


Own version of Ruby

I very much doubt this postdates the Microsoft take-over. I'm not in the least surprised; given a bunch of committers to the Ruby eco-system, the simplest solution to a problem could easily be a branch of the Ruby code.


Re: I know I'm too old to be agile

And I'm 62 was lucky enough for my first exposure to agile be somewhere that did it mostly right. (Yeah, I love it too.)

AWS reveals it broke itself by exceeding OS thread limits, sysadmins weren’t familiar with some workarounds


Re: Plan One

No. They are planning to shift from "many thousands of servers" to either "a few thousand servers" or "many hundreds of servers" - not "tens of servers".

UK coronavirus tier postcode-searching tool yanked offline as desperate Britons hunt for latest lockdown details



For a small, fixed, set of keys (like post codes), it is quite easy to algorithmically produce a perfect hash function. With a perfect hash function you just need an array of corresponding tiers which you index into.

The interesting question, is how hard is it to algorithmically produce a hash function which maps the keys directly to Tier 1, Tier 2, Tier 3?

Who knew that hosing a table with copious amounts of cubic metres would trip adult filters?


PDP-11 debugger

The PDP-11 debugger was called the "Terminal Interactive Testing System", with the obvious abbreviation. I still remember when a programmer came bursting into our room to report that Chris had been talking to our (rather well endowed) female boss and innocently said "I learnt all I know about TITS from you".

That was my first job (40 years ago), and about a third of the programmers were women. I think they hadn't had the opportunity to learn that "computers were for boys" at school.


Re: Don't you just love teh metrics ...

Ein Stere is the normal unit for purchasing heating wood in the southern Black Forest too...


Re: Wang Care

Given that Robin Williams managed to get a character called Mr Wanker into Mork and Mindy, I think it is safe to assume that an American company wouldn't have had a problem with "Wang Care". (Robin Williams *did* know the British meaning of the word.)

Sopra Steria: Adding up outages and ransomware cleanup, Ryuk attack will cost us up to €50m



"training staff to not click on phishing emails" - I don't doubt the insurance company will try and avoid paying out because of the lack of training, but we know that (to a first approximation) such training doesn't work. Training staff not to use email from privileged accounts is much more likely to be useful.

Considering the colonisation of Mars? Werner Herzog would like a word


Re: There’s hope yet!

"hypergolic with sand and test engineers" - that's not ClF3, that's the description of FOOF (which is also used in semi-conductor processing and as a rocket propellant).

Manchester United working with infosec experts to 'minimize ongoing IT disruption' caused by 'cyber attack'


Why call the ICO?

Probably because they can't yet *prove* that no information has leaked. There is no downside to telling the ICO the outlines of what they know, and considerable upside if it turns out they are wrong and information *has* leaked.

When even a power-cycle fandango cannot save your Windows desktop


Re: Too Many Stories!

Transparent liftable shields over emergency stop buttons almost certainly *do* conform to regulations. They even have a name - "molly-guards" (originally named for one "Molly" who kept turning off a mainframe).

The scary thing is that Molly is probably only in her 30's now.

Watchdog signals Boeing 737 Max jets can return to US skies following software upgrade, pilot training


Dating back to the 1096s

I *like* old designs. We've got most of the bugs out of them. The problem with this was the new bit of the design.

Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans


"Secure enough"

"Secure enough" usually means "the cost to break is higher than the potential gains".

Biden projected to be the next US President, Microsoft joins rest of world in telling Trump: It looks like... you're fired


Re: Pugh, Pugh, Barney McGrew, Cuthbert, Dibble, & Grubb

"before indicted, let alone convicted" is *definitely* not a problem - Ford pardoned Nixon before he had been indicted, and nobody suggested that made the pardon invalid.

Pardoning yourself would probably *not* pass muster though. Not to mention that the President only has the authority to pardon Federal crimes, not State crimes, and the New York Attorney General is very interested in some of Trump's actions.



Biting the hand that feeds IT © 1998–2021