Posts by Doctor Syntax

Re: An ex employer did that too.

Had a similar experience at a client where two directors had one of their stand-up rows in the main office in front of their staff and several of us freelancers* about which way the application should make up production batches. This wasn't resolved.

A colleague wrote a work of art solution where every possible parameter affecting batching was held in the database with a big data-entry form so the operators could set it up in whatever way they were told. We set up some reasonable looking values before it went live and as far as I know they were never changed.

* Obviously their frequent toys out of the pram events were one of the facets of face-to-face communication, team integration & what-not that you miss when everyone's working from home.

Re: "Unix windowing goes back at least to 1984 with X."

"a large number of Linux UI applications are written in Java"

ROFLMAO

Re: ASCII art??

"updates are released to a schedule and can be easily installed"

My experience with Windows is that updates are a complete and utter pain to install. They're slow to download hang up the entire machine for as long as they want, they fail, they reboot the machine. Linux upgrades download and install quickly unless you're doing a complete OS version upgrade. They only need a reboot - at your convenience - if they're kernel upgrades (and there are ways of patching running kernels) although if a service is upgraded it will need a restart. In my experience upgrades of services ask before restarting.

It's worth remembering that most people who run other OSes have also suffered Windows and are in a position to make comparisons. If you only run Windows you don't know any better.

"How do you get electronic images out of a borked system?"

You start by looking at how to avoid getting the system from which the images come from being borked. Start off by considering the system to be standalone. If it isn't terribly useful what is the minimum set of remote access facilities needed to make it useful? You want somebody to view the images remotely? Just sticking it on the hospital LAN is not minimal. Minimal might be a connection running through a firewall that only allows X-11 protocol. Even if you run the X server* on a Windows PC that gets borked X-11 is not going to be the sort of protocol to tell the CT system to go bork itself.

It's like the old saying puts it - if you don't design a system to be secure it's hard to add on security afterwards.

* The server is the bit that supplies display services, the one with a screen attached, not the one that provides the images.

Re: Why?

"You can't apply security patches until they have been tested and certified by the manufacturer..."

And there needs to be an obligation on the manufacturer to do it promptly.

A certification process which results in the equipment becoming unsafe is not fit for purpose.

Re: Citrix VPN

And suddenly, all the "Shouldn't be using Windows, it's their own fault" types are looking a bit foolish.

Citrix VPN might have been the entry point. It was Windows systems that got encrypted. Who's looking a bit foolish?

Re: It's money, as usual

Hospitals in Germany mostly belong to large chains that are profit driven. If they can shave a Euro from the budget by buying cheaper mice, they will.

But if a security-measure costs money to implement and isn't obviously required by law, they'll just skip it "because we've been good so far, right?".

I assume they have insurance. The insurers should look at what they're on the hook for with badly protected systems and make sure protecting the systems is cheaper than paying the premium. If people will only do things right if it costs them less up-front then make it more expensive up-front to not do things right.

Re: Analogous to “Because I saw you tie your shoe laces, I ran over that kid”.

"Medical equipment is also certified, which means it can't get OS patches until they have been certified by the equipment manufacturer, which can take an age."

Let's deal with that one straight away. No commitment to prompt certification of OS patches, no certification for your potentially lucrative piece of medical kit. And all source code must be documented and escrowed - perhaps along with a dowry to enable someone to take it over if you decide to duck out.

"if the diversion is an hour away emergency patients should be seen and paperwork can be sorted out down the line."

Wouldn't it be great if there was a technology that would let you scan in paper-work, transmit it over an ordinary telephone line and print it out at the other end. Might not have helped in this case but as a fall-back it would be worth having.

Re: ASCII art??

A good Linux can make people regret they're still running Windows.

Re: Analogous to “Because I saw you tie your shoe laces, I ran over that kid”.

At a guess it's people like this, working in hospital IT or hospitcal IT procurement, that mandated Windows over earlier, better options and brought this situation about.

Re: Analogous to “Because I saw you tie your shoe laces, I ran over that kid”.

Unix windowing goes back at least to 1984 with X. The X protocol reached the current version, 11, in 1987. I'm not sure W95 was eve a gleam in Bill Gates eye in 1987. It was also possible view X with a dedicated X-terminal although I'm not sure if anyone still makes those. I'd hazard a guess that all early development of CT systems was done on Unix graphics.

If you really think Linux and other Unix and Unix-like systems are restricted to characters you really need to get out more.

I've done work for a company where production, handling lots of PII was kept well separate from the office system and its vulnerabilities. It was, in fact, a condition of some of their contracts. It might be inconvenient in some ways but it would have been a lot more inconvenient to admit to their clients that they'd been breached or to have production stopped for days because some toe-rag had encrypted their systems.

Re: Why?

The germ of the solution is in your cutting machine story. The owners were able to force an admittedly not very satisfactory solution. For medical equipment there , in principle, an easier way to do this and do it better. A couple of decades or more back it wasn't unusual for servers to have remote support via dial in lines which could be unplugged when not required. Medical equipment has to be certified. A certification requirement of remote support via a disconnectable channel would cut out one weakness. The politics of getting such a requirement in place, however ....

Re: Encryption should be automatic

"A man-in-the-middle just need to intercept the email, remove the senders public key and put theirs in and sent the email to the destination."

Or just spoof the email address. How many people actually check the source of the email?

Re: identity and encryption

"Ultimately to prove identity is to meet each other face to face and exchange public keys, then sign them. At a key signing party. Unfortunately that is a barrier but that is the ONLY way to confirm beyond a doubt that it is YOU behind that address and if you do key signing correctly, behind ANY address and ANY key you sign."

Who's YOU? Even face to face you have to take somebody's word for who they say they are. If somebody tells you they're fred@example.com how are you to know that that's who they really are? A better way would be to have example.com's mail server tell you that fred@example.com's public key is. You still don't know whether fred@example.com is Fred Bloggs, Fred Flinstone, Frederick the Great or my late uncle Fred of course.

Re: Encryption should be automatic

"Thunderbird should sent a public key with every email in the meta data."

How many public keys can HMRC and IRS have?

Re: Wheeled office chairs

Maybe that happened if it wasn't bribed suitably rewarded.

Re: Wheeled office chairs

Really shouldn't let BOFH train the guide dogs.

Re: Why????

"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!"

You think not?

The SCCs have been sunk as a means of stopping the Privacy Figleaf from shrivelling completely. With that and the playbook already written it's the next obvious step for the EU. Apart from that, India seems keen on having its own offerings. And, of course, China.

I suppose for the UK trying to pull such a deal would get in they way of the much sought after trade deal although touting the UK as the best place in the world to run such a service might appeal to BoJo.

Re: "I want a cut of the money to the US government"

There are other names for it.

Re: Key fact missing

The even more important detail is will he be able to find who did it?

Re: The no-code approach

There's always another one of these coming along. I suppose it's vendors always imagine it will be the last one even if they don't realise it's not the first.

Re: you could read that two ways...

"It is unfortunate that we dont know what we need to invest in until the time arrives or even has gone."

Especially "has gone". Hindsight is a wonderful thing.

Re: Y Service

In order to hide the fact that they'd cracked it they couldn't take advantage of it all the time. Unfortunately one of the ones let go was the Coventry raid. To make matters worse it's possible that Dresden was seen as a reprisal.