Posts by Doctor Syntax

Re: The Reg goes all EFF, yet again

Let's take some of that apart:

"There are problems with criminal behaviour on the internet which are obvious to ordinary people even if the computer nerds deny that."

Yes indeed. The general public needs protection. That protection includes ensuring that they can use the interest securely.

"Law enforcement needs powers that ordinary folk don't have."

This is where it gets tricky. If such powers are created how can they be confined to the hands of the good guys? What the computer nerds know and you clearly don't is that they can't be so confined.

If you take a route of weakening encryption so the good guys have a back door that weaker encryption will sooner or later get cracked unless accident or corruption causes access to leak out first.

If you take the approach of encrypting the data strongly but send a copy with equally strong encryption but using a different key to a monitoring service that service will become a major target. There are numerous reports of wrongful access to the PNC. The only way this will be different is its greater value.

If you take the approach of an on device scanner you will have two problems. One will be false positives and the concomitant miscarriages of justice. The other will be a supply chain attack; a process with the access that would need would like a monitoring service, be a hugely valuable target.

Whatever option you choose you vastly increase the attack surface of every citizen's innocent and lawful use of the internet.

If you think a foolproof system exists - which seems to be HMG's view, then the computer nerds, from long experience, know what you should do to back that up: produce a proof of concept that will withstand proper scrutiny, the sort of scrutiny which will seek out its weak points and conceptual errors and produce a counter proof of concept to break it.

This idea has been flying about for years. Where's that proof of concept? Nobody's produced one. Maybe that should tell you something - that when the computer nerds deny it can be done, they're right.

And by the way, I've spent my years in the law enforcement trenches and the one thing I can tell you about this is that I don't want it because I know it will make matters worse, not better.

Re: The Reg goes all EFF, yet again

"It's remarkable how many people fail to grasp this simple concept, isn't it?"

The entire Home Office for starters.

Re: Last Rites, unfortunately...

"who-reads-the-daily-mail"

"The wives of the people who own the country."

Re: "Nothing to Hide, Nothing to Fear."

"anecdotally, there is a strong suggestion that this is due to the environment in the Home Office shaping the Home Secretary, rather than the other way around."

Sajid Javid's article in the Times after being appointed Home Sec. demonstrated this. He gave an account of being brain-washed so thoroughly he didn't realise what was happening to him.

Re: Not holding my breath

"90% of vehicles driving in the expanded ULEZ in November 2022 were already compliant,"

If that's the case it scarcely seems worth the effort of going ahead with it. I suppose the cost/benefit study included brownie points in the benefits.

Re: Not holding my breath

I don't think they've reconciled themselves to the private car being able to take people anywhere yet.

They definitely have. Over the last 20 years etc.

I think you need to look up the meaning of "reconciled".

Re: Computer MOT

A question good for any problem up to and including computer fire has spread to entire house.

OTOH I have to admit that I was asked to look at cousin's daughter's problem with her ADSL box. Turned it off & on again - voila!

Re: The Reg goes all EFF, yet again

I've said this before here and it looks as if I'll have to say it again:

If people are setting out to do something which breaks the law they are not put off by being given more laws to break.

No, I'm not on the side of criminals. Far from it. I spent a third of my working life investigating crime and terrorism. In this case they'll either encrypt stuff before sending it via a channel that's open to inspection or they'll use some illegal app. In the meantime the law-abiding will be stitched up with 2nd rate insecure apps for their web access.

Let's just remember a very important British principle: the presumption of innocence. Let's realise that the vast proportion of online use is for legitimate purposes and the users deserve secure services.

Re: Not holding my breath

"The idea that anyone can use a computer to do / read / create just about anything is totally at odds with the politician's desire to control behaviour and conceal information."

I don't think they've reconciled themselves to the private car being able to take people anywhere yet. Anything as newfangled as a PC stands no chance.

Re: Computer MOT

That sounds like the voice of someone with a story to tell. Go ahead, we're all friends here.

Re: Companies which don't deliberately compromise user security will be fined

A government that has resigned itself to losing the next election isn't going to worry about a public backlash to its policies.

Re: Good encryption by default

Just about everyone online has something to hide. Something they're contractually required to hide.

Look at the Ts&Cs of online banking, online shopping, online everything else. You are obliged to keep you access credentials secure. How does that get done when you enter them via a device that has been made inherently insecure?

Re: Emergency Vehicles...

"Should have equipment on board them which signals to autonomous vehicles that they are to, not exactly shut down (because there is nothing worse than an ambulance being impeded by a stationary vehicle with no means to get past), but to behave in 'clearly defined and signalled ways' to enable the emergency vehicle to be aware of its presence and be certain of its safe navigation past it."

They do. They have flashing lights and sirens. If the AV doesn't respond properly the blame's on the AV, not the EV.

Re: CPUC vs DMV

Or take the aircraft industry approach. If there's a systemic problem ground the entire fleet until it's fixed.

Re: Well forget the second accident

Experience says they can't. Cruise & the rest claim to have millions of miles of experience so far and yet they have the ability of an 18-year old who's had a few hours of instruction, passed a test and racked up maybe two or three hundred miles dirving experience. ITM that they don't have millions of miles of driving experience, they have a few miles a million times.

They might, of course counter that vehicles are developed in different ways to human drivers. Fair enough - develop them with the same rules as aircraft (not Boeing, obviously). When an accident occurs due to the operation of the vehicle suspend the entire fleet until the problem is identified, corrected and the correction tested.

Re: It CAN be easy

My experience with a clean install was that I downloaded the install ISO image (the RC version a few weeks ago), dd'ed it onto a plain USB dirve (actually an SD card in a USB adapter) but none of your fancy mulit-boot stuff. It just booted with no faff.

It did complain about having no wifi drivers but found the SSID with no problems - the previous version did this too and so di Debian back in the days when it really didn't have the drivers and had to be connected by wire. Is this a bit of ritual hard coded in the Debian installer for old times sake?

What does annoy me is that for some reason it won't install to LVM2 logical volumes. Is memory playing me false in thinking it (collective "it" forDebian & Devuan) used ti? Or is it playing me false in overlooking something?

Not as short as they wanted.

Re: POLL anyone?

You could try installing Linux directly in a dual boot setup.. Windows used to bully its way into taking over the entire drive IIRC and maybe still does so you may not realise that a Linux install can coexist if you have free space - you just have to install it after Windows. There may have to be some tidying up to be able to reduce your Windows partition but you should end up with an option to boot directly into either OS. I haven't tried it but I believe that the existing W10 can then be set up to run as a VM under Linux.

Re: We should distinguish between server and desktop - and mobile

I quite agree. There's a lot of userland that isn't GNU, especially if when a non-Gnome desktop manager is used.

Re: POLL anyone?

Devuan is currently listing nearly 65,000 packages. There's very little call for other repositories.

Re: If only it had ditched the systemd cancer...

The Debian-based version has been present in Mint for a good while.

Re: We should distinguish between server and desktop - and mobile

What OP refers to as Stallman style is $Userland/$kernel. Hence Debian, Red Hat & the rest are GNU/Linux with a largely GNU userland if "you" (FSF) conveniently disregard the likes of KDE. But Android provides the userland on phones hence Android/Linux. Linux is not GNU.

Re: We should distinguish between server and desktop

"And Linux ones are EVEN WORSE."

Could you be specific? At least some of the GUI email clients are cross platform and, from what I've seen of Outlook aren't very different in UI and capabilities. I'd agree that even the best email clients fall short of what I'd want but this applies across the board. I haven't seen one that I wouldn't want to replace with something better.

First you upgrade the current version with apt update followed by apt upgrade

Second you change the repositories in /etc/apt/sources.list

Third you run apt update to get the new list of packages to be changed

Fourth you run apt upgrade again - at least this is what's advised

Fifth you run apt dist-upgrade

Sixth you clean up with apt autoremove --purge

See the first answer here: https://superuser.com/questions/1554163/what-is-the-difference-between-apt-dist-upgrade-and-apt-upgrade

Re: free (as in beer)

"when servers were pets, not cattle"

I always thought of them as work horses - and I don't want to eat horse meat.

A couple of notes on the upgrade:

1. I went the advised route of apt upgrade followed by apt dist-upgrade. In the middle of the first phase it ground to a halt with missing dependencies for gdal3 relating to ODBC packages. It's the sort of thing that apt -f install should sort out automatically but I had to work out the dependencies myself and install them. I suspect that the missing packages would have been included in the dist-upgrade phase as at least some of the applications depending on gdal were installed then. Have the testers done their installs with only dist-upgrade which would have hidden this?

2. It replaced keepassxc. The version in use had been built from source. The new version has the fuggly Breeze icon style as does the latest downloadable source. Grrr. No matter, I'll rebuild the latest version with the icons from the earlier source.

Re: Failover backup redlining

Paranoia is the price of freedom. Vigilance is not enough. - Len Deighton

Re: Failover backup redlining

I should add that the disks were mirrored at the controller level and again in software - i.e. quadrupled. We never had a disk failure but the backup tape drive failed fairly regularly.

Re: Failover backup redlining

The key here is "most of the time". If it rises closer to 100% some of the time that "some" might be quite important. And things might get scary when that happens. I ended up spending a few Friday lunch-times* watching a server engine eat up more and more memory (due to a badly written 3rd party program which I eventually managed to get fixed) and having to allocate memory on the fly. If it overran it crashed and left a nice mess to clean up. If you don't want to spend your time doing that then going along with the sizing might be a good idea.

* Nice scheduling of the weekly invoice run, manglement.

Re: Failover backup redlining

And make sure the users know this and understand the implications.

Re: Sue You, Jimmy!

They also have the deepest pockets to pay lawyers.

Re: Have a hundred upvotes

"the user of these system know a lot about their domain. They know a lot more about it than some database designer"

They very likely know a lot more about it than their manager. If the manager wants to lay down how the system is to be used you need to get past them somehow. "Yes, I quite see your point but we have a set process. There's a 'Speak to user' task in this phase. More than my job's worth mumble mumble. I'm sure you'll agree I've got to be able to say I did it."

I'd say the design is likely to evolve from two different starting points. One is how it's supposed to function - the UI, the other is the data. The data which might be dictated by the domain, by established standards such as RFCs. The balance between the two will vary from project to project - the UI might even dictate the data at one extreme.