Posts by Doctor Syntax

Re: Remember the Millenium Bug?

"those risks were in fact minimal if not non-existent."

I've trotted this one out a few times but it looks as if it has to be repeated. I had a client for whom I'd got new live and backup ready because the old ones (actually, the old backup server to be precise wouldn't run the Y2K-ready version of their application. We were all tested and ready to cut over between Xmas & New Year. Their beancounters refused to let us go ahead because they didn't want to take the risk!!! of migrating before they'd gone through their year-end closedown of the books.

So for a fortnight we had the application vendor logging in on about a daily basis, maybe more, maybe less, to fix the data corruption we kept getting. It wasn't, therefore, an absolute disaster - a pity as I'd have liked to have had to take them back to the end of December and make them re-input several days work - but I don't think you can count daily remote access to fix corrupt data as a long-term working solution.

Yes it was a real problem. Most people weren't that stupid so didn't get to see what could have happened.

And BTW however much money was to be made out of Y2K not much came may way - 99 was the slackest year I ever had.

Re: "I'm still amazed that no-one else had found this vulnerability* "

their biggest patch was "Shift toBuy Windows Whatever-is-current"

FTFY and I'm not sure their intended benefits extended anywhere beyond themselves.

Re: Is what we might learn about the terrorists worth risking people's lives for?

@WatAWorld "If you patch the NHS computers, civilian computer types are going to know..."

Which is why I said the "suggestion" would be to block SMB at the firewall, which can be justified for other reasons.

Blocking SMB at an external firewall would be effective against external scans. If you're running SMB internally because that's how your network works and the malware is distributed by phishing scams than it really doesn't help very much.

Re: "Focusing"

Bob,

If you're against things that cause eye strain, pleas give the caps & exclamation marks a rest. Just make the effort to type normally like everyone else.

Re: Business users

"It is an in joke. You have to be in the group to know what it means."

In jokes limited to a group are not the best approach to wider communication although I'm not sure wider communication is Bob's intent.

Re: I don't know...

In order to perceive distance you first have to perceive the objects in the visual field. That in turn involves edge detection. Then you have to correlate the relative positions of the objects as seen from the two eye points and the feedback from the muscles controlling the eyes. It's all massively parallel - some of the processing seems to be done in the retina itself. And none of it is conscious so I'm not sure that the I bit of AI applies.

Re: I wonder...

The precedent that it "should" work is that it is how us humans do it.

The way we humans (and bats) do it is by having massively parallel processing available. You're right to point out that it's not only distance but also speed that matters. Both of those give timing and that matters even more. You don't mind occupying the same piece of road that another car will occupy but you really don't want to occupy it at the same time.

Re: Confused....

"So... because we might want to fly in the EU, we should adopt their regulations? That makes no sense whatsoever. What rules we follow domestically does not dictate the rules we follow in other countries."

IFAICS what you're saying is that instead of having one set of regulations we could have two? That'll simplify things, take back control, cut red tape and [insert pro-Brexit slogan of your own choosing].

Re: Here be snowflakes...

"I dont understand where the problem is. Before the EU we wrote our own regs. Our own regs are so good the EU adopted a number of them. How is this a legitimate problem? Or do you have some kind of xenophobic problem that people in the UK are too thick to function?"

From TFA: "The [UK's Civil Aviation Authority, the CAA] hasn't got the capacity or the expertise to provide an effective standalone aviation regulatory organisation. It did have, 20 years ago, but we've sacked three quarters of the people. And the expertise... has gone to join EASA,"

Of course we could try offering suitable salaries to tempt them back. Repeat that over and over for each situation where that happened and see how much change is left over from all that money we save by not paying into the EU budget.

Re: Eternity

"The obligation to correct defects in a product that should never have been there in the first place should never expire."

It's also an obligation that might substantially reduce the number of such defects in the first place.

Re: Somebody should be fired at your NHS

" In addition to being resilient to attack a VM can run on modern hardware, it's not limited to antique machine like native XP."

You do realise, don't you, that in some cases you're dealing with real time S/W that twiddles bits directly on specialised H/W?

"But the problem is not so much that support was stopped for XP, it's that hardware like this should never have been based on XP in the first place. It isn't Microsoft's fault; it's the fault of the developers of the hardware."

The developers were probably in a bit of a bind themselves. The introduction of commodity H/W and S/W killed off the minis and Unix workstations that were used previously. Even if it hadn't it would have enabled competitors to have undercut any who still used such kit.

What would have helped would have been the certification authorities requiring long term support. That would have either required MS to offer it or, if they didn't, would have levelled the playing field and allowed specialist workstation manufacturers to survive. That in turn would have needed the certification authorities to have anticipated the situation we now have.

Re: "ultimately this means that the end user can take control"

"But I know many coders who can do that kind of thing easily. And do."

And write a distributed version control application in passing.

Re: Who is going to do the maintenance?

"To provide full support for all its old systems MS would have to have large numbers of programmers trained up in those systems (no one person can know more than a small part of code that big)."

They could save money. They could ship better code in the first place.

And your general thesis founders on a single fact. They have already issued a fix.

Re: Beancounters

What the beancounters probably choked on wasn't upgrade or replacement of client platformss. It was the rewrite of the whole client/server system so that the clients didn't depend on running on XP.

Re: Support it - or Open Source it

"So how do they open source the code without revealing 80% (guess) of their code still used?"

They can't open source it in the FOSS sense which I think is what the OP meant.

What they can do is put the source code, including patches, into escrow. If the vendor turns their toes up or if they cease support then the source can be released to specified interested parties wrapped up with whatever conditions were mutually acceptable when the original transaction was entered into. I've seen that made a condition of an RDBMS installation.

Another option would be to make the source available to interested parties all along under NDA conditions. I've had one gig where part of the source was exposed like that, the user interface being the main part that was concealed. It served the vendor well as they got free debugging.

Re: Reluctantly

"However you cannot expect a vendor to continue to support the product indefinitely since it is in no way a cost-free activity."

We're looking at a fault which should never have been present in a shipped product. Are you saying that if they manage to get away with it for x years they get a free pass if it brings the house down in the future?

"Yes it is slightly more complicated, but once you've worked out the details you can semi-isolate lots of similarly challenged pieces of kit. (Perhaps the chaps at http://www.nhsbuntu.org could help you set it up.) Yes, it isn't perfect isolation, but it is a perfectly valid component in a layered defence. Yes, it is a pain in the butt,"

And yes, it it impinges on any certification the original machine requires than either you've got to hold off for a few months while that's sorted out or simply shut down for that period.

Re: @alain williams

"Those PCs were sold with Windows 7 Professional + downgrade rights to Windows XP, so there weren't even any licensing issues about upgrading and getting continued support."

The PC and its OS in such a situation is likely to have been only a component in a larger system, a system which required XP because some client/server application were the client end won't run on a later version.

You inevitably end up having to consider a more complex situation where simple solutions don't work. Yes, tou could argue that the original system shouldn't have been put together that way. Maybe it wouldn't have been if the original developers only knew what a later OS version was going to break.

The real world is much more complex than all these "simple" solutions everyone keeps coming out with can handle.

Another characteristic of the real world is that evaluating each "simple" solution for each individual case takes time. Half a dozen individual installations with unique, complex requirements could take a lot longer to update than a large office of routine desktops with a common build.

Re: Forced to support forever

"Of course 16 years is too long to expect a company to support a product"

There's a difference between supporting a product in terms of adding new functions or drivers and fixing a defect which was present when the product shipped.

But let's not lose sight of the fact that when the shit finally hit the fan MS made a fix publicly available within hours.

If they were under no obligation, it was too long to expect them to do it etc then why did they do it?

I can think of three explanations:

1. It was to mitigate a PR disaster.

2. Events brought it home to them that they had a moral rather than a commercial responsibility.

3. They anticipate legal action and are attempting to mitigate any penalties.

I don't think the last one flies - it simply points out the fact that they'd held back something that could have been made generally available.

But let's not lose sight of the fact that for whatever reason they have done what lots of commentards have said they didn't have to do.

Re: All products have a support life

"OTOH should we also be looking at the suppliers of MRI scanners etc which are often blamed for being the cause of 'staying on a known OS'. They ought to be obliged to release software for newer versions of their chosen OS (whether that's MS/OSx/*nix/*BSD/....) for the expected lifetime of the machine (probably more than the expected life actually)"

A recent post by an engineer who's worked on such kit suggests that this is by no means straightforward and you could actually brick the instrument by getting it wrong. At the very least you'd have to re-certify the new combination.

Re: Lawyers

"As far as I can see it also went to those who used a well known registry hack to continue support for XP!"

That wouldn't be a viable option for anyone who needed to maintain some sort of certification.