Posts by Doctor Syntax

Re: Pah

As a Perl programmer did you actually put them in in the first place.

Re: "Even if something has been written in Java in 90s that is still 20 years ago."

"that makes the software out of date"

No, it makes it require maintenance. Development is the process by which software is launched into maintenance. It usually spends most of its life there so it's no excuse for assigning the least competent staff to the job. Neither is it an excuse for relying on maintenance to do all the bug-fixing that should have been done during development (did someone say continuous release?) so documentation and testing are equally important in both phases.

Re: "...a 10-15 per cent charge on that project..."

'Traditionally, the "last 10%" (suc) (sic) of the code requires the other 200% of the budget.'

Re: Distant memories

"all the exception routines which made up over 90% of the average programme and were probably never used in production."

Like all safety devices, you hope they're never needed but when they are they're really needed.

"So sheer volume is no real measure of how good or reliable the code is. Although the more lines of code there are the higher the odds of an undetected flaw."

You're arguing against yourself here. All those exception handlers are there so that you can detect flaws. It's lot's of lines that don't do checking that are the problem.

"Exactly what purpose that was, and whether the code path might be required for some random future transaction is not always something that is clear."

It should be if the code was properly documented and the best place to do that is in the code itself, not in some separate document that's either been lost or never updated since day one.

"I am a coder, its the quality of the code not the length, if its there then it has purpose"

And very often that purpose is to deal with Stuff That Should Never Happen when it happens. The more you've got of that the better.

Re: Extend this idea of restricting write privileges

@Paul

You need to think outside current models. Here's one.

One admin user has the power to allocate blocks of storage for a specific application. It can neither read nor write to those blocks, just allocate them. The user has to log on specifically as that user to do that - no privilege escalation is allowed.

The specific application does nothing but provide access to specific clients. It has complete and exclusive control of the blocks allocated to it. Once a block is allocated no other application can read or write to that block; there is no super-user which can also do that, not file system which kernel routines handle. The application enforces access writes based on a combination of both client application and user. The server application starts on boot-up or has to be restarted by a specific log on - no escalation of privilege is allowed.

Write access can be tied down completely - the server can be configured at source to only accept requests from specific applications. If the server isn't so configured then control is devolved to a specific admin user who can grant write access to specific clients. This admin can also specify applications from which read requests are handled and can optionally grant this right to specific users. The admin user has to log in specifically, no escalation of privilege is allowed.

Software installs and updates are handled by a specific user ID which checks signatures of install/update files. The user has to log in specifically to do this, no privilege escalation is allowed.

Granting user credentials? You guessed it. A specific admin ID to be logged in, no privileged escallation allowed.

So Cryptolocker can neither read nor write your office files directly. It probably can't have read requests accepted and it certainly can't have write requests accepted. It can't escalate its privilege to reallocate the office storage space to itself nor can it escalate its privileges to install itself as the server for that space nor even escalate its privilege to allow itself access, even if the server accepted such grants of write access, all these actions require a specific login, each with their own credentials. On a privately owned machine the user may have the credentials for all these admin IDs but in a business environment this is unlikely. This would make it significantly more difficult to persuade a owner/user to compromise their own machine and in the case of properly administered business networks it would require the collusion of one of the admin team.

You say Windows can have compartmentalisation of admin rights. But can it have compartmentalisation of access to hardware resources?

It makes admin less convenient but in part we are currently victims of a trend to make admin more convenient at the cost of reducing security. That isn't a good trend.

Re: @Doctor Syntax

"Windows has much of this built in and has done for a long time."

So if, for instance, I installed MS Office on a Windows PC I could configure it so that only Word can write to Word documents and only Excel could write to spreadsheets and that either format could be read to email them but neither could be read to copy to a USB drive?

"The board demands reports on 'cyber security' then complains they can't understand it then refuse all attempts to provide awareness training to them. They read reports then complain that it mentioned 'risks' and 'vulnerabilities'. I had to change them all to 'opportunities for improvement'."

Maybe the problem is in the presentation. Use language they can understand so the report becomes its ow awareness training. Introduce information security, risks and vulnerabilities by stating that they have to be accepted as such, euphemisms won't make them go away and they have to be dealt with which you're sure your board is capable of doing although lesser directors might shy away. And if that doesn't work, get your CV out there.

Re: Brexit?

"So you're giving up on making the UK democracy work and hoping someone else will over-rule our democracy."

A strong court system is the best counter to government over-reach.

Both major parties have been quite keen on surveillance. Had the other David got the leadership of the Tories it might have been different but they went for a Blair-alike. The opportunity of voting a non-surveillance party into government under current circumstances is pretty-well non-existent so until that changes we need the court's protection.

Re: Brexit?

"But it's exactly things like this id card nonsense that drive people to want to get out of Europe."

You think the alternative wouldn't lead to worse? As things stand the European courts can slap down UK surveillance attempts and if we go through the legislate/slap down/legislate cycle enough times even governments might start to get embarrassed.

"Faecebook have been demanding ID such as passports and driving license / ID cards."

Do they?

I wouldn't know & don't care. If you imagine you need it then you I wouldn't be surprised if you fall for that sort of stuff.

Re: @ Doctor Syntax

I just checked. You were one of those commentators.

Re: @ Doctor Syntax

This is a story about Intel. The story you were looking for is over there. ------>

"someone somewhere in Whitehall is working on a plan that will screw with it"

I thought developing something to the point where it was nearly production ready and then canning it without reaping the rewards because it had cost too much already was a British disease. But no, here's Intel doing it It may well be that they couldn't see production bringing in enough returns to justify the money they've spent on development but then zero returns doesn't do it either.

I suppose the reason is that they've got to cut employee numbers RIGHT NOW to meet unrealistic analysts' expectations. Analysts, of course, don't realise or care that it's the employees who create the returns in the long run. So we'll see yet another tech company hollowed out due to short-termism.

The best thing that financial regulation could do would be to forbid the publication of quarterly results, maybe even the publication of results at less than two year intervals, just to get these idiots from breathing down managements' necks.

Re: "This inquiring mind sort of thing has resulted in a good few discoveries ..."

"I've often wondered why the guy leapt out of that bath like that......"

He discovered the piranha.

Re: Same old, same old

"come on El-Reg, what are the stats for the data for connections to your 'esteemed' site?"

Given that the connections are via a CDN would the client ID actually be available or would Cloudflare have hidden it?

Re: did Microsoft kill it's cash cow?

"e.g. the equivalent of persistently assigning a drive letter to a NAS share"

Maybe other desktops are different but with KDE it's a very similar process to Windows - open Dolphin, the file manager, click on Network, click on Add Network Folder & follow the prompts. This works for Samba/Windows connections - I don't have NFS client installed so I don't know whether that's supported.

Re: I wonder...

"What could the "other" category be ?"

Android?

Re: Have an upvote.

"Ubuntu ... I feel very constrained by what it will let me do on the desktop."

If you're on Unity try installing XFCE,LXDE, Mate, Cinnamon or KDE. I really dislike the notion that a desktop should only have icons for "apps" on it.

My preference is KDE set to folder view with a Desktop directory as the folder, Classic menu, the irritating bouncing cursor turned off along with auto-maximisation of windows. This ends up with an interface which is very similar to pre-insanity Windows from W95 onwards.

Re: Miguel de Icaza is a great coder, and will always be so

Gentlemen. Please.

Try to understand the difference between libel and slander.

Re: open source people universally hate Miguel.

"I think Java single-handedly destroyed thousands of good middle-class American jobs by allowing mass import of H-1B numpties"

It's not a story I've followed but I'd have thought that the problem would be the system by which H1-B numbers are controlled (sic) rather than the specific language used in the projects for which the visas were issued. The generic problem isn't unknown on this side of the Atlantic either.