* Posts by Hargrove

253 publicly visible posts • joined 2 Jul 2014


Azure consultant's Google image search results hotlinking sueball booted off the pitch by High Court



I have withdrawn an earlier post that included comments on Google's Service agreement because new language has addressed the issue which was that:

"Google's service agreement stated plainly that users still own whatever they store, transmit, etc. However as worded it also states that by such use they give Google--and those they WORK WITH--unrestricted world wide rights to use of the content."

As noted in the withdrawn post,

"This is not a Google-specific problem. Comparable terms and conditions are dictated by the Industry on a take it or leave it basis, subject to unilateral change without notice by the company and with little or no consideration of possible unintended impact on the user."

Contracts of adhesion that can be changed at will by the dominant party have become a blight on every aspect of modern life. Nor are they simply limited to the IT sector.

Google is to be commended on two points. (1) The clarity with which they state the terms of service and privacy policies so that the problem was clear, and (2) For addressing it.

Googles terms of service now state the "Quid-pro-quo" in legal terms specifying what is licensed to both Google and to the user.

Hey, US taxpayers. Filed your taxes? Good, good. $500m of it is going on an Intel-Cray exascale boffinry supercomputer


It's still about

the bandwidth and power consumption. . .

The top end of the top500 HPCs has always been (and remains) something of a technological pecker-measuring contest. The marginal efficiency (that is the Rmax/Rpeak) for the HP Conjugate gradient benchmark for the top 3 in the Top 500 is interesting. The point is that if you really need the horsepower, you build a real supercomputer with a high bi-directional bandwidth, like RIKEN.

So the key questions are: What is Exascale computing really going to be able to do, and who in the world might want to do that?

Hint: The current population of the US is approaching 330 Million. Do the math and see how many MegaFLOPs per man, woman and child an exaFLOP comes to.

Then consider the aggregate computing power that folks like Google, Microsoft, Facebook. . . the list is damned nigh boundless, are devoting to what they do.

What could possibly go wrong?

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently


Re: With great power comes great responsibility...


Firefox has worked well for me.

Related to that, prioritization by monetization is beginning to break down.

I am finding that the crap-to-worth ratio of Google Search has reached the point where for most of what I search for DuckDuckGo is better.


Oh it's worse than that.

. . . some speculating that Google is using privacy as a pretext for putting the interests of its ad business over those of browser users.

The following comes directly from the Google terms of service .. . .

Some of our Services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.

When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

The term "Services" appears in quotes, and is subsequently capitalized, which by standard usage indicates that it is a defined term. Good luck finding the definition. In fact, based on the thirty minutes or so I just spent looking for it, it doesn't appear to exist.

I guess this is what is meant by a legal fiction.

The first paragraph sounds good, but is deceptive.

Pick a simple example. I am a songwriter. I write a song. I store it on the Google cloud, I email it to a friend using Google mail. In reality I still own the "property", but Google now owns the rights that give the property its value. The "limited purpose of operating, promoting, and improving our Services, and to develop new ones" is really no limitation at all.

Is my tune catchy . . . Google can use it in their ads to "promote" their services. Will having Justin Timberlake record it and post it on YouTube promote their service. . . You bethca.

In fact, I am hard put to think of a category of intellectual property that could not, under Googles' business model, arguably fall under one of these "limited purposes."

This is a simple example in a set of issues that is immensely complex. In fact, this kind of taking of individual property rights and value has become almost universal in the information technology sector, and has begun to migrate in modified forms to other sectors.

I read the fine print and a few years back I encountered an SLA that contained a provision that by utilizing the service I gave the service provider "ownership of [my] corporate name, telephone number, and address." I promptly called "bullshit!" on this. The technical help desk's response was "well that's obviously not what it means," My response was, "But that's what it says. Go ask your lawyers." They did. Whereupon a miracle occurred. . .

I got a call from their lawyer, who agreed that was, indeed, the legal effect of the language. Then he explained their problem. Part of their service was explicitly for publication of certain information. Someone had had the bright idea of purchasing this service and then suing them for disclosing their information. The service provider forced the issue, and prevailed in court, but at some unnecessary expense. I suggested that what they needed to do then was change the wording to specify use of, for the specific purposes of, and that's what they did.

But, they have proven to be a shining exception to what has become a universal practice. That is to claim the rights to everything, and present the customer with a take it or leave it proposition/

An earlier post used the term Evil. That's a good word for this kind of disregard for the rights of others and what is right. It is a cancer that has the potential to destroy the utility of our information infrastructure and the stability of society itself.

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean


Re: Ah, Access

Ah. Yes. I remember it well; well vaguely. I'm older than some of the dirt in my garden. . .composting being another gift that keeps on giving.

I remember Access as the proximate cause of losing one of my best employees. He was an undergraduate IT intern at the time, exceptionally bright, and fluent in English, Japanese, and German.

We had a contract that specified a database deliverable in Access that he was assigned to work on.

The data base was largely comprised of blocks of text. I don't recall the details, but the functionality required that sometimes the data element needed to be handled as a variable, and sometime as the literal text string. (Apologies. I'm not sure that "string variables" are even a term in use anymore. At this point I had already gone from being an engineer to being a system engineer--a function for which customers were willing to pay handsomely despite it being, as we used to say back on the farm, "as useless as tits on a boar hog.)

The bottom line was that the coding didn't always work as described in the documentation. As deadlines neared, angst increased, and he appealed to me for help.

I believe I mentioned I was older than dirt? Twenty years of programming, one develops an intuitive feel for things. I hadn't been a system engineer that long at this point, and some real skills were still in the memory bank.

The short version is that under some conditions, some functions would work with the data element variable name; others required the literal string enclosed in quotation marks. It appeared that the program at times performed manipulations that converted from literal string to a variable name, such that in some cases, the documentation showed literal strings enclosed in two sets of quotations.

Being old school, I did the trial and error thing, eventually generating a matrix of the diverse functions, and where, when, and how many sets of quotations the data base software required and did block search and replace on the code. (If aging memory is correct, four or five was the max I needed to get a function to actually work.)

The intern demanded to know "how did you know that would work?" He was not satisfied with a shrug.

Unfortunately, by the 1990's IT professionals were already fully indoctrinated fundamentalists, with unshakeable faith in the inerrant infallibility of "the system." It was apparent that he was firmly convinced that I was withholding information and was just messing with him by telling him that I didn't--that it was just trial and error.

We made him an offer for full time employment when he graduated, at a rate that left no profit margin on our negotiated contract rate. A local government laboratory offered him $5K more per year plus a 5K bonus before graduation, so maybe his Access Angst wasn't the problem.

OneDrive is broken: Microsoft's cloudy storage drops from the sky for EU users


Re: backup your cloud storage

There is a practical issue with redundant cloud storage as a solution, from a system standpoint.

The 'net is an integrated end-to-end system comprising the sum of connected users, hardware, software, and information connected at any given instant. Its size, configuration and complexity, and functional state change continuously at intervals measured in nanoseconds. It is intrinsically indeterminate and interminable.

The system is unbounded. But it is not infinite. Its performance, although incomprehensibly vast, is finite. And it is often limited by local subsystem performance, the unintended consequences of which can have catastrophic effects over large parts of the overall system.

Such a system cannot be reliably operated or maintained. The constant string of reports and the discussion in El Reg are concrete evidence of that.

A brief excursion into reality to support my assertions. From an end user perspective the system has no specifications. Not many years ago IT users demanded and equipment and service providers guaranteed to deliver a minimum level of performance with a specified reliability. Rliability was commonly expressed in terms of "availability" (basically the percentage of the time that the system was guaranteed to work as specified over a given period, typically a year) and contracts provided for adjustment in cost for if they couldn't restore service in a timely manner to meet the threshold.

In this era 99% was considered poor, four 9's (99.99%) was considered reasonably achievable.

From my narrow perspective, this all changed around 2010, as federally-mandated initiatives for automatic security patches and updates and cloud computing were implemented. I saw the specified system availability in an annually-renewed service level agreement for a web hosting service I was involved with go from 99% to 90% and then disappear completely.

This was NOT due to any lack of diligence, competence, or desire on the part of the service provider. The simple fact is that dependence on third party software and services, and the unintended consequences of continuing patching and updates from a myriad of software vendors and third party service providers make it impossible to guarantee anything.

The Achilles heel of the system is bandwidth. Marketing hype notwithstanding "unlimited data" and its more egregious step-sister "infinite bandwidth" are myths. They are exercises in metaphysics, valid only with the presumption that we have all eternity to download our data.

For a few individual with a few tens of gigabytes of data, who need to retrieve specific files, redundant cloud storage and local back up may be a practical solution at the moment. On any kind of scale, however, the bandwidth simply isn't there. We are already seeing this in the massive marketing push to get users to accept "unlimited data" plans, advertising "speeds up to" under terms and conditions that do not actually guarantee ANY level of performance.

This is not going to end well for anyone.

Half of all Windows 10 users thought: BSOD it, let's get the latest build


Re: Try the LTSB...

@Dan 55

That would be the same Cortana and Edge that MS told W10 users were integral to the OS and could not be removed or disabled? The LTSB is nothing more or less than a tacit admission of failure, one by some accounts forced on MS for the Chinese version.

We live in interesting times.


Re: This update is shit

@ largefile

Statement "perfect for seniors" definitely nonsense. I am older than dirt, myself and this is totally misleading.

Based on largefile's misdirection I defaulted to tablet mode on my desk top and tossed out my MS ergonomic keyboard. You know, the one where they changed the sizes of the keys, positioned them differently, and used dry erase marker to put the letters on the keys.

I immediately found that the tablet touch screen function hadn't enabled. My CRT display was completely unresponsive. Nurse just served up dinner (GUI pablum and chocolate pudding). Now the screen is a mess. Shame on you for making sport of the elderly. This is my primary consumption activity, and I fail to see how a larger icon or Web Browsing would enhance my enjoyment of it.

However, I have to admit that this situation is an improvement relative to the shambles created almost a year ago where an update wiped out the Update and Security function in Settings, disabled my Ethernet connection so that none of my Office 2010 applications would run, and created a situation where any attempt to correct the situation throws one of a number of unspecified system errors.

(OK. I am older than dirt, but I have to admit I thought @largefile was a funny bit.)

And a serious comment. Back in the day there was function that we called the "bathtub curve" that characterized the probability of a system failure--relatively high infant mortality due to manufacturing defects missed in product testing, followed by an extended period or relatively few random failures, eventually followed by a rapid increase in failure rate characteristic of the end of system life.

What we're seeing in IT today has an eerily familiar end-of-useful-life feel to it. Cloud computing and Software as a Service are just dumping everything in the same technological bathtub. In which regard, two words to the wise. Tin whiskers.


What the @#$%&!? Microsoft bans nudity, swearing in Skype, emails, Office 365 docs


And amidst the wreckage a major unnoticed WTF

The real hidden bomb in all of this is that, unless I'm completely off base, the new SLA effectively cuts off all support for legacy configurations, and presents users with a take it or quit using our products.

One specific is that the way that Cortana is bundled with W10 (exc. the new LTSB configuration) it can't be removed. And it's on the list. As I read it MS has just absolved themselves of all responsibility whether the user employs their on line services or not.

Amount of pixels needed to make VR less crap may set your PC on fire


Re: Foveated rendering is not a magic bullet

@Clive Galway

Did you mean non-foveated in the third paragraph?

Serverless: Should we be scared? Maybe. Is it a silly name? Possibly


Re: Huh?



Words and what they mean matter. At one time dictionaries were among my favorite reading material, Now. . . Well to quote Humpty Dumpty in Through the Looking Glass, "Glory!" (which he defines as "There's a good knock-down drag out argument for you" when Alice challenges him.).

We live in a post-truth Looking Glass world where, to paraphrase Humpty, words mean whatever the person using them intends them to mean.

Unfortunately, even dictionaries have become corrupted. They are dealing this by simply discarding long standing wording of definitions in favor of the moral equivalent of self-licking ice cream cones, to wit (to offer my own modest neologism):

serverless -- not having or appearing not to have servers

By tolerating this kind of insanity we are all complicit in the continuing degradation of the defining characteristic of humankind--symbolic language and our ability to communicate. We are effectively destroying our ability to relate to one another as human.

This will not end well for us.

Terrence Deacon in his book "The Symbolic Species" introduces Hoover, the world's first and only talking seal. Maybe, if Hoover's lucky enough to find a mate with the right DNA, the seals will do better.

What do Cali, New York, Hawaii, Maine and 18 other US states have in common? Fighting the FCC on net neutrality


To break the code

Federal law and regulatory language has become so arcane and convoluted as to defy logical analysis. Fortunately US practice now provides a clear and unambiguous way to determine the legal intent and effect of the language in the titles.

Whatever the title says or implies in common English usage, the reader can--with near certainty--safely presume that the intent and effect are the opposite.

IBM kills Global Technology and Global Business Services: It's all ‘IBM Services’ now


Re: Bollocks...

“exponential intelligence fueled by pervasive technologies”

Apologies for lack of originality here, but kudos to @ForthisNotDead for having taken the only apt title for a post on this article.

I once worked on a project whose proponents promised to eliminate the need for expensive subject matter experts by collecting all the technical data available in an electronic shoe box and using a semantic query to retrieve "the best answer to any technical question within seconds."

The goal was to eliminate the need to spend about 3 million dollars a year to support committees of subject matter experts. The cost of saving the 3 million was estimated at 40 million/year. The fact that no one in the USG saw anything funny about the math explains a lot about the US deficit. (OK, in fairness, the proponents did postulate that once built the system would be used for lots of other things justifying the investment.)

The problem is that at the end of the day, such a system cannot deliver as promised, even theoretically. Tom Fawcett's paper on the subject presents a concise and readily understandable explanation.


Parity calamity! Wallet code bug destroys $280m in Ethereum


Re: TOld is when you remember the invention of the 8" floppy

Hollerith cards, anyone?

EU watchdog: Govt bods are seeking 'legal knockouts' to dodge transparency


Spot on:

What this article describes has become a pervasive practice in the US. The subordinate party in any agreement (and in IT the take it or leave it nature of the transaction gives the service provider de facto dominance) there are provisions that have the following legal effect when put in plain English:

This agreement takes precedence over other rights and conditions afforded you by law or prior agreement,

and my own favorite

We have the right to change the agreement at any time without notice.

The crux of the legal problem is that such "agreements" violate the basic principles of contracts. They are inherently extortionist in nature. This puts the courts in the bizarre and untenable position of enforcing extortion.

Imagine what Hitler could have accomplished with this kind of arrangement and a populace with its collective nose buried in their smart phone.

Ker-ching! NotPetya hackers cash out, demand 100 BTC for master decrypt key


This was just a test , , ,

had this been a serious hack, the retirement account you worked forty years to accumulate would have gone missing.

Actually, I'm fairly confident that financial institutions have multiple off line back-ups and procedures to ensure that they are never connected to the outside world. So your funds might only be temporarily missing. I'm still concerned about the economic and social impact that would result from a major financial institution being taken down temporarily the way British Airways not long ago.

Security through obscurity would be all well and good, if it weren't for the fine print in those one-sided service agreements we're all forced to accept stating that, not withstanding any gilt-edged guarantees elsewhere, you, the customer, are responsible for security, including maintaining local off-line backups to secure your own data.

Several days ago I had occasion to visit a community help blog. In the process I noticed something that was both gratifying and disturbing. It's one thing for an old retired fossil like meself to complain that the technology is fundamentally broken and not working properly. It's another thing when the youngsters who still have to make their living using it start having similar reactions.

One fellow summarized it eloquently. "We need context. We can see what the system is doing, but we don't have any visibility of how it's doing it." Gratifying to find that it's not just creeping senility and that I'm not alone. Disturbing to reflect on the implications for information security.

Regarding which, every time another successful hack is reported it reminds me of the classic Monty Python "Cheese Shop" bit. "You've got no bloody cheese at all, then 'ave you?!!!"

For what it's worth.

Migrating to Microsoft's cloud: What they won't tell you, what you need to know


Re: "this is a very poorly researched and stated article"

@Pascal Monett:

D'accord, Pascal. This article addresses some realities that need more rather than less visibility.

In addition to being on the desk of every pointed-headed boss, it should be required reading for information systems designers and customers. Faith in the cloud is based on unshakeable belief in myths of infinite bandwidth and "solid state reliability", neither of which are true.

El Reg is distinguished for discussion of real technical issues that are generally simply ignored, not only by the general public, but by professionals who should know better.

Phishing scum going legit to beat browser warnings


An arms race they will not win.

@Martin Summers

Absolutely on the mark. The internetworked system we all depend on was not designed for the current cyberthreat environment. In reality, as a system, it was not designed at all, but grown like Topsy to maximize return on investment. The fact that we all -- IT providers and customers alike --share in the benefits of that return doesn't change the harsh reality,

Such a system is not secure. It is inherently un-securable.

Security as a cloud computing service is not a solution, because of another harsh reality. The predominant threat to theft and expoitation, is now, and ever shall be, the insider threat.

I believe that there are technical solutions to be had for a price. User devices will cost more and be marginally less convenient to use. IT providers are going to have to forego the business model of reselling hoovered data with no value added. It will not be cheap, but it will be a lot cheaper than the alternative.

Why Microsoft's Windows game plan makes us WannaCry


Re: As for the 'Cloud'

You're dealing with the tobacco industry equivalent in IT who will bribe, bully and sue its way to profit with complete disregard for anything else. And I mean *anything*.

Spot on. And when it comes to the cloud, "anything" includes that hoary elephant in the parlor called "bandwidth." Thanks to growing ignorance of the basics of mathematics and logic the myths of "Infinite Bandwidth" and "Unlimited Bandwidth" are alive and well. But the marketing smoke and mirrors only obscure an ugly reality.

We don't have the bandwidth to sustain the current design paradigm, even in theory.

How their GDPR ignorance could protect you from your denial


Praise be!

"Consent must be freely given, which will not be the case where there is imbalance of power between data controller and subject."

Somebody gets it.

I'm not a lawyer, but my work did involve contracting and formal training in same. The quote above states one of what I was taught were the three fundamental conditions for a valid legal contract.

The other two were a reasonably equitable quid-pro-quo, and a meeting of the minds (that is a common understanding of the terms and conditions.

I have yet to see an IT sales or service agreement that doesn't violate at least two of these. The argument that I don't have to use a given IT product or service is not valid in today's world, where connectivity is a fundamental necessity. (The odds of finding a cell phone in the US if your life depended on it are between slim and none.) As for a meeting of the minds, I can't remember the last time I read an agreement that didn't include a provision allowing the seller to change terms and conditions at will, without notice,

This kind of thing is not unique to the IT sector, as the recent United Air incident demonstrates. The companies have all the power; the customer is forced to accept the conditions or do without what are really basic necessities for a normal quality of life in a developed nation. The average person is powerless, and increasingly resentful. Brexit, the recent election in the US, are key bits of evidence of a deep dissatisfaction that those who govern are oblivious to.

This creates a situation, where the stability of society is dependent on the populace's willingness to leave well-enough alone. History is replete with examples of how precarious that balancing act can be, and how catastrophic the consequences can be when those who govern get it wrong..

As you stare at the dead British Airways website, remember the hundreds of tech staff it laid off


Re: Correlation is not causation

We can confidently expect more of this as the number of bits of active code running, on "the system" continues to grow exponentially. Microsoft's plan to hoover apps and data has the appearance of a last ditch effort to cure the incurable. Some years ago, in an effort to sell the notion that "information superiority" would so awe a numerically superior enemy that that they would surrender without a shot, the US Department of Defense came up with the catch-phrase, "The network is the system."

The US have since learned and adapted to the reality that it is the nature of cornered animals, including us, to bite. But the slogan had it right.

The network is the system. And anything attached to it, including our new toaster oven, is part of it. The size and configuration of this system is indeterminate, and--as a practical matter--indeterminable.

Every device, every component, every bit of code, and every user, human or automaton, is part of a vast, complex, dynamic, non-linear system.

"But wait," the IT geeks cry, "it's DIGITAL; that's not non-linear."

But it is. Network queueing theory tells us so. As does the fact that my Windows workstation regularly spikes to 100% Disc Usage, for no single discernible reason that anyone has been able to pin down that I'm aware of. Something to do with Skype, Chrome, your disc driver. . . (Then there all those ROHM'd transistors merrily sprouting tin whiskers.)

The responses are all quintessentially non-linear.

The history of computing, from Jacquard's one operation/second loom in 1806 to today's petaFLOP computers internetworked with literally millions of computational devices capable of giga- and teraFLOPs leads us to believe that there are no limits.

It ain't necessarily so. The network is the system. Everyone hooked to it--including the connected cyberterrorist--are insiders.

My perspective is admittedly biased by fond memories of programming computers the size of refrigerators by punching binary indicator light/switches on the font panel. Between then and now I've seen inconceivable changes. The problem is that those changes have evolved at inconceivable rates, with results that were unimaginable when the critical design decisions were being made. Those include radical changes to the "cyber-ecology" in which the internetworked system lives.

All my experiences and observations persuade me that the flaws and failures reported in el Reg are symptoms of a more serious, potentially catastrophic condition. At this point, "Security First!" is just a marketing slogan. The IT community needs to give serious consideration to the possibility that the current design is not equipped to survive in the environment it created.

We need to go back to first principles and ask what a system designed for security first in today's (and tomorrow's) cyber-ecology needs to look like. I suspect the answer will not look anything like what we have.

Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC


Re: @ ShaolinTurbo

Policies written by companies do not trump national laws, see Apple and Apple care in Europe.

The problem is that lawyers are, all too often, unprincipled, sociopathic bastards, and, at least in the US in some cases the legislators and judges who craft and interpret the law.

We here in the US are up to our proverbials with service and sales agreements whose terms and conditions require the customer to waive all manner of basic rights. Where information is concerned the T&C of the agreement generally incorporate the privacy policy by reference.

The Agreement is a legal document, whose sanctity is protected by the best laws money can buy. (See first paragraph.). Whether or not it is a legally-binding document is a complex question.

I am not a lawyer (although I've been accused of being fully qualified--Again, see para 1.). But in my checkered career I did get a fair amount of formal training in contracting. According to what I was taught, a valid legal contract must meet three essential requirements: A balanced quid-pro-quo (both parties receive comparable value), a meeting of the minds (that is a common understanding of the terms and conditions of the contract, and an uncoerced agreement (that is the stronger party cannot compel the weaker party to accept unfavorable T&Cs against their will.)

I am personally skeptical that anything like a valid contract can exist between an individual or small business and a large corporation or a government, particularly when it comes to something as complicated as Software as a Service. Fortunately, at least in the US we have very clear de facto rules as to when such agreements are considered legally enforceable.

1. Are you the IT provider? If yes, the Agreement is a contract and any and all rights claimed or asserted are protected by the full power of government.

2. If no, are the customer? If yes, you can seek justice in the court, which will confirm that you are in a legal state of WTTF (Well and truly f---ed) that is to say, powerless, bankrupt, homeless, and with a rich lawyer who will refuse to return your calls

The IT sector is not alone. This problem is pervasive in virtually all aspects of American life. The frustration of being powerless drove the election of President Trump, with the unspoken hope of breaking the government so badly that it would have to be fixed. So far, so good.

'Windows 10 destroyed our data!' Microsoft hauled into US court



Whilst I wouldn't expect Joe Average to be able to recover it, ANY even semi-capable IT outfit who CHARGES should be able to reinstall previous Windows version, the old user profiles and if necessary pertinent registry data.

PC are basically commodity consumer products. The fact that keeping them functioning demands the services of a paid professional IT staff IS the problem. Moreover, getting a professional fix is not guarantee that the system will stay fixed--as anyone who has tried to find answers from the Microsoft Community has probably observed. (One of the prime examples is the 100% Disc Usage issue, One of the more amusing aspects of that is that so-called "experts" routinely blame Skype and Chrome for the problem, with splendid disregard for the fact that Skype and Chrome are not installed on a given user system.)

It appears that this particular problem can be generated in a number of different ways. With continual updates (not necessarily MS's) fixes fail.

IT providers and users alike have lost sight of something fundamental. The network--INCLUDING THE USERS' DEVICES--is the system. Its configuration and state at any given instant is effectively indeterminate and indeterminable. Such a system in intrinsically un-secure and un-securable.

As witness El Reg Article Dishwasher has directory traversal bug.

IBM old guard dropping like flies in POWER and cloud restructure



We are aggressively reinventing our systems portfolio for cloud, data and AI," Rometty said. "The centrepiece of Cognitive Systems is our Power franchise, which is vital to so many clients and ecosystem partners. Having envisioned and transformed our data and analytics portfolio, Bob is ideally suited for this role

Inconceivable. "An' I do not thin' those words min what they thin' they min.'" Or anything of substance for that matter.

And by the way--Bob's your uncle, (Been looking to sneak that into a post for a couple of years now.)

Brilliant phishing attack probes sent mail, sends fake attachments


Re: Hide extensions for known file types

I admit to being old and slow. Old enough to remember editing programs on the fly by punching in binary code on indicator/switches on the front panel of something the size of a (large) refrigerator.

I appreciate that technology has changed. But, somethings should be fundamental. Like words should have meaning. Words like "Operating System."

Classically, an operating system comprises the basic functions for managing the hardware resources required to store and retrieve data, and allow software to execute the instructions of the CPU.

Explosive advances in hardware complexity and performance created a need for a hardware extraction layer. And things began to grow like Topsy, with applications being acquired and tacked on to "operating systems" like so many layers of barnacles. The resulting conglomeration requires constant patching and updates of Gbytes of code. The result is an internetworked global computing system--whose functional elements by the way include me and my computer, and billions of other users and devices. The configuration and functions at any level are unknown, and unknowable.

Back in the day, if someone had described this I would have argued that such a system design was inherently insecure and un-securable, and that any expectation to the contrary was insanity.

That's one thing that has not changed.

Trump's cyber-guru Giuliani runs ancient 'easily hackable website'



Just ask a professional. It’s the person who doesn’t use the word ‘cyber’ to prefix everything they say.

Truly insightful comment. Of course it eliminates virtually anyone working in, for, or around the US government, beginning first and foremost with the idiots in Congress who stepped in it by deciding that the answer was to legislate that things be secure. This in turned spawned an entire industry operating on the premise that certification is better than competence, and that by collecting enough data, in enough different data bases, big data analytics will magically optimize the government's IT infrastructure and achieve cybersecurity.

Coincidentally, I ran into a friend yesterday who has recently gotten into the cybersecurity business. He had been in the anti-tamper business. The name means what it implies, and includes various methods of preventing exploitation of classified hardware/software resources by physical destruction. This obviously a narrow and specialized market, most consumers objecting as they do to things bursting into flames. It is, however, a handy feature for military operations.

He told me that anti-tamper was now part of cybersecurity. I asked him, "And, how long did it take you to find out that this was simply a ploy to transfer your funding to a bunch of IT contractors who don't actually do anything."

He gave me a funny look, and said, "We got a 14 million dollar program. The budget for anti-tamper work was zeroed out."

Similarly, requirements for information assurance--ensuring the quality of service, reliability, and, yes, security, necessary to provide the right information for real-time command and control--were subsumed under "cybersecurity." These are attributes of a system where the physical layer matters, and where we face daunting challenges that are largely being ignored, by a generation of technological nitwits who talk about "unlimited" (some use the term "infinite") bandwidth as though it were something real.

My impression is that cybersecurity is simply another cash cow for special interests who have found a source of revenue exempt from the onerous burden of having to meet hard performance specifications. A field where perception is reality, and anything that can be asserted, however idiotic, is as good as the truth.

From that perspective, Giuliani's appointment makes perfect sense.

Real deal: Hackers steal steelmaker trade secrets


An old man's perspective

"Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks,"

For transparency: I'm old; I'm slow; and the last time I programmed anything that mattered I did it by punching indicator/switches on the from panel of something the size of a refrigerator. (It did use transistors). I have to keep things simple.

As systems exist today, they are impossible to secure. Everything connected, including the human user interfaces and the users, are part of the system. In the case of US government IT systems, users are required to accept and install downloads to maintain certification. Ordinary consumers are forced to do the same to maintain functionality. (What the updates do to functionality is another can of worms entirely.)

The configuration and state of the system are unknown and unknowable.

The bits of operating system and application codes are all metaphorically moving parts of an integrated system, being constantly dicked with, in splendid ignorance of their unintended consequences. The details and functionality of the different pieces are unknown and unknowable to anyone.

An analogy is trying to secure a castle with literally thousands of doors to the outside, where we've distributed keys to an unknown number of workers and service people. We give them permission to come in and change things without our knowledge. In the process we also open the castle to cutpurses, thieves, mountebanks, traveling salesmen and other sociopaths.

Governments (predominately the US/UK) have bought hook, line, and sinker into "cloud computing"--a term so nebulous as to be meaningless. In the meantime, vendors are pushing the "internet of things", in splendid denial of the fact that each new device adds another potential vulnerability that the "system". The system, which again includes every functional element connected, including owners of internetworked "things", was never designed to deal with the threat environment. .

The reality is that the internetworked system we are all now dependent on was never actually designed at all. It just grew like Topsy to extract the maximum profit from the latest hot market item.

ThyssenKrupp has it almost right. It is impossible to secure; there is no "virtually" about it.

For what it's worth.


P.S. Late-breaking news. President-elect Trump has announced that he is going to build a wall around the global IT infrastructure, and make the hackers pay for it.

Computer forensics defuses FBI's Clinton email 'bombshell'



What flipping analysis.

5% of 650,000 emails is 32,500 potentially relevant emails. .

One serious compromise would earn the average federal employee a reprimand or suspension. Three would almost certainly mean that they would never again be cleared for a position of trust with the federal government.

All good. If nothing else this campaign has conclusively demonstrated that the People no longer view the President as qualifying as a "position of trust."

Search engine results increasingly poisoned with malicious links


Tip of the iceberg

Now project these problems to the IOT, Cloud Computing, and the amazingly large percentage of the IT community that believe the myth of unlimited bandwidth. It will not end well for anyone.

The commenters alluding to hardware security measures are on the right track. My understanding is that strong security features still incorporated in microprocessors, but that for commercial profit they are not used. My gut feeling is that information technology, as currently used and being deployed simply cannot be practically secured.

In simplistic terms, I can't secure things for things that I can't see and over which I have no control.

Unfortunately, as the following example shows, securing them is my legal responsibility.

Like a few hundred million or so people on the planet, I connect to the internet through a satellite ISP--that is, to say a metered, connection. (The fact that I had two systems connected through an Ethernet connection is a separate problem in its own right.)

During the few days or so that Microsoft's Windows 10 Anniversary update and subsequent patches downloaded, we burned through 15 GBytes of data usage, resulting in restricted access and more than doubling our monthly bill.

Here in italics is the response I got from the ISP.

. . . it's the customers responsibility for having a secured network and with what the data is used on. We provide plenty of information on our website to help with tips, but when it comes down to it, it's up to the customer how the data is consumed.

Me: Again, nonsense. When we selected the service and technologies we had the ability to do that.

Me: Subsequent changes and updates have eliminated the users ability to manage their systems.

Support Response: It's not nonsense. It's in your customer agreement that you have with [Company Name Deleted] I would suggest reading it at http://www.[deleted].com/legal

I deleted the company name. In fairness, they shouldn't be singled out for what, as near as I can tell, is a universal practice in the IT sector--Coercing acceptance of unilateral Terms and Conditions that effectively appropriate egregious rights to use of their customers' intellectual property (information) while relieving the IT providers of all legal responsibility for anything.

The problem is that bandwidth is NOT, wishful thinking to the contrary, unlimited. That's why, if you read the fine print, providers spec data transfer rates in terms of "up to" some limit. In the case of metered connections, the consequences of exceeding limits can be draconian, in dollar costs and in degraded or in some cases, suspended, connectivity.

The user has to choose between maintaining real-time security and maintaining acceptable service at a reasonable cost. (My ISP does provide an unmetered period, if I am willing to stay up until midnight every night and change the settings on all my devices. I consider that personal cost unreasonable.)

It is simply impossible to secure an internetworked system under these conditions. Promoting the pretext that it can is irresponsible and dangerous. Saddling the user with the responsibility may be legal, but it is morally reprehensible. The results are likely to be catastrophic.

Chat app Telegram's meltdown today was literal – its data center cooling failed


But seriously . . .

Skazillions of transistors, crammed together in a giant warehouse, their little conducting paths growing tin whiskers at aggregate mile minute rates, with ionizing cosmic rays having their way with them, as they broil in their own juices. . .

What could possibly go wrong.

Human rights orgs take Five Eyes nations to court



An excellent observation. . .

Just because you're paranoid doesn't mean the men in the dark suits getting out of the sedan at the curb haven't come to see you.


Re: In other news

An astonishing revelation! Lawyers are human?

Mirabile dictu!


Re: Germany will be banging on the door right behind them as lucky number 7

Re:@Pascall Monett . . . it is not the People that should fear the Government, but the Government that should fear the People


My personal estimate is that it will take several more generations than will fit into forty years to undo the arcane and convoluted laws that empower authoritarians to violate the most fundamental principles of the nations they govern. Governments everywhere have made a mockery of the notion of a social contract. But, ultimately, the overall trajectory of history is positive, toward greater knowledge, greater freedom, and greater tolerance.

Power does not yield easily. Those who govern have unilaterally appropriated both the ability and the will to plunge the world into economic chaos and a global dark age to preserve wealth and power.

In those nations where we, the People have the power, we need to begin to exercise it. We need to redirect the tools information technology and social-networking provide to organize and act. We need to repudiate the bought and paid for choices broken political processes have been serving up. We need to begin to fill government from the bottom up with people with the vision, integrity, and will to dismantle and rebuild government institutions.

And the first step is for citizens in countries with free elections to understand the simple truth of the quote at the beginning of this, and begin to act accordingly. Spread that truth, Encourage action. And, be confident that history is on our side.

It will require courage. Power never yields willingly.

Never forget Miriam Carey.

Kindle Paperwhites turn Windows 10 PCs into paperweights: Plugging one in 'triggers a BSOD'


Configuration (out of) Control

Some people say the BSOD only happens when they plug their Kindle into a USB 3.0 port, others say inserting it into a USB 2 interface triggers the crash too. Some people always get a crash, some most of the time, and others have reported experiencing no problems at all.

In other words, the design of the operating system makes how it interprets and executes a piece of code in one App depends on the specific state some other App provided by some other vendor.

Windows ceased to be an operating system by any reasonable definition of the term long ago. Calling it that doesn't make it so. Do I recall some perceptive commenter using the term "train wreck"?

Windows 10 Anniversary Train Wreck. Has a nice ring to it, does it not?

SETI Institute damps down 'wow!' signal report from Russia


Re: Amused to Death

SPLENDID! Just splendid. Sincere compliments.


W/ 'umble apologies

(1 GHz bandwidth is “a billion times” the bandwidth typical SETI searches use).

Sorry to inject a technical note.

That would make the bandwidth "typically" used by SETI 1 Hz. No wonder they can't detect anything.

The good news is that we can all leap to the conclusion that the universe is awash with intelligent life that we haven't detected.

The bad news (need I mention Donald and Hillary?) is that we in the States do not appear to be among them.

I'm of the Don Henley school of thought: "There not here; they're not coming."

Australia to spend a billion bucks and seven years on SAP project



Transform What?

To do what?

The observation that programs like this one are doomed to failure is spot on.

Many years ago I had a small consulting contract with a firm whose top level management had decided to convert their entire information management infrastructure to SAP. Their operational and technical managers were terrified. The statement I heard was that they had never heard of a SAP program that came in on time and didn't overrun significantly. From the comments on this article that apparently has not changed much.

Customers and the vendor are equally at fault. The customer for the brain dead presumption that IT can deliver a system that will do what they want it to do without real specifications as to what that might be. . . The vendors for perpetuating the myth that IT can do it regardless of what "it" is.

The Music Man had it right. "You gotta know the territory."

And an unrelated but pertinent observation. The appearance of the word "Transformation" in any title is a clear and unambiguous indicator that it is an exercise in pissing up a rope.

'Leave EU means...' WHAT?! Britons ask Google after results declared


For precision:

Half the UK is below the median IQ for the UK. I've read that globally, the "average" IQ has been steadily declining, and is now below the established "average." I blame technology for short circuiting natural selection.

The UK are not alone. The Brexit phenomenon is in play in the US, chez les Trump supporters. Hopefully Brexit will be a wake-up call for the US and the electorate will realize that "Holy ----! We could wind up with the village idiot as President."

The underbelly of simulation science: replicating the results


Re: Often modelling simply adds rigour to thought experiments

@ MHF WIlkenson:

Re: The problems with floating point inaccuracies coupled to chaotic behaviour is well-known to any scientist worthy of using HPC systems for numerical simulation (and, yes, there are many that aren't worthy).

Amen, amen, and again, I say amen. Nearly 20 years ago now I read an article in which the Dassault folks, who knew a thing or two about advanced combat aircraft design, had some cogent comments of the amount of testing needed to verify that the granularity of discrete simulations was adequate. This last paragraph is one of the clearest and most concise summaries I've seen on the subject.

Are state-sponsored attackers poisoning the statistical well?


Re: So THAT is why the summers aren't as good as when I was a boy!

maybe new legislation "Down With Things Like That! (2016)"

Your suggestion may be tad late. Faced with amorphous and diffuse global terrorist and cybersecurity threats, legislative bodies in the US and EU are opting increasingly for legislation that empowers those who govern to interpret the law case-by base on a "We know bad when we see it" basis.

Always implied, and often stated is the tag line, "You can trust your government."

That has never worked out well for those who buy into it.

We live in interesting times, and advancing technology and geopolitical change may ultimately force societies to accept that governments need this kind of flexibility to protect their citizens. We can have a free society only if such powers are constrained by laws imposing the most draconian penalties for their abuse. Unfortunately, most of us live in countries whose codes of laws have been carefully crafted to protect those who govern from the consequences of their official actions,

We have decades and miles to go.


Re: Database Checksums

A checksum would indicate that an unauthorized change had occurred. Further comparative analysis would be needed, I believe, to pin down what data had been changed. Other measures and procedures would be needed to do effective forensic analysis to determine "when" and "who."

Hacking of personal information for financial gain gets the lion's share of the press. Nation states are apt to be more interested in hacks on other types of data (for example data tables used in national telecom and electrical power systems or ATC).

The choice of weather data as a potential target was interesting for a number of reasons. Maybe for another post if that develops as thread of discussion.

Nuisance call blocking firms fined £170,000 ... for making nuisance calls


Re: Listing the people running such companies

Re: Adrian Midgley 1

and if the journalist time is available digging and following them would be a service to society.

. . . and speaking of digging, if one had a backhoe handy, one could do an even greater service to humanity. Consider the benefit to the quality of the human gene pool that could be realized.


Re: My current pet hate

@Alan Brown:

I give out a £1.50 070 number to all contacts. It costs me £10/year

Maestro! Brilliant.


Re: Can we have some collection statistics?

Well said, VRH!

Here in the US the FTC touts "billions in judgements" and gets annual budgets of--if memory serves--upwards of 100 million taxpayer dollars for an activity that, as near as I can tell does not have real capability or legal authority to actually do anything to stop or deter SPAM and violations of the no not call registry.

It's been a couple of years since I waded through the legalese, but the last time I looked, the net effect of the language of the laws and implementing regulations is to ensure that no one has both capability and responsibility for final action. This is a windmill that I used to tilt at occasionally. The only success I ever had was with one SPAMMER who was inept enough to allow me to get at an actual physical address in a state that made sending SPAM a criminal offense and had a group dedicated to enforcement.

The simple solution to this is to put a miniscule surtax on all outgoing transmissions. A half cent or two per phone call would be lost in the noise, but would be a significant cost for a robocalling operation. The Telco's may not know who is using their networks. But they damned well know who and where they send the monthly bills for use of the numbers to.

As to the claim that the numbers are fake, and there is no way to pin them down. . . If that is so, then we have serious national security vulnerabilities and all the assurances from our governments about their ability to protect citizens against terrorism are so much smoke and mirrors.

Hacking Team's export authorisation hacked by Italian government


Re: Interesting list..

That may be an artifact of those countries not being on the list of countries to whom exports were authorized on the license in question. The wording implies that they might not have been, which would account for why they don't show on the list.

In this case (although the article is not particularly clear on this) my guess is that the specific incident cited constituted a violation of the terms and conditions of the Italian license. Best guess, looking at the article is that the Boeing project was deemed to be a military end-use not permitted on a civil export license. The reason that the company can still "export" to other EU countries probably has to do with other laws and agreements regarding trade and cooperation within the EU.

If my guess is wrong, and exports are still allowed to the countries in Mark85's post, this is, indeed, a very interesting list.

Just how close are Obama and Google? You won’t believe the answer


What's new?

There is something new in all this. Those who govern have always been susceptible to bribery, graft, and corruption. What is new is the scope and intensity of the activity. In the US those who govern have, since at least the Clinton Administration, used executive powers purchased by special interests from the legislative branch to undermine both the public interest and the judicial branch. The power of those who run the executive branch has become essentially absolute and unbounded. They use that power, uncompromisingly, on behalf of the special interests that perpetuate their power. The US Code (as others have observed, bought and paid for) protects those who govern from actions that in any thinking society would be considered criminal and unethical.

Recently I had another in a long string of WTF? moments. When I upgraded to Windows 10, I was astonished find what I thought surely had to be clear violations of the earlier anti-trust settlement agreement. I took the time to dig it out and read it. Would to God I could get a deal like that,

"Now see here, Mr. Hargrove. We can't have you [readers can pick their preferred criminal act.] Under the terms of this settlement you agree to stop doing it. . .for the next five years, which we, the court, can extend for another two years if we deem that letting you [insert preferred criminal act] is not in the public interest. Now run along, and be a good boy, and we'll keep an eye on you."

Wink, wink; nod, nod, Bob's your uncle.

Specific to our shared interests in IT, This unholy alliance between those who govern and special interests is a significant factor in creating the "internet of things". The result is a global internetworked system riddled with component functions that are completely invisible to 99% of the ordinary users. Some of these perform essential user functions. But I submit that the largest numbers are there purely for the ultimate economic benefit of the vendors. These unwanted functions take resources from the user without their knowledge and permission--itself an illegal act under past interpretations of Common Law. More critically, each and every one of them is a potential vector for cyber attack and failure. Such an infrastructure ultimately cannot be sustained or protected.

On a personal level the situation is even more dire. If you are a manager of a large corporation under the present system you can expect to enjoy an obscene salary and the full protection of those who govern. If, on the other hand, you are a young black mother with a mental problems driving erratically through downtown Washington DC with an infant in the back seat, you can expect those who govern to use their imperial executive powers to bring you to bay and gun you down in the streets.

With absolute impunity. The proof of that this power is absolute? Even Al Sharpton--who, public persona not withstanding is a highly intelligent man--kept his mouth shut.

Never, ever, forget Miriam Carey.

What do you think of the upcoming Microsoft Hololens ?


Re: I'm skeptical

Kudos to the originator for an interesting discussion topic, and to Sebastian--us skeptics need to stick together. .

Two quotes come to mind: The first is from Paul's Epistle to the Corinthians. "Everything is permissible for me; but not all things are helpful."

The second was a Navy admiral's response to a sales pitch for newer technology: "S--t son, we don't know how to use the technology we've already got."

Forty years ago, my work gave me a chance to see some remarkable--and economically practical--3D display capabilities demonstrated. For one reason or another, they never caught on.

The devil is in the details. Human visual perception and cognition have been evolving to deal with the physical world for hundreds of thousands of years. We have not yet begun to scratch the surface on how the human intellect deals with the ever-increasing stimulation and information flow we have to deal with.

My observation at this point is not very well..

From an engineering standpoint, our understanding of the internal physiological and psychological mechanisms is still pretty primitive. VR designs, of necessity, reflect the designer's assumptions based on those understandings.

Add to this the fact that our understanding of the economics of the market is no better shape, and uncertainty abounds. But it is fascinating stuff.

Cyberthreat: How to respond...and when



So that explains how they came up with "resilient practice leader."

The critical question is whether our "resilient practice leader" (RPL) has been certified as a Certified RPL (CRPL) by an accredited certification authority (ACA) who is a designated appropriate authority for accrediting accredited RPL certification authorities. (DAAAARPLCA). (CRPL status requires completion of a rigorous on-line course, involving an hour of study, a multiple choice test and payment of a fee of several thousand dollars to the on-line training provider contributing the largest amount to selected Political action Committees (PACS))

At least this is the way cybersecurity appears to work in the US.

Infosec miscreants are peddling malware that will KO your router


Not very would be a good guess

@ Anonymous South African Coward

A couple of weeks ago I posted the following on in the Forums. I found Goodman's book an interesting an interesting read on the subject.


Frankly I see no way that the users of IT can defend themselves against the growing malware threat in the current operating environment. That is:

Software suppliers who require that users accept downloads of countless thousands of lines of executable code whose only purpose is to provide economic and competitive advantage to the vendor. This is code that runs in the background, that cannot be easily removed by the average user, In many cases, unwanted functions are bundled with essential functions in such a way as to preclude their removal. The user can disable them. But again, in many cases, this only disables the user interface. The programs stay on the system, and run in the background doing God knows what. . . I as the owner of the system in question certainly do not. And the vendors do everything in their power to ensure that I as the owner/customer do not have easy access to that knowledge.

Fundamentally, each and every one of these unwanted components is a potential vector for malware.

Those who govern, particularly here in US have been fully complicit in creating this operating environment. The practices and policies established under the veil of the Federal Information Security Management Act has been key contributor, as have the restrictions on and impediments to use and development of effective cybersecurity technologies.

It's been 45 years since I had the IT chops to program in machine language by poking the individual indicator light/switches on the from panel of a Navy tactical computer. But I fancy I still have a feel for the territory. I was edified to see that other commenters--who are clearly more knowledgeable on current technology than I am--had some of the same questions about this threat.

If those who sell and govern gave a rat's ass about the security of their customers, the answers would be universally available. As it is end-users are forced to rely on crowd-sourced Communities, half of whom appear to be shills for the company, parroting back steps that don't work, the other half of whom are guessing--usually that something that didn't work for W7 might work for W10, It is to weep.

A side note. Downloading W10 opened a Pandora's box on unanticipated complications for me. Will spare the details, but in the process, I wound up contacting customer support for my router. The tech expressed great surprise when he couldn't access the router remotely, with the default "password."

Effective security is impossible under these conditions.