* Posts by Arthur Daily

51 posts • joined 16 Apr 2015


Got enterprise workstations and hope to run Windows 11? Survey says: You lose. Over half the gear's not fit for it

Arthur Daily

Re: new hardware requirements

Apparently there are 3rd party install scripts to bypass this TPM nonsense. Apart from driver rewrite costs, I think MS cannot or does not want to pay for all the faulty Intel speculative security defect workarounds to backport into drivers. Or they could outsource driver re-writes to freelance coders on the web. Even Linux had to be discrete in building in intel cpu workarounds. And remember, if you cant read or control your own tpm memory, then it can be abused by leaking uniquely identifying to refuse patches or track what you do.

IKEA: Cameras were hidden in the ceiling above warehouse toilets for 'health and safety'

Arthur Daily

Additional Camera Income

You can buy cheap polarised torches, so called spy camera detector devices for a few quid. Use them. Many toilets have motion sensor IR lights to help prevent discovery, but a bit of black plastic over the sensor can allow you to do a good sweep after the timeout. You have options: collect the device and take it directly to the local cop shop (after taking a copy of the sd card). If wired, I hear a modified stun gun, or piezo stove lighter / (240Volt ac) sends a few too many volts to expensive video recorder might be ones cup of tea. Other places for camera are the office fridge (milk stealing) and photocopier room (non work copies). In some countries, middle earthers may stand on the toilet rim and squat. Some nasty problems if your behind or bowels are cut by a porcelain toilet that fails when you are on the job - because of this practice. This article did not say which way the cameras were pointed at.

NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro

Arthur Daily

Getting nastly with the bearer of bad news

Costing a security researcher for reporting bad news and sicking lawyers upon is plain wrong. There will be consequences.

Next time it will be a 6pm news exclusive, naming the committer. As for copies, you would need to audit the downloads, which is probably spidered anyways.

I would as a software firm for a 'bug scan' on the existing collections. It is SO easy to point to poor code and identify careless coders as well as identifying the excellent ones. This creates a lot of friction, and allows the removal of non thinking drones.

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts

Arthur Daily

Re: Please click the link to read

Add deceptive conduct.

Each of the councils had a suspiciously cloned response, as if the vendor value added, and said hey, if the nosey press calls, read them this pre-canned guff. If an approved suppler did this 'L plate' deep link mistake, they should be scrubbed off the vendor list. +1 for GDPR fines.

Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention

Arthur Daily

Just fix the CPU's - Still not done

To the armchair commentators, mitigation did not work. It is a big dangerous hole, and clever foreign powers will be looking for, or already have several weakest links. Maybe it keeps schoolkiddies from playing. Don't forget about the management engine, ot the cpu's in peripherals that can be deployed. There are thousands of DRIVERS out there, unchanged or unmitigated as we like to say, pre flaw discovery. Fixes for older and not so old motherboards - did NOT come either. I expect quite a few biggies (security CVE's 9+) to come out over the next few years.

OVH founder says UPS fixed up day before blaze is early suspect as source of data centre destruction

Arthur Daily

DC Fire Suppression

Halon was also highly corrosive - at least on IBM mainframe boards. Hardly any electronics was reliable afterwards. That is why DC's went back to plain old water.

It is unthinkable to have UPS's in the room. Generators and batteries went into the basement.

UPS's with lithium - are these people retarded? Every bit of equipment going in has a flammability and heat generation score.

In the 80's we even had an oscilloscope and current loops around the power cables, as a power supply on the way out, normally has more hash and noise than others. Oh, thats right, what is preventative maintenance - we expect it to be free. Well, your data, and your bits are really free now!

Arthur Daily


Value Proposition



Network BBQ

Datacentre BBQ

Now the Exchequer can really accuse multinationals of cooking the books.

I also suggest that the fire grew because someone tampered with the firedoors so they could go on cigarette breaks - or it allowed 'free' cooling, meaning someone pocketed an electricity bonus when power consumption was lower than estimated.

OVH data centre destroyed by fire in Strasbourg – all services unavailable

Arthur Daily


Are there other language translations of cloudtrastrophie?

My bet is 50% of big customers will have no backup, or only backups and DR that is at least one year out of date. Every DR exercise I saw, failed, but they told management all was good anyway. Meh, with 'agile' configuration done by waves of contractors and no documentation, there will be gnashing of teeth.

Your data will NOT get any 'priority'. The customers who will, will be the big ones - carsales, realestatesales will be at the front.

In addition INSURANCE will not pay out either. In a legal spat they will subpoena the company documents and minutes that had signoff that backups and DR were in place.

Banking software firm tiptoes off to the cloud with MariaDB after $2m Oracle licence shocker

Arthur Daily

Re: not difficult to optimize cost for Oracle in VMware

Sound testimony for avoiding Oracle altogether, distraction from an IT shop to plumber tactics.

For this reason, base your operation in Germany, where resale of licenses is legal, or in China or in India where this nonsense does not exist.

Arthur Daily

Risk assessment is not live. Not like its an irreversible transaction with transaction recovery needed.

Secondly, it sounds like the old system and fluff/link was in legacy territory. Thirdly vendors who charge more for ZERO added value need to be given the boot. Sadly the other 90% just sit still and take it up the a**s. The CLOUD was supposed to be portable - you could move at the drop of the hat to another, based on merit. Vendors reacted by selling you a Hotel California cloud, then starting adding time of day smart meter access charges and Cable TV WTF charges, and licence audits.

Having to bilk your clients more, when they are getting nothing extra in this day and age is a business risk. Thus one must act and move when formerly acceptable platform deals go sour.

Arthur Daily

Re: Features yes but..

I had a boss who wrote SQL to solve jumbled letters to dictionary works. DB2 SQL from the newspaper puzzle section when Chauffeur(jumbled) was not obvious. Soudex sounds like simple sql could do it.

Arthur Daily

This was forms/risk management/assessment.

You do not need top notch real time transactions with recovery unless you LIVE operations are critical.

So what you do is partition real time critical to ORACLE then move the work to Mongo whatever.

OR use MQ properly and not use Oracle at all.

Look at mainframe SAS customers who did the twostep to get off hostage contracts. Also get your DB's to present at techical conferences 'How we moved off Oracle'. Those who do often get rock bottom priced contracts to stop doing so.

At least that shop rejected the Hotel California mantra, rather than bilk their customer more because of vendor greed - where no value was added.

Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers

Arthur Daily

Re: And they want...

See https://copperhead.co/android/

Why can't Goolge step up to the plate? I understand it can feed user pre-selected false bogus garbage to the mothership.

Nah, maybe not for google who do not want to give end users actual security granularity, or deny tracking.

So far, not a single app that will scramble secretive backchannel data exfiltrations. Nice to know botnets are now using this for C&C, as it gets past filtering.

Arthur Daily

Re: Cross reference (very)

A very insightful comment. Although the real operating system should simply manage the memory and stack getmains, and terminate the task when it exceeds some threshold. A three line recursive function should not crash the system! However bad players are now doing exactly that, repeating for each keyword/function that drive under-the-cover privileged connections.

Calling OS security as fast as you can, recursively is an excellent test. One dumb govt entity decided 'forms' was the way to go, with each field needing a call to see whether or not to display that field! The 1 minute response times to display that form .. classic.

You allude that when a network connection breaks or server not responding orphaning memory or token passes, or some variant of sticky not-quite-a-cookie. I can tell you IBM MVS solved this by having doubly linked lists, and checking counters for each push/pop, and tracking total memory use by pools - that also generated warnings. That was 45 years ago or longer.

Going forward Google needs to spend time on memory housekeeping, because programmers seem to only look at adding cruft, without the big picture. IBM created about 10 different ways to cancel a task, and several ways to FORCE terminate things with prejudice. And sometimes free Whiskey for reporting extremely rare one byte memory leaks to system programmers.

US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack

Arthur Daily

Mmmm People doing data entry, rekeying in things, and printout distribution, secretaries printing the mornings inbox, and perhaps newspaper clippings - just like the early 80's. What is old is new again. Yet there are so many mis-configured plain old FTS servers running unencrypted...

Pretty sure the S in FISA stands for secret and well, well above that too. As no MS product has true real world secret rating, FISA stayed offline, while courts, nuclear reactors and critical infrastructure had to cut costs by being 'agile'.

Marketers for an Open Web ask UK competition watchdog to block launch of Google's anti-tracking Privacy Sandbox

Arthur Daily

Vendor (Monopoly?) Determined Master Slave relationship

The UK watchdog does not get it. And the UK Taxman is not going to be getting it either. At least France has decided untaxed rivers of gold need tax reform.

Now the poor end user is in a master slave relationship. Apple Google and Facebook determine the rules, and the front door 'take' on the walled xgardenx plantation. The UK need to insist there will be no baked in vendor chosen exceptions, and the end user can control ALL settings. They should also realize taking away cookies will enhance and extend Googles monopoly. If Google sets a pricing structure around its replacement, when all cookies were once 'free as in no cost and no permissions/paid gateways' then embrace and extend has enhanced global serfdom.

RISC-V business: Tech foundation moving to Switzerland because of geopolitical concerns

Arthur Daily

Re: Swiss Miss Incorporation

The US also imposed a secondary trade boycott on China (Telling Japan and ARM not to play nice), fab machines, software - the works. OpenBSD had to do some work in Canada. With Huawei, that trick can only be pulled once. The Swiss are legends when it comes to supply chains and reliability. So sad that Norway and Austria are not sending the right signals.

Who among you can resist an eight-core, 2.9GHz mini-PC or thin client that drives four displays?

Arthur Daily

ARM has run out of instruction codes and helper functions for crypto and graphics rendering. That is it is mature, bar the crippleware locks being added. RISC-V is interesting, plenty of time to add Arm instructions to make migration easy or plan B against sole supplier situations. Now imagine a 3nm Mega FGPA. It may be easier and cheaper to compile/burn your signage displays.

HP: That print-free-for-life deal we promised you? Well, now it's pay-per-month to continue using your printer ink

Arthur Daily

Re: print-free-for-life plan was "an introductory offer,"

In Australia, this was a problem. But now 'Life' if used in advertising is FIVE years minimum, and you cant use LIFE or LIFETIME if you know you will be EOL'ing the product before that.

In New Zealand, I think consumers can return the box to the retailer for a no quibble full refund, for deception like this (including right to repair). I hope NZ'er were offered this deal.

Also the privacy commissioner would be on the warpath - details were collected for one defined purpose - then used for another without consent. Deceptive advertising will be judged ...

One more reason for Apple to dump Intel processors: Another SGX, kernel data-leak flaw unearthed by experts

Arthur Daily

Power factor is not new

Sigh. Cambridge University identified this at least 15 years ago. And reconnecting laser cut test circuitry. Lithium Nicobate watching. A solution is a zener diode on the power line and a few gates to add power randomness. Also note the management chip is also vulnerable. Or Apple T2..I think the first example may be IBM's VM in late 1960's where hard loops on one VM could morse code messages to the other VM. Worse the Intel 'fixes' advertise where flush routines get run. I was wrong when I thought Intel would dump defective speculation leaks, and make fixing THE first priority. However when pipelining is >8 deep.

Lots to be said for the MIP's processor. I don't trust ARM, as some versions used Intels pre-ex logic blog to have the same errors as Intel.

Australian regulator slams Google ‘misinformation’ in pay-for-news-fight

Arthur Daily

Re: Nope

The main problem with Australian news and journalism is defamation(even if true) laws mean nothing saucy is printed, or Journalists arrested/searched by men-in-jackboots. Now market size is so small, even digging at advertisers/sponsors is off the table. we are like #45 in press freedom.

The paywalls on local rags are too aggressive, so if its not on the free ABC site, I search wider on the new-starters, and the Indian English newspapers for sporting event coverage. Either way local advertisers miss my attention, unless they list in say Gumtree. The way to 100% loose my business is Facebook.

Apple coughs $84m to settle South Korean market abuse case

Arthur Daily

Re: What cheek

In Australia (who usually copy British law) there is a provision in our consumer law that the Brandname carries manufacturer ownership. That is if is says Sony or Apple on the product then you can sue Sony/Apple and not Sony(Australia) or Apple(Australia) - you can go after the parent entity.

They don't like it when you find out, and lodge a small claims.

Supreme Court rules against Huawei in long-rolling Unwired Planet patent sueball: Take the licence terms we set or else

Arthur Daily


I have never been comfortable that a standard deserves royalties, or even that a standard can cost you different amounts. Just imagine if different petrol stations charged you different prices per litre, based on bowser design. We also know many patents are evergreened, of submarine patents that derive out of secret patents, previously shared. I would imagine most are coming up on 20 years old, and even petrol bowsers deliver nothing innovative, just options, bling and vending machines. I imagine putting a flat screen TV on the bowser pump, and electronics that could spark an explosion would be considered patentable.

China and other countries need to introduce a royalty withholding tax on chips/inputs deemed discrimatory or standards based, and require paperwork enumerating the import tariff - and most importantly, an achievable tax refund to reverse possible double taxation (as if royalties are actually taxed). USA has kind of messed things up by imposing conditions on top of FRAND or outright saying no. This would add to discrimination, because the value-add chain is being broken. This would then mean the frand agreement split , specifying different prices, for different countries - probably in breach of WTO. Again, China could then deem and levy the higher (refundable IP withholding tax) on all products crossing the border. This would infuriate American companies, as one assumes the IRS is also not seeing any tax declared. The upshot is UK/ Irish sandwich royalty scams would move elsewhere real quick. China should explore IP withholding taxes pronto.

Let's roll the 3d6 dice on today's security drama: Ah, 15, that's LG allegedly hacked, source code stolen by Maze ransomware gang

Arthur Daily

Re: LG Software

Lets see

1) Nothing was 'stolen'

2) Good companies have nothing to hide, and can cope with embarrassment

3) External code reviews do no harm - at least not to LG who have super low market share in the mobile market and have admitted to noncompetitive agreements signed with suppliers, but not disclosed to the relevant authorities.

4) Blackmail is not a problem if you have done nothing wrong

5) It's a company not a person - so hopefully nude selfies are not on the company server

6) Whatever happened occurred on an approved and signed off risk plan - indicating management accepted the risk anyway.

7) May use of lessons learnt - and move on to be better. PR will do the cleaning.

Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very

Arthur Daily

Throughput is what matters

Who said, or measured 2-5%?

All the Intel and Windows software remediations have slowed performace 10-25%, yet expensive per cpu software licences stayed the same. I am not sure what the slowdown did to power consumption. Besides AWS ect choose places where electricity is the cheapest.

The beauty of different chipsets is that reliability is discovered. Intel has so much undocumented junk and bloat - it is time to leave that ship. ARM also caught a cold having copied intels spec execution blob. MIPS is pure, so are some others. But again, no point in moving to a less buggy cpu is the OS has hardcoded x86 ring shit nonsense

Throughput is what matters, and IBM Mainframes on an equal die footing do well, AND have memory guards not available anywhere else.

UK contractors planning 'mass exodus' ahead of IR35 tax clampdown – survey

Arthur Daily

Re: Anonymous Contractor

First off the UK does not want to descend into no permanent jobs as occurs in the Philippines with 'endos'. It was a lurk, and its ending.

Secondly contractors do not do the same job - they rarely teach and pass on knowledge, and mostly withhold important stuff. You would too if you wanted a renewal.

Thirdly the umbrella company solution may not work, or may get hammered, as the intention is clear, and if there is no real independence. See Uber 'tests' in civilised countries not pretending to be blind.

Lastly, there will be a temptation to phoenix umbrella companies(go insolvent/broke then restart) and wipe out monies and benefits owed to employees. As such non-compete or transfer knowledge to rival competitors ENDS. If you sign a secrecy agreement with the client - then IR35 may bounce back.

If you need a security clearance and a .gov pass with defined roles in say SAP, I wonder if IR35 is triggered..

Uncle Sam tells F-35B allies they'll have to fly the things a lot more if they want to help out around South China Sea

Arthur Daily

Amazing how so many people who never saw 'Waterfall' are so expert at bagging it, by implication British SDM which was not so bad. American skunkworks planes were also waterfall - with requirements first.

I'd say waterfall projects fail as the cash burn rate is too high early on. Agile more successful as nobody on the team has seen quality, so sort-of-works is a winner.

Arthur Daily

Re: !!!

The stealth technology is BS. 1/4 wavelength means any UHF radar will see it easy. So the only stealth is angled panels that reflect radar, as long as the frequency is not too low. The Russians do have sets that operate over a wide range, as do the Chinese. Think SS400. Plus if their 5G gets in, there will be an app to detect aircraft - if its not raining.

The Americans assume a saturation cruise missile strike will defang such nasty missile sites so it is safe for the F35 to fly in. Oh wait, the Israelis had some faster jets shot down or shredded, so old assumptions are very suspect. After 2-10 minutes on afterburners, mission survival for the F35 with bays open to vent heat, will be hot targets indeed.

Arthur Daily

British Leyland is in charge of F-35B production line

British Leyland (USA) said to work for 10 hours is a miracle, beating the expecting one sortie and one full overhaul target by spades. Like our cars, each plane is a precision master crafted pride of the factory.

Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked

Arthur Daily

Re: Perhaps I misunderstood but ...

You DONT have to roll your own. WireGuard / Salsa is sufficient if you have good key hygiene.

Paranoid? Other crypto libraries are available. Just make sure you compile SSL and ONLY have three or so algorithms and nothing to fall back to. The three letter mobs have enjoyed complicated protocol fallbacks and defective checksum/certificate checking . Failing that, auto updates can be another way in for difficult punters. Plus horrible 'Management' chips on the motherboards. That screams compromised.

Plus the IOT thing means you can impose a raspberry PI as a pass through router/encryption box with keys on USB sticks that NEVER touch your main computer. But if paranoid, compile a passthrough on an obsolete CPU type with no baggage, no onboard bootstraps, and no cpu buffer speculative execution leaks such as MIPS.

Then get a zener diode and a transistor and generate lots of random noise, and pretend to swap torrents. If you buy off the shelf, all bets are off.

From WordPad to WordAds: Microsoft caught sneaking nagging Office promos into venerable text editor beta

Arthur Daily

There is no reason why GCHQ (or any foreign government) or the like cannot issue a path to remove data exfiltration activity in the name of national security.

Any decent system programmer could do a binary compare on the two versions and document settings of interest for a howto.

Any excess effort is a CLIMATE CHANGE, as wasteful processing power and electricity is squandered on unsolicited electronic intrusions. Trust Microsoft to find new ways of adding more C02 to the worlds problems.

Academics call for UK's Computer Misuse Act 1990 to be reformed

Arthur Daily

Let the punishment fit the crime comes close. Fines for civil misdemeanour's need to be added to remove matters that do not belong under criminal matters.

The original drafting was deliberately penned wide so DPP's job was easier, and because defence clauses would be complicated in an international setting. Most importantly contributory negligence needs to explicitly added for the defence. Yes a rewrite is needed, but they won't because Assauge cases need excuses for easy extradition. We already know UK law does not measure up to the more honourable and honest EU standards.

The Year Of Linux On The Desktop – at last! Windows Subsystem for Linux 2 brings the Linux kernel into Windows

Arthur Daily

Re: MS SOP: Embrace, Extend, Extinguish.

Leading businesses and enterprises who understand absolute cost control and value their market share will never touch any service that can steal their trade or profitability secrets.Azure's winning formula is an economic rent model tuned to consultancy advisors to recommend simple solutions to simpleton executives who seek shelter in the 'me too' club. Natuarlly a higher cost base will

see most fall to mean and lean ICT leaders not stuck in old world 'sales channels'.

Azure's second advantage is enabling shadow IT to suck regular IT budgets, and allow rouge executives to bignote themselves. New cost centres allow any proposal to work on paper and get the tick of somebody. All those idle phantom instances cost a pretty penny.

BAU Run time costs are about 5%. Development and forced upgrade cycles are 95% of the ICT budget. So mature business's that jump to value added services and rental models, while sacrificing privacy, are both desperate and capital shy. Possibly transitioning to a labour hire model, where skilled employees are a technical liability.

Boeing is well past the Azure stage. They went straight to 'You write this stuff' and we will pay you some ongoing forever percentage padded onto the buyers tab. MCAS - so successful, and gets rid of the 95% development overheads. Lead or follow - pick one.

HPE goes on the warpath, attacks AWS over vendor lock-in

Arthur Daily

Re: He has a point

The definition of a cloud used to be 'No lock-in' in the official govt tendering rulebook. You could more to another one in just like that. Vendors and CRM marketing droids have perverted that definition. The worst perversion is the 10 Year! deal awarded to Microsoft over AWS. It sure looks like hire-purchase or leaseback.

Arthur Daily

Re: What lunch?

Most companies out there see IT as being an unwanted stepchild that they, until now, had to care for.

Well, the stupid ones might. For some business their data IS their only business. A Cloudtastrophie in the making.

I don't see Walmart placing their sales and inventory online for Amazon to either dump, read, or somehow exploit. Lawyers can legitimize the data theft later. One believes Boeing placed their data in an online cloud, and the inability to hide smoking guns and internal emails - well not good. Tobacco and vaping purveyors probably truly know the risks.

Down the line the IRS will be trolling not only the company, but probably their legal council communications that are neither private nor safe from internal trusted executives claiming a reward after their golden parachute.

Thirdly remote access is a two sided coin. You are a fool if you believe the risk is low. As AWS usually keeps three copies of data, if you do a secure wipe - how long does that operation take to percolate over all backups and archived storage?

Sure, some will go for the short term win. The cause of this data migration was caused by vendors charging unsubstainable inflated retail plus plus for a range of software must haves. AWS got a bulk purchase rate, and passed it on, until say MS pulled the pin - so the 'savings' have evaporated. While others not picking bespoke clouds with NO breakins or leaks or operating beyond the law VPN services.

We're free in 3... 2... 1! Amazon unhooks its last Oracle database, nothing breaks and life goes on

Arthur Daily

Choose your DB Carefully - Evaluation Matrix

Old school guy here. Once upon a time we did software product evaluation matrixes that included technical support, cost of ownership(including testing environments) and vendor pricing reputation.

Experienced hands made few mistakes. Nowadays management sorts use Magic Circle Gartner reports to pick winners - or have some consultancy to make a recommendation - that had no financial consequences for them. Maybe only Walmart and Amazon fire those responsible for negative ROI outcomes.

Then Microsoft invented TOC, only cost of ownership, that never included yearly licence fee hikes, and optimum factors that worked for their marketing hype. But experienced evaluation people got the flick, as salesdroids targeted the decision makers with a budget. Game over.

Then Adabas/Natural DB started to Oracle their remaining declining customer base. One manager coined the expression bushranger tactics. IBM Mainframe users were astounded by vendor aggression. Most never bickered over price increases, when capacity management experts were made redundant.

Back to Oracle. Their tools for emergencies and business restoration were bullet proof. That won them business over DB2. People buying MS SQL Server never thought that far ahead. Then Oracle stated to do a Software AG trick - antagonise their reference sites.

Then came the Cloud - AWS and Cloudtastrophies. My tip to new players is never buy a product that allows auditors to set foot on site or steal your usage numbers. Greed never changes, so pick solutions where blackmail is less likely. OpenSource spinoffs are reliable enough.

If vendors won't licence or work with AWS, avoid them and pick another.

German ministry hellbent on taking back control of 'digital sovereignty', cutting dependency on Microsoft

Arthur Daily

Re: Do you want to be held hostage by Microsoft?

And now the firmware has been hacked, exposing new tweaks.

1) No TP security updates - old machines more than 3 years - tough titty, no vendor updates as if BIOS updates were bad enough.

2) Circular Keyboard/Mouse drivers - Windows 10 insists on NOT loading keyboard drivers but using say synaptics driver in the UEFI jungle. I now don't trust that device or enforced must use policy.

3) InSnide UEFI transmitting WiFi shit before the PC Boots.

I believe China is now getting the sovereign risk message, and seeking to remove binary blobs and key dependencies. It is possible for the US to disable most Chinese produced devices on demand.

Or a bad actor to disable via a remote connection, lots of things. Say voting machines, and voting apps. But so far both countries are keeping such baked in dependencies.

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

Arthur Daily

Re: "buried in Windows since the days of WinXP"

Remember GCHQ and other security organisations giving Windows Evaluated product status EAL ratings for the Military/Govt etc?

Well it seems every bloody text field was nickable, and probably not xor'ed out letting it be hoovered up by something else. Its great news for the next Snowden or Assage or Manning. I doubt this has been patched everywhere and I doubt sensitive text boxes have not been wrapped up, by poorly written apps. IBM mainframe has memory keys and storage pools - so not nickable. I bet this breaks screen scraping and disability/Blind applications as well.

Hope to keep your H-1B visa? Don't become a QA analyst. Uncle Sam's not buying it: Techie's new job role rejected

Arthur Daily

Anything longer than 3 years is not short term. In 4 years there should be a local replacement trained up for succession, unless they fit into IQ over 140, top 1%ers by commanding more than $120K PA.

Arthur Daily

Re: Not *entirely* unreasonable?

And in xx years they found no better local talent. The decision to spill the visa, and open the new position to market testing was correct. One suspects the role had changed for a while and went undetected. Go back and fine the firm.

The firm made the mistake of not writing in things like 'knowledge of internal corporate qa, and being able to do so at speed' Apply judgement of QA using corporate knowledge'. Perhaps the USA rightly bans tailor written job applications that only one person in the world will meet.

California's politicians rush to gut internet privacy law with pro-tech giant amendments

Arthur Daily

Privacy workarounds

Privacy means you having control, and being able to revoke private information.

Profits means having the dirt, and leverage on everything you can swipe legally

There are in comflict, but I bet profit, and pay lobbyists what the want wins.

Governments need more tax. The solution is to tax personal information holders, and tax thse with monopoly share.

Qualcomm fined €242m over 'predatory pricing' that helped to knock off British competitor Icera

Arthur Daily

Laws are made for an outcome. Fair and transparent fit in there somewhere.

While the rebate/secret commission/backhander/ tied contract/volume pricing whatever may have been legal, these tricks, along with others (export income non taxable if usa co) and patent cross licencing? the net effect is/does kill off competition. I think AMD once discovered

Most EU/UK laws fail. The American lawyers run rings around you. You need to tax imports that have non-transparent manufacturing elements hard.

USA is now banning Huawei, because they don't like their own brand of commercial medicine.

Did you know?! Ghidra, the NSA's open-sourced decompiler toolkit, is ancient Norse for 'No backdoors, we swear!'

Arthur Daily

Re: Gift Horse...

Not needed.

What is missing is a hardware grab tool, where all memory can be discovered and dumped, and bootloaders detected and some automation to unpack compressed or obscured blobs.

That is a big hurdle.

So everyone can unlock bootloaders and replace compromised certificates, when the vendors abandon product. The choices seem heavy for CPU's, and light for microprocessors such as in graphic cards and disk drives.

With other options out there, this is harmless, and not increasing ease of discovery.

Arthur Daily

Re: Perhaps they have moved on

See Intels pre-execution pipeline hack (Not bug, because they knew and picked good-enough).

Made its way into Intel chips, AMD, ARM and IBM chips. Just two makers of modem chips, both with onboard processors. Rather than correct the hardware, secret inefficient software semi-fixes are being chunked out. Only Linux people have fessed up into saying software remediation is slower than microcode hobbling). Rather than a fix, Intel is directing resources to encrypted code execution extensions that will make viruses undetectable..

Arthur Daily

Re: why on Earth give this away for free to everyone on the planet

Before Microsoft and the ilk, IBM source code was held by nearly everyone, and control blocks of course. IBM part relied on others to fix their code, and often sent smart ones free gifts or bottles.

Pretty sure ICL, Fujitsu, and DEC/PDP gave out source code. Too young to remember CRAY and CDC. Bottom line was that there were no 'memory leaks' and orphaned junk, and one off errors when real SE's could hunt them down.

Then IBM started covering up control blocks and VSAM, and making source code available to SE's where locked up - just in case the OS went into a deadly embrace /loop that could be fixed on the spot - rather than 2-3 days of no ATM's.

Rolling on - the Atari, TRS80, and AppleII had very tight and efficient code, with chess programs under 1K! Now Microsoft is bloatware riddled with poor coding, unchecked parameters, unchecked recursion, and unreviewed code. If it is done inhouse, you have to wonder from the company that retitled machine attendants to 'systems engineers' .

The UK's Investigatory Powers Act allows the State to tell lies in court

Arthur Daily

Re: Reasonable Doubt

Kim Dot Com appears to have this problem in NZ.

A poisoned Forrest of illegally obtained evidence if being accepted. Add to that fabricated charges that do not exist in NZ. Like in Rainbow Warrior, maybe deals struck on a wink and nod

Australian Information Industries Association*: you're not the future of democracy, so please shut up

Arthur Daily

This is Either or OR, so you always have the option of a physical paper.

The 2nd requirement must vote from a mobile phone in your name.

3rd. You have a MyGov account and given electronic consent through it OR a setting that says 'refuse electronic vote' which is the default setting .

4th. It must be cheaper and must be open source and must be independently verified by many. There is free software - thinking Brazil .

5th Any cast vote comes with a reply SMS and optionally a confirmation magic number

6) A 2nd app is sent out weeks before allowing you to practice vote and get a magic number that will depend on a second number you input when you vote.

7) Thus any tampering or MITM attacks has a high probability of being picked up.

8) For the paranoid - voting boxes and tally on paper tampering has been known to happen.

9) So a voting SMS message that says 'You voted, your checksum is xxxxxx '

10) leaving you phone lying around and your partner voting will not work.

11) Extend voting vindow for electronic method

13 This translates to barcodes and 2 large prime numbers.

Australia cracks tech giants' tax dodge code

Arthur Daily

Re: why should the coumtry in which the item is sold enjoy the biggest tax 'take'?

Well, the US has a 19% max for overseas revenue not booked home.

Singapore / HK around 15%

Money into Ireland goes out without Ireland's tax take, due to other tax treaties.

And besides price transfer schemes and arms length transactions are illegal, to the extent that complicated shamming and diversion cannot be proven in a court of law.

The solution is a 15% withholding tax increasing 2% every year if not claimed, or import duty re-introduced at a level to discourage this.

Assange™ celebrates third year in Ecuadorian embassy broom closet

Arthur Daily

If the Swedes actually do believe in Justice, after 4 years - one year more, they should simply declare him guilty, declare 'time served in full' and cancel the extradition order. Petty, vindictive and wasteful of resources is how it looks. The reasonable man test says there is something else going on, and that British justice is looking crook and bent.

Amazon: DROP DATABASE Oracle; INSERT our new fast cheap MySQL clone

Arthur Daily

People do not get what they pay for. They get a rosy glow from buying market leader and brandname, and rarely screw down perpetual outgoings. If you don't mind privacy concerns, then cloud is the way to go. Vendors have been charging murder, for products in limbo. Sometimes they need to be shown the door. Amazon is selling the door (as are others), and brandname vendors will panic when the skills for painless converts arise.



Biting the hand that feeds IT © 1998–2021