* Posts by Arthur Daily

88 publicly visible posts • joined 16 Apr 2015

Page:

NHS England published heavily redacted Palantir contract as festivities began

Arthur Daily

Lots of money for an FTP program and hackable RAT server (all the same)

Yes, The US defense dept had a similar trouble - unpatched glue or integration software. The checks and balance should be a competition where pen testers can have a go on test data - and the real results and rewards published.

Health crusaders prep legal challenge over NHS mega contract with Palantir

Arthur Daily

Get your doctor in on the game. Add some offensive names in Latin that would never fly in any workplace. False or incorrect information in any system ruins it. Add some metadata that points to nasty ransomware. Like OOO (comatose like) or TUBE (Totally Unnecessary Breast Examination), SOB SOB (Silly Old B - Sh in Bed) Newer doctors don't know the old fountain pen age of GP slang. What make TUBE funny, is that no breast exams are unnecessary - one GP found many cancers early, saved lives. O-Sign in bed, mouth open, staring at ceiling. LO for lights out. Ref: https://journalofethics.ama-assn.org/article/derogatory-slang-hospital-setting/2015-02

Arthur Daily

Re: Still scratching my head...

Because their first choice was already taken, see A plantar wart, or verruca vulgaris, is a wart occurring on the bottom of the foot or toes. These things are nasty, and take ages to heal. Surgical removal needed. What a joke - outsourcing, warts and all.

UK government lays out plan to divert people's broken gizmos from landfill

Arthur Daily

Missing repair information is needed for the solution

Manufacturers HIDE repair information. These may be like what chip level parts most commonly fail, or moisture ingress solutions. These secrets they give out to authorized repair dealers and dates back to before CRT TV sets. There is a site called Badcaps or the like that show how simple repairs can be. Once a product is obsoleted, the service manual should go public and bootloader codes or solutions made available. If not keyword search on Electrotanya may work. Loius Rossmann is pushing for this and other things.

One one dishwasher I know of, if the pump is blocked, then manually unblocked, the machine will NEVER work unless some secret serviceman button push combo is entered. Good trick , 100K dishwashers to landfill. Or make the door cable brittle so so many door operations - it breaks the contacts. Or a magnet sensor that fails over time (hot water de-magnifies).

Cloud engineer wreaks havoc on bank network after getting fired

Arthur Daily

Not an Engineer

So was he really an engineer - you know member of a professional society BCS, ACS or similar. Most professionals also have professional indemnity insurance.

The bank's security department was asleep, at least contributory negligence. Also least the guy was stupid - he should have darkweb knowledge and planned a 6 month campaign. Now we know the bank is slack and sharing occurs, it may rise up the list of future targets. Slip a deadly embrace into the dev code, or enhance SQL injection. So tell us, who got the sack in HR because passwords were not revoked stat?

BlackCat claims it is behind Fidelity National Financial ransomware shakedown

Arthur Daily

Another Evasive public statement without the root cause mentioned

Cant have people questioning the board why there were weeks and weeks delay in applying a critical patch. Therefore hide the known defect, so the timetime is also not revealed. Anything to keep full performance bonuses.

Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land

Arthur Daily

Re: Like trying to find diamonds in a septic tank

Few companies have clean hands, or would not be ashamed of something. Many companies try to charge different prices for the same item is different countries. Like car parts, the prices can verge on blackmail levels. I suggest China will have a good look, so it stops overpaying, and concentrates where the margins are fattest. Airbus is free to employ some researchers to do a deep dive. Some lame countries say it is 'illegal to read this leaked info' on the darkweb or whatever. Another way of gagging investigative journalists. These shocking leaks will continue well into the future, until the ICT area is allowed to apply patches ASAP. One week, two weeks is an eternity and a FAIL. ICT is usually outsourced, and on a budget, and not all vendors email the actual person likely to do the change. And most vendors do not get the BOOT for having tokens in memory unprotected. Try paying your vendors X, and less per >8 CVE, and a formula for patches. I tried looking up .gov evaluated products list, and it was not public. This ensures private companies will be caught with their pants down, and with defective risk plans. Combine this with shadow IT purchases, it is great the govt is supporting blackmailers, and making some security people very rich indeed. Yes, embarrassment is need to get the herd fit.

Cisco warns of critical flaw in Emergency Responder code

Arthur Daily

On CISCO

After their enterprise stuff had at least 5 backdoors, after EAL certification, I assumed CISCO would never never do that again, ever. Boy I was wrong. Now we need to suspect ladder attacks are built in. I pity Apple, as some of the Nxx ladder stuff has been brilliant. The right question to ask CISCO - is HOW did this get past their redoubled QA?

Amazon, Microsoft under UK regulator's eye as cloud market probe confirmed

Arthur Daily

Clouds are supposed to be portable service

Clouds are supposed to be completely portable and the same. Don't like one - easy , move to another that's cheaper/better. That was how Gartner and the like sold it to CEO's in the early days. Then clouds needed certification levels - with the assumption that they must be OK if they are the mega players. The rot started when they demanded 12 months to five year in advance. Then CEO's thought hey lets create something, and say it is not capex or opex, but leasex. Sorry leasing is recurrent opex, and accounts has a mental in paying opex in advance. In realty, the cons being done now - YOU need a broker because nobody else knows if your deal is value for money. The term UPLIFT - if you live in a country with a weak currency - well you are up the creek. But now as people are hooked, key talent retrenched, it is 'Too hard' to bring it back in house - so they say. Yes, they are now abusing their market power, and should be investigated. Better yet, mandate they may NOT use the cloud, and all entities on them in annual reports list 'Leased Contracted services'.

Microsoft calls time on ancient TLS in Windows, breaking own stuff in the process

Arthur Daily

Delivery Lockers for mail order

Those postal lockers full of goodies. Want to make a bet which TLS they use? Or how long to crack a trace or transaction?

IBM says GenAI can convert that old COBOL code to Java for you

Arthur Daily

Thank HR for Critical systems failure

Thank or Blame HR. Succession planning is not hard. But when you tell greybeards they are rubbish and not wanted - and untrainable.. Many of us COBOL programmers grew up with assembler language as well, so the design of data structures was tight and orderly. In addition overflow and edit checking was standard - everywhere (now optional?). Even IBM sort/merge is nearly a full grown GREP. Growing up, Pascal or ADA was the rage, fully typed too. But hey, strong typing and declarations - was inconvenient for shithouse programmers, Vs many COBOL super-programmers that I knew. Java is rubbish - I can see that RUST or C+ would be just as easy to convert. My sins included COBOL recursion to cover date based business rules in a spreadsheet format some consultancy company decided was good.

You will get my attention when Watson flags recursion and the dreaded interprocess communication layer . I have seen too many Indian conversion projects where transaction file header and footer records get turfed. So what if a CSV file is processed twice, or the is a typo, and some silently not processed at all. Solution: Just pay people what they are worth. And do code walkthroughs with top people.

Europe vows it won't let US and Asia treat it as a source of museum-grade chip tech

Arthur Daily

Import Substitution

Getting business working was solved in 1911. It is called import substitution, and a stiff tariff on goods with no local content, or no local approved offset activity. See India, or China before the rush there happened. In 2023 this would be awkward, because cost breakdowns would need to be provided - that that would expose tax evasion. EU will remain a backwater, because only a stick waving will induce change it not visible - nor tax haven attacks. Same for those other search engine monopolies. Only France is getting uppity. As for Taiwan, it is not about GDP per head - it is about cost per chip factory employee, and insurance that if one leaves, there are others. Value for Money, Taiwan and China lead the pack, plus they have a scalability advantage, and no strikes all year round production.

Lawyers cough up $200k after health data stolen in Microsoft Exchange pillaging

Arthur Daily

Re: Excellent. Start fining companies that don't protect their clients' data.

Wrong. 300K is chicken feed for a law firm, They decided to willfully take shortcuts to save money. For HIPPA data , known critical patches not delivered in a month need to be classed as negligence, no ifs or butts. There needs to be a register of shame, naming the actual people with actual responsibility for this intrusion, up there for all to see, as well as all elected directors. Lately there is a trend to appoint security fall guys to wear all blame, but have no say in the budget, nor an automatic emergency reserve. Most go for 2 year contracts, as first year might be a tight budget, and the 2nd year coasting on 'acceptable risk'. The pentests should also be placed online after any breach, so everyone knows slackness was the cause.

Belarus legalizes piracy – but citizens will have to pay for it

Arthur Daily

In Australia the public libraries collect it, it go's to one central place, then distributed. I think Canada and Sweden do the same thing. So Belarus does the same, only that entity has sanctions against it, preventing the money getting out. If I were designing sanctions, I would say money can flow out, but not in. Probably because China would love that, as its banned from paying for IP.

So there is no stealing, just that sanctions are working as designed. Again, a number of countries sweep unclaimed money into .govt coffers, including Australia. Or Belarus can send some Ukrainian currency bonds as payment.

San Francisco investigates Hotel Twitter, Musk might pack up and leave

Arthur Daily

Go Elon

I am with Elon on this. Codes that have nothing to do with safety or incorporate common sense. The city knows the situation is one of emergency. Pull the plug, leave the city. Not sure if Bentonville for Walmart is still cheap, but North Virginia or Clay City beckon. or Tx. Mature businesses need to ditch over the top expenses, including fancy HQ.

CT scanning tech could put an end to 100ml liquid limit on flights by 2024

Arthur Daily

Radiation Danger - What sort of X-ray exposure - What are the facts?

Not all X-rays are the same. What is the radiation dose the operator will get? Remember the big room, and the operators standing behind lead plastic when you go to hospital for a CT scan.

I though the devices were a mild form of backscatter radiation considered safe relative to the flight dose you will get. Maybe that patent cost for detection of nitrogen rich explosives and acetone is the real reason. I though the existing machines were fine , and the only thing here was the cost of software, and the insistence of a USA patent to get approval status, so software fees were unavoidable. Water is a non-problem, as is alcohol. Garnet stones, Women's cosmetics,oil rich food(peanut butter) and fuming nitric acid remain a problem. Do not believe the safety data, because the operator is slower, and some passenger luggage will deflect rays = radiation leakage.

Techies try to bypass damaged UPS, send 380V into air traffic system

Arthur Daily

Airport Departure and Flight Taxes - were they imbezzled?

The Philippines has some pretty stiff flight and departure taxes.Everything should have been covered. Philippines has excellent and cheap talent, so there are no excuses for simple foul-ups, or not saying why there was no redundancy. I know generators and UPS's are often falsely blamed, to avoid the real reason. Critical stuff also has power 'conditioners' like big expensive copper coil chokes, and for radar gas overvoltage banks to take a full lightening strike. Thus overvoltage sounds like a false excuse to me. Who signed off on the testing drills? No, this is a cover-up story. I suspect the batteries were never replaced or tested (along with the ups). A bigger than normal blackout happened, and someone unqualified (cheaper to employ you see) bypassed the GPS and power conditioners, did a direct connect, and the local power company on startup - let a surge in, along with 380-520v startup capacitors in every airconditioner and fan in the airport. (380*1.414= peak ac voltage of 518 volts, and if 3 phase) Oh dear! Speculation that the power conditioners were 1) sold off, 2) failed years ago, and just bypassed), that there was no UPS, and the dude* have no 3 phase experience. We look forward to the official report.

Google debuts OSV-Scanner – a Go tool for finding security holes in open source

Arthur Daily

IBM SMP/E

IBM SMP/E at least since 1985 kept track of every module and all dependencies used to build their mainframe OS. Change one module, and you could discover which products contained it. Any/patches/zaps/fixes you knew for sure, which products needed automatic fixing across the board. Looks like people are reinventing the wheel. So said, it was a difficult beast to master.

Intel settles to escape $4b patent suit with VLSI

Arthur Daily

Re: "investigate the validity of the company's patents"

Patents primary purpose is to advance USA inc, because it can never match labor costs. The theory goes as USA was the best of everything, any serious disputes would be settled by cross-patenting for no money, thus other countries had no chance...However China now exceeds USA in quality research papers, and patents, and exposing fake or ever-greened patents. The USA tried the software/closed firmware cost on China route. Meanwhile Taiwan showed it got things right. In all, China will win long term, and overcome the trade landmines placed before it. Do not forget Sanyo, Sony and NEC suffered, LG and some Japanese cos failed, possibly Blackberry when cost of patent included a % of final retail price.

\

Arm processor technology caught up in US chip war with China

Arthur Daily

Adding to global warming

OK, China just runs on old servers that are adequate enough, but consumes double the electricity. So China just doubles its energy consumption till it can make something more efficient. ASML and the EU Greens should be livid about sanctions that drive global warming. China should put out a CO2 impact cost report to wave in their faces. In reality this is about economic protectionism and illegal trade subsidies. USA should do what its best at: Apply import duties and taxes to goods made overseas. Why that may even create jobs in the US.

Southwest Airlines blames IT breakdown for stranding holiday travelers

Arthur Daily

Business rules matter

Rather than port and reuse business rules, there is major major no-no's where the lowest bidder for a new system gets to redevelop the lot, and get this, NOT held accountable for not implementing critical rules that were in the old system that worked: aka less is better. Get that early delivery bonus. Over-promise, under deliver. Porting and Conversion is a dirty word.

Arthur Daily

Re: Outdated scheduling software?

Bad seasonal weather problems for airlines has been solved for decades. There is no excuse. There is a process called Operations Research or OR. Apparently given billions, SW failed to employ a decent analyst. You can bet there was no cost cutting on the revenue maximization engine that is responsible for jacking up fares. The only possible, just excuse is that the airports changed their software, and the inputs not available to the scheduling software. On the plus side, each worker is GPS tracked, hours worked and available known, if they have a mobile.

This startup reckons its chiplet interconnect tech can best Intel, TSMC

Arthur Daily

ICL Bus and Tag

Same as 1960 tech, only smaller for those who remember. The main problem is faulty chiplets doing faulty speculation, or just no initializing memory/registers allowing leakages. The public seems to ignore defective cpus. Buslines have noise and crosstalk. If you shrink to 5mn then you are closer - less noise. Apple gets it, and have worked out better compromises with the shrinkage. But nobody seems to remember ICL(Fujitsu) SUN Computer, and DEC, loving fat rich busses.

You thought you bought software – all you bought was a lie

Arthur Daily

You can BUY software, and the opportunity to resell it later, unfettered. But only in Germany and Switzerland, where on their Ebay's and the like, you may buy. Even Adobe - who were the last holdout. Germany takes first doctrine seriously, and the fines will be eye-popping for claiming otherwise. After that court loss, Adobe and others put critical bits online only, to get around that. Technically many countries are not charging yearly rental taxes - as they should. But older versions are generally good enough. Secondly, some Nordic countries do not criminalize civil matters, but set damages at actual rates, not imaginary in their dreams blackmail levels. Therefore is is legal to take measures for emergency recovery - such as hacking intrusion/ransomware. Few people know licensing bullshittery slows fast recovery, so in some countries you can remove or defuse software time bombs. Obviously the best solution is to hang on to what you have.

Cyberattack brings down InterContinental Hotels' booking systems

Arthur Daily

Hacked before, downtime before - failied to take duty of care - Claim Denied

Hopefully the insurance/cyber insurance will not be paying for this. They had history. Apparently security was weak, as was the capability to move to backups. The amazing thing is other like entities are not spending big in fixing things - cheaper to wear downtime. And if you do look at cloud(other peoples infrastructure) you see they get hacked often enough.

Terminal downgrade saves the day after a client/server heist

Arthur Daily

Re: The Cloud vs Mainframe+Terminal

Clouds took advantage of

1) Costcentres , costcodes and Project Time Management chargeback

2) Budget theft by OPEX CAPEX interchangeability

3) HOWLS - that something other than Opex/Capex needs to be invented when you sign 5 year leasing deals with MS or the other. Bit rich coming from Finance, Exchequer and banks.

4) Denial. Ask what happens when you don't pay your bills on time. See Turkey, Russia and Ukraine and others in that debt pipeline.

Intel details advances to make upcoming chips faster, less costly

Arthur Daily

Re: Wake me when you're relevant again.

All bluster. What are you going to do, to beat TSMC. Oh I see, this and that, and hope to come in 3rd. Did they say they would be able to at least match TSMC: Nope. I also see speculative execution flaws - do not appear to be fixed yet. The good news is China is free to ramp up its laggard tech and fabs. May the best player win.

Symantec: More malware operators moving in to exploit Follina

Arthur Daily

Please Explain

Why is there some proprietary protocol back-channel talking to MS HQ - in a text processing program. Say WORD for DOS. Every MS protocol - say SMB or this back-channel is bad security, and obscure to deliberate privacy intrusion. Lets hope the EU investigates data leakage . If my document had 'Takeover Bid' some inside traders would be well placed. Lets investigate what leaked, and how much over time.

Microsoft trumpets updated HR-friendly policies (that comply with recently changed laws)

Arthur Daily

Non USA staff are 2nd Class

Only for USA workers. So your true values say 'What country to you work in' . Enlightened NOT.

US prosecutors: Chinese walkie-talkie-maker Hytera stole Motorola secrets

Arthur Daily

Re: So am I

The USA has a 'Too obscure' clause in their patent system, so patents in Korean or Japanese or some other foreign language is just too hard. There is no 'Sorry, well yeah, the Japanese were making these 30 years ago' automatic cancellations/ removals.

Arthur Daily

Re: What secrets?

CODEC's are done and dusted, and I hope they use the open source ones- there are many to choose from - see wikipedia. Huawei knows all about trunking - nothing new there.

Motorola only has one annoying feature -amateur radio hackproofing, and not allowing the enduser to bypass 'blocked' bands for local markets, such as police etc. So they buy Baofeng instead. Motorola only has one secret - quality and reliability, testing of batches, they just work. And the paint does not wear off the buttons. Somehow I think Chinese companies will not use any of Motorolas training and QA procedures, nor spend more money testing, and catching their suppliers selling downgraded knock-offs. It is the French SDR radio firms that should be squealing. The perfect walkie talkie would

1) Compulsory user registration - like Android, un-upgradable after 2 years

2) Have backdoors, secret GPS tracking data to the mothership

3) Use the words AI, Improved, and Facebook likes for using it

4) A Kadashian version, iron pyrites , sparkles and gold flashing

5) Uploadable ringtones, and a playstore

6) Push ads on the user.

7) A built in mobile phone jammer (note some ultracheap battery chargers and led light bulbs do this well).

The only thing of value is a current customer list, and the numbers of the purchasing decision makers.

Even that is questionable, because they have already been blackballed in the US.

Sealed, confidential IBM files in age-discrimination case now public to all

Arthur Daily

Your peak is at 35

30-35yo is your technical peak - at least to all HR departments. After that you do not fit in with the younglings. It is also trendy to go the the 'cloud', outsource your storage, and rent applications and os's - for as long as you are in business. As IBM won't give out actual tangible numbers - well where there is smoke ... There is also a trendy to outsource specialties, like comms, since basically the 1990's. It is like can I get a package, and end up working doing the same thing Monday. Some can, some can't. Some companies market test, go cheap, then discover the winner has no experience when the 5% dig you out of a hole knowledge - is absent.

This space is littered with IT service looser's **, HP, HPE, DXC, IBM etc - Lockheed Martin IT? Anyway the winners were all young companies with just out of uni fresh employees, not many experienced ones. Looser's only because the software and cloud licence games, ripped budget off the client, who had less money to spend on vendor development - which oddly appeared in Accounting firms pockets.

The hard fact is IBM was and had to respond to clients being unfaithful to be long term, meaning it cant afford specialist pensions. You will note the Airline industry and the car makers are getting lots of hand outs. Without looking at IBM, you can see plenty of other sectors ditching older workers, and putting new ones on with casual conditions, via a labor hire company to firewall the shame.

Microsoft slides ads into Windows Insiders' File Explorer

Arthur Daily

Forced Facelifts for old farts

Imagine being told you are ugly, you need a facelift to freshen up. Do not be afraid of the surgery etc. Every 7 years or so. Well every time I am forced to alter(not necessarily upgrade) their OS, I get angry. I am happy being who I am, and an interface I know well. Making matters worse, is I use mobile phone connectivity ONLY, in the backcountry, where there is no reception sometimes. At at 4.30 PM, my internet drops out because the feeble telco has skimped somewhere.

I wait patiently for the EU to tell MS they are not allowed to hoover my disk drive and keyword index so they can sell sales leads to every Tom Dick and Harry. It is bad form to read your sisters diary, but hey now that legal if its online and you are some big company.

The business has 1000's of savory legal cases, murders, things involving children, and done a global replace, inserting politicians names and company directors for a litany of egregious crimes. Yet somehow the plod are not knocking on their doors. If we get hacked, at least we find out early!

NHS Digital's demise bad for 55 million patients' privacy – ex-chairman

Arthur Daily

Data Obscuration is Imposible

Data Obscuration is impossible. Fields and relationships are subtly linked. The people working on such projects lack experience and formal qualifications. And they don't understand hospital specialists, or even operation timing. Or if a surgeon dies or they are all at some conference, what guesses can me made. In all, people with high intervention rare diseases can be linked back, others less so. In Australia the university researchers were able to poke holes, because they were aware of some relationships . The most significant discovery was which hospitals are best, and which are the worst (infections, follow up corrections needed) which the insurance companies lapped up, but the researcher denied the ability to publish. When the ability to score surgeons against procedures , that too was banned from light of day. In all digital information is not welcome, when it identifies deficiencies.

Apple seeks patent for 'innovation' resembling the ZX Spectrum, C64 and rPi 400

Arthur Daily

Prior Art

Toshiba Libretto (My bet is Japan has plenty of prior art).

IBM Dauphin, original TRS80's mentioned.

Hitachi Peach and something from Rockwell USA and I consider Nokia phones with the sliding keyboard to be a computer, as you could also program it. Before that IT programmable calculators. Many had IR ports to 'communicate' as well.

As for Keyboards, the 1970 ones from ICL were 3 inches thick, 1mm pressed steel, as were NCR ones, that featured their own 24*80 terminal controllers with computers that optimally compressed packets for ATS and CICS transactions. (Remember those 300 baud handset modems).

Going back further, the German Enigma machine, and The British/Polish equivalent - some packed lighting indicators.

Register Lecture: Right to strike when your boss sells AI to the military?

Arthur Daily

Yes Minister

The BBC show Yes Minister summarizes the arms trade - Yes, if you pay us cash.

The term AI is complete BS. Like all real war stories, key technology falls into the other sides hands (such as Enigma) or the Poles building better radios and computers. Or launch codes for BUK missiles. Much AI is diplomacy and trade wars - hoovering up jobs , taking the money. Or take nuclear energy. The best thing about AI is an EMP bomb often disables same, or phased super high radar arrays cook the electronics of anything in its path. Social media. Some call it AI, I call it persistent data theft via monopoly share, much like the Stasi had it citizens in check.

SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years

Arthur Daily

Using Production Data

Is a fireable offense- contracts terminated immediately if Visa or MC catch one of their processors doing it. Military also loves to have whiz bang contractors packing TS USB sticks to test classification software. Tax departments spend big buck on sanitized pseudo production data, costing millions each year. Then there a 5 audits in a row, five annual reports that missed this. That should amount to five fines and the sacking of whatever tame in-pocket company doing their reports. I would say many sites casually break this rule, at least 40%. Why? Because people know know data - once called data administrators are extinct as a species, or cower under pressure. Plus someone trusted has to convert the production data - in a dedicated environment with loads of storage and sort cpu cycles. That expense is also shunned. In all, the fine is a pittance, and they saved buckets of money. Nothing has been learned. Now they will apply for an authorized exception.

Got enterprise workstations and hope to run Windows 11? Survey says: You lose. Over half the gear's not fit for it

Arthur Daily

Re: new hardware requirements

Apparently there are 3rd party install scripts to bypass this TPM nonsense. Apart from driver rewrite costs, I think MS cannot or does not want to pay for all the faulty Intel speculative security defect workarounds to backport into drivers. Or they could outsource driver re-writes to freelance coders on the web. Even Linux had to be discrete in building in intel cpu workarounds. And remember, if you cant read or control your own tpm memory, then it can be abused by leaking uniquely identifying to refuse patches or track what you do.

IKEA: Cameras were hidden in the ceiling above warehouse toilets for 'health and safety'

Arthur Daily

Additional Camera Income

You can buy cheap polarised torches, so called spy camera detector devices for a few quid. Use them. Many toilets have motion sensor IR lights to help prevent discovery, but a bit of black plastic over the sensor can allow you to do a good sweep after the timeout. You have options: collect the device and take it directly to the local cop shop (after taking a copy of the sd card). If wired, I hear a modified stun gun, or piezo stove lighter / (240Volt ac) sends a few too many volts to expensive video recorder might be ones cup of tea. Other places for camera are the office fridge (milk stealing) and photocopier room (non work copies). In some countries, middle earthers may stand on the toilet rim and squat. Some nasty problems if your behind or bowels are cut by a porcelain toilet that fails when you are on the job - because of this practice. This article did not say which way the cameras were pointed at.

NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro

Arthur Daily

Getting nastly with the bearer of bad news

Costing a security researcher for reporting bad news and sicking lawyers upon is plain wrong. There will be consequences.

Next time it will be a 6pm news exclusive, naming the committer. As for copies, you would need to audit the downloads, which is probably spidered anyways.

I would as a software firm for a 'bug scan' on the existing collections. It is SO easy to point to poor code and identify careless coders as well as identifying the excellent ones. This creates a lot of friction, and allows the removal of non thinking drones.

Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts

Arthur Daily

Re: Please click the link to read

Add deceptive conduct.

Each of the councils had a suspiciously cloned response, as if the vendor value added, and said hey, if the nosey press calls, read them this pre-canned guff. If an approved suppler did this 'L plate' deep link mistake, they should be scrubbed off the vendor list. +1 for GDPR fines.

Google emits data-leaking proof-of-concept Spectre exploit for Intel CPUs to really get everyone's attention

Arthur Daily

Just fix the CPU's - Still not done

To the armchair commentators, mitigation did not work. It is a big dangerous hole, and clever foreign powers will be looking for, or already have several weakest links. Maybe it keeps schoolkiddies from playing. Don't forget about the management engine, ot the cpu's in peripherals that can be deployed. There are thousands of DRIVERS out there, unchanged or unmitigated as we like to say, pre flaw discovery. Fixes for older and not so old motherboards - did NOT come either. I expect quite a few biggies (security CVE's 9+) to come out over the next few years.

OVH founder says UPS fixed up day before blaze is early suspect as source of data centre destruction

Arthur Daily

DC Fire Suppression

Halon was also highly corrosive - at least on IBM mainframe boards. Hardly any electronics was reliable afterwards. That is why DC's went back to plain old water.

It is unthinkable to have UPS's in the room. Generators and batteries went into the basement.

UPS's with lithium - are these people retarded? Every bit of equipment going in has a flammability and heat generation score.

In the 80's we even had an oscilloscope and current loops around the power cables, as a power supply on the way out, normally has more hash and noise than others. Oh, thats right, what is preventative maintenance - we expect it to be free. Well, your data, and your bits are really free now!

Arthur Daily

Cloudtrastrophie

Value Proposition

Datashredding

Databurnout

Network BBQ

Datacentre BBQ

Now the Exchequer can really accuse multinationals of cooking the books.

I also suggest that the fire grew because someone tampered with the firedoors so they could go on cigarette breaks - or it allowed 'free' cooling, meaning someone pocketed an electricity bonus when power consumption was lower than estimated.

OVH data centre destroyed by fire in Strasbourg – all services unavailable

Arthur Daily

CLOUDTASTROPHIE

Are there other language translations of cloudtrastrophie?

My bet is 50% of big customers will have no backup, or only backups and DR that is at least one year out of date. Every DR exercise I saw, failed, but they told management all was good anyway. Meh, with 'agile' configuration done by waves of contractors and no documentation, there will be gnashing of teeth.

Your data will NOT get any 'priority'. The customers who will, will be the big ones - carsales, realestatesales will be at the front.

In addition INSURANCE will not pay out either. In a legal spat they will subpoena the company documents and minutes that had signoff that backups and DR were in place.

Banking software firm tiptoes off to the cloud with MariaDB after $2m Oracle licence shocker

Arthur Daily

Re: not difficult to optimize cost for Oracle in VMware

Sound testimony for avoiding Oracle altogether, distraction from an IT shop to plumber tactics.

For this reason, base your operation in Germany, where resale of licenses is legal, or in China or in India where this nonsense does not exist.

Arthur Daily

Risk assessment is not live. Not like its an irreversible transaction with transaction recovery needed.

Secondly, it sounds like the old system and fluff/link was in legacy territory. Thirdly vendors who charge more for ZERO added value need to be given the boot. Sadly the other 90% just sit still and take it up the a**s. The CLOUD was supposed to be portable - you could move at the drop of the hat to another, based on merit. Vendors reacted by selling you a Hotel California cloud, then starting adding time of day smart meter access charges and Cable TV WTF charges, and licence audits.

Having to bilk your clients more, when they are getting nothing extra in this day and age is a business risk. Thus one must act and move when formerly acceptable platform deals go sour.

Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers

Arthur Daily

Re: And they want...

See https://copperhead.co/android/

Why can't Goolge step up to the plate? I understand it can feed user pre-selected false bogus garbage to the mothership.

Nah, maybe not for google who do not want to give end users actual security granularity, or deny tracking.

So far, not a single app that will scramble secretive backchannel data exfiltrations. Nice to know botnets are now using this for C&C, as it gets past filtering.

Arthur Daily

Re: Cross reference (very)

A very insightful comment. Although the real operating system should simply manage the memory and stack getmains, and terminate the task when it exceeds some threshold. A three line recursive function should not crash the system! However bad players are now doing exactly that, repeating for each keyword/function that drive under-the-cover privileged connections.

Calling OS security as fast as you can, recursively is an excellent test. One dumb govt entity decided 'forms' was the way to go, with each field needing a call to see whether or not to display that field! The 1 minute response times to display that form .. classic.

You allude that when a network connection breaks or server not responding orphaning memory or token passes, or some variant of sticky not-quite-a-cookie. I can tell you IBM MVS solved this by having doubly linked lists, and checking counters for each push/pop, and tracking total memory use by pools - that also generated warnings. That was 45 years ago or longer.

Going forward Google needs to spend time on memory housekeeping, because programmers seem to only look at adding cruft, without the big picture. IBM created about 10 different ways to cancel a task, and several ways to FORCE terminate things with prejudice. And sometimes free Whiskey for reporting extremely rare one byte memory leaks to system programmers.

US court system ditches electronic filing, goes paper-only for sensitive documents following SolarWinds hack

Arthur Daily

Mmmm People doing data entry, rekeying in things, and printout distribution, secretaries printing the mornings inbox, and perhaps newspaper clippings - just like the early 80's. What is old is new again. Yet there are so many mis-configured plain old FTS servers running unencrypted...

Pretty sure the S in FISA stands for secret and well, well above that too. As no MS product has true real world secret rating, FISA stayed offline, while courts, nuclear reactors and critical infrastructure had to cut costs by being 'agile'.

Page: