Posts by Arthur Daily 111 publicly visible posts • joined 16 Apr 2015
Exactly. Mostly imported parts, plus branding. They could be made in China cheaper, but various small runs make other country screwdriver operations acceptable, once beancounters have done some financial magic. UK and Ireland, being 15% with deductions, makes this possible. We all know what happened to the Olivetti factory, and I expect some USA factories will head the same way. We know about the recent Rolex and brand name handbag origin fuzzing. R&D in fixing mistakes is important though. So said DJI drones must come with a 5 cent cpu, and consumers see very little wasted or valued added fluff.
IN CS101 an OS was defined as those essential bits to do core OS operations like IO and SVC's. You do not add junk to the OS as this causes unreliability. Extras should run at a minimum and sandboxed level. Windows has taken it to a whole new level , enforcing bloatware and 'purchase nee rental' options and flat out advertising and data/ privacy theft. Its been a while, but once you turn on an iPhone is sends a lot of something to somebody. Anyway this engineer had an exit to scramble such packets and send garbage to whoever.
Western made CPU's are still riddled with security flaws, that are not being systemically fixed for good. Then we have Apple making proprietary memory/drive interfaces in China. If you count single thread performance - Moore's law is no longer. The ASML in a vacuum shrinkage has also about peaked in Taiwan. And Apple has been very clever with its designs, almost peaked, should they choose to correct known security costs. This means China KNOWS Taiwans best is their target, and also knows USA is going to have overcapacity going forward - and discounting now tariffs have upset the markets.
On hold until a reasonable press release - is released.
But lets look at the basics. We are often told 'Generals' who are supposed to be safe hands - are really political climber sorts. If you looks at recent Judges decisions, 'Safe Hands' is becoming toxic, but only because clear conflicts of interest of family or LLC's are rarely fully disclosed. So a Lt may be a better choice. Pretty sure Trump's 'near miss' and NSA holding up the blame allocation process is another factor. One does not know if free and fair elections fall's under NSA responsibilities, but adding 4? million illegal SSN's and a lot voting sure looks shady. Did Trump ask 'Tell me what you know' and got back static? If the NSA bigwigs are conflicted, for Biden directives, and wont spill the beans, it is a fair cop that they have to go.
They did NOT get 99.7%, ever. Have an independent mob validate that number. Demand a refund or ask the question what was the matching fuzz dialed way down to stop false positives/negatives. I have also been to overseas airports, that stopped - when outgoing data was DOWN. Remember data deletion is not the same as data overwrite.
I lived in Australia. Whatever locally run satellite service run was a dud, compared with Starlink - which presently has no peers. (China is working on it). In fires and floods, or mobile towers crap out after 2 hours or so. I believe Canada is big, and outages occur there too, especially 100km from major cities. I get the backlash feeling. But better to impose an EXCISE on digital whatever's. Hey - that is not a tariff, and too bad we do make any. Copy what Thailand does - big on excise, and sneakily exempting narrow ranges that just happen to be produced locally.
Hands up, if you ever had a job, and told if an auditor visited you, to say nothing, and refer him/her to your boss. Hands up if that post-implementation review on a failed project became a 'success' on the departing PM's resume.
Also wanted to say there are ordinary programmers, and ones who before VM's and test environments used trace , breakpoink and single step execution to test out their changes. It can be done, but few system programmers left. I had several decades of -805's when rebinds were not done, or just flat out copied from the last change.
I find it funny when some whine about privacy when most American Banks and state institution's have been hacked, ssn's stolen etc. And the fine for this - probably just a few bucks per individual. Just remember all exposures may not have been reported - there is a lot of cover-ups. A drone over your house gives a pretty good indicator of how you are doing. Your credit rating and dossier is up for sale. cheaply. It will take a lot more digging to expose Delaware LLC identity hiding. Bring on the fractal matching.
The GAO and others were not doing their job. Value for money is one principle, not lowest or only quote. Checking you got what you paid for - is also crucial. National priority, another - not for electoral gain. These nerds are NOT interested in your personal information, and just remember they potentially get to see Trump and Musk's personal details. What they do will be logged - so they go to jail if they blab. So far they are only calling out suspicious or questionable payments. Not misnamed titles where the money landed elsewhere. So far the executives and decision approvers for these projects have not be named and outed. The fun will begin when GAO follows the money looking for kickbacks and personal gain in office (which should be illegal). The real fun will begin when modern data matching engines are turned on, and things like the top 100 lists get spat out.
The real problem will be when data joins (in sql speak) are done across departments, then banking info. Full data matching in other words. One suspects a bunch of nerds will be a far better security risk than outsourced to a big four accounting company - or those previously involved who said nothing.
On the claimed production code change - it should be harmless. Batch transactions should have journal - processed - and exceptions/unprocessed. Flipping a flag or bit should already be in there. Adding a code for say 'Executive Order - Payment under audit review' is perfectly normal. Just a when you try clearing a cheque, the bank says 'Hang on, we are checking on money laundering' as a way to skim a few days interest.
Where are the alert /sentinel records, like Aaron Arrdavark that tip of security instantly. It is a good outcome, but Google and Spamazon already know all this and more. I am just waiting for this humanless AI scanning of resumes to be leaked. Add to this unwanted, non-turn-offable AI scanning of emails.
Android started out as open source, but various parts and changes, and vendors not being allowed to publish drivers meant lockdown and early obsolescence. Recently schools forced google to add and state a support timeline. And now the USA is looking at break-up. The alternative - to open source things as they should be - has not been discussed. I hope the breakup continues, as I suspect back-peddling will not occur.
In Australia, we have an ICT government approved purchasing without a tender contract book. CISCO is in it, and preferred... At the same time our version of Homeland Security says question your vendor's and check that they do the right thing. Only that things like this, do not see then reported or struck off the no-bid list because of gross security incompetence. There is no word if 2FA or other applied to this gaping wound. And why did auditing not pull this one up. How stale was the 'admin tapper' password? Was it changed daily? The only way to force recalcitrant vendors is to kick them off the list for 6-18 months after every severe incident. Nothing like failed sales targets to incentivize them. The same goes for mobile phone engineering software, that allows anyone to listen in.
As a boomer, I do and will never pay for TV. With 19 minutes of ads and fluff per hour, I moved to used DVD's. I also will not be told a 'purchase' is now a 'only rented' then told that platform is now kaput (Sony Ultraviolet). Op-shop DVD's work for me. Sadly, the pre-2000 dvd sets are in short supply. I am content to know most things are gettable, and no need to do anything, but wait for the dvd boxset to go on sale. Also a lot of woke releases and cancelled broken 1st season flops have taught many that there is nothing worth downloading anyway. This decoding thing was always cat and mouse stuff, and the unemployment situation always means top tier engineers can amuse themselves. A huge survey revealed people hate bundling, and would like a 'no fuss' way of paying per view without subscription and compulsory privacy detail theft. Guess the market will sort this out.
Telegram was never secure. The problem with rules and asks is they are not visible. Illegal and or criminal is confused - PC correctness, People taking offence, Parody's or just plain Presidential argy bargy suppressing the opposition. And yes, the UK is an offender with overreach, and the USA is working on qualifying the 1st amendment, and getting web newspaper tiktok stuff banned. The young generation will work it out, and via VPN's and private on top of ISP encryption. Signal is open source, and frequent key rotations on top of a paranoid design are all open source and totally robust. At least until some hardware ME or bad OS decides to exfiltrate private keys secretly. There is no secure phone either. The upshot is the new young generation is no longer swallowing political BS, and the politicians do not like it. Most ISP's since 1990, freely ratted out the worse of the worst, when the vomit nerve was triggered. Here come the Stasi - again. 1939 has been forgotten.
USA has the ICT brains to detect and identify the issue - and stop it. Cybersecurity is supposed to be well funded, but I expect mass produced garbage is never looked at until too late. The usual is make high volume product - buy the cheapest ready rubbed software and ship. Never any money for maintenance, or exposing sourcecode and supplier when EOL is reached. The alternative is uncle sam does several forensic level studies - and releases ALL the findings - and embarrass the sh** out of the maker after making its own patches.
ALL big problems could have been fixed by random public funded audits. And for every mass privacy leak, dishonest companies put out misleading PR speak reports without mentioning history or knowledge. Presently no CEO's performance bonus or share options are on the hook - when the brown stuff flies.
Well, with Foundry, you are all in or all out. And if you join the TSMC club, all product will converge and have little to differentiate. Big CEO's should not be paid for run of the mill incremental improvements, that are not ahead of others (Apple Broadcon). Maybe not AMD as they just keep adding cpus. Were it not for the Chinese trade boycott, Intel's relative position would be even lower. Looks like the days of riding out technical defects for CPU's are going. Apple need not laugh - that MMIO backdoor.
Russia has pushed ELINT to a new frontier. Firstly they are running optic fibre drones - hackproof. Secondly they have Lancet missiles that home in on Traffic Analysis. So those boys doing the pentest - and that is what is really is - may have a 20 quid harm package delivered over their proverbial heads. For both sides, they have these 6+ band jammers with a linear amp, draining the battery pack like crazy. SDR receivers also spot who is using and where (Shades of the old UK TV license vans). In this age, drones mean elite forces have the same odds as a trench grunt being targeted. A really crude analogy is unidentified transmission source, fire an RPG and scoot. The correct use of the military hacking is to catch the Generals and supply clerks lining their own pockets, or tender corruption. Or concentrate DVI hires into the nerd unit who cant aim straight.
Advanced people can run programs to check latency and hops to detect substituted certificates MITM cheating. Which should always be done. Even if you are in the top 20 list of biggest banks. In any case certificates are not trustworthy. Then install your own certificates and re-test. I seem to recall MS and others have a OS hook, to prevent truthful discovery of the certificate (because an employee being watched would be tipped off if he/she enumerated email ACL's and Certificates often enough). MemoryDumps are your friend. Editing a memory dump and planting a RAT signature will get you off the hook. With TPM this is getting harder, but thankfully the lack of old gear not getting TPM security updates allows a smart security contractor to do very well indeed.
The Govt can do nothing. Nor can it stop drug use, crime or even the weather including floods. Damage is an insurance job and having a team to fix unexpected events. In Australia, they added locks and hidden have-to-know magnetic slide bolts onto some manhole covers and an alarm switch, and a camera. Repeat and rinse. Telco's also told big lies because they damaged their own cables. They used gorilla snot foam glue to make pits waterproof (the glue leaked strong acid) eroding copper. They removed nasty lead sheaths and used corn based plastic sheaths that the Rats took a liking to, and pvc instead of teflon covered. They privatized the cable people - so they do not take particular care and got paid many times for callbacks. Since 4G mobile alarms, burglars mostly do not do the cables anymore. Therefore nasty damage must be related to bad service and not listening to nut-jobs that may have an axe to grind. Usually on/near council estates. These penniless deplorable's don't even do jail time if court - and they have no money anyway.
Yes, The US defense dept had a similar trouble - unpatched glue or integration software. The checks and balance should be a competition where pen testers can have a go on test data - and the real results and rewards published.
Get your doctor in on the game. Add some offensive names in Latin that would never fly in any workplace. False or incorrect information in any system ruins it. Add some metadata that points to nasty ransomware. Like OOO (comatose like) or TUBE (Totally Unnecessary Breast Examination), SOB SOB (Silly Old B - Sh in Bed) Newer doctors don't know the old fountain pen age of GP slang. What make TUBE funny, is that no breast exams are unnecessary - one GP found many cancers early, saved lives. O-Sign in bed, mouth open, staring at ceiling. LO for lights out. Ref: https://journalofethics.ama-assn.org/article/derogatory-slang-hospital-setting/2015-02
Manufacturers HIDE repair information. These may be like what chip level parts most commonly fail, or moisture ingress solutions. These secrets they give out to authorized repair dealers and dates back to before CRT TV sets. There is a site called Badcaps or the like that show how simple repairs can be. Once a product is obsoleted, the service manual should go public and bootloader codes or solutions made available. If not keyword search on Electrotanya may work. Loius Rossmann is pushing for this and other things.
One one dishwasher I know of, if the pump is blocked, then manually unblocked, the machine will NEVER work unless some secret serviceman button push combo is entered. Good trick , 100K dishwashers to landfill. Or make the door cable brittle so so many door operations - it breaks the contacts. Or a magnet sensor that fails over time (hot water de-magnifies).
So was he really an engineer - you know member of a professional society BCS, ACS or similar. Most professionals also have professional indemnity insurance.
The bank's security department was asleep, at least contributory negligence. Also least the guy was stupid - he should have darkweb knowledge and planned a 6 month campaign. Now we know the bank is slack and sharing occurs, it may rise up the list of future targets. Slip a deadly embrace into the dev code, or enhance SQL injection. So tell us, who got the sack in HR because passwords were not revoked stat?
Few companies have clean hands, or would not be ashamed of something. Many companies try to charge different prices for the same item is different countries. Like car parts, the prices can verge on blackmail levels. I suggest China will have a good look, so it stops overpaying, and concentrates where the margins are fattest. Airbus is free to employ some researchers to do a deep dive. Some lame countries say it is 'illegal to read this leaked info' on the darkweb or whatever. Another way of gagging investigative journalists. These shocking leaks will continue well into the future, until the ICT area is allowed to apply patches ASAP. One week, two weeks is an eternity and a FAIL. ICT is usually outsourced, and on a budget, and not all vendors email the actual person likely to do the change. And most vendors do not get the BOOT for having tokens in memory unprotected. Try paying your vendors X, and less per >8 CVE, and a formula for patches. I tried looking up .gov evaluated products list, and it was not public. This ensures private companies will be caught with their pants down, and with defective risk plans. Combine this with shadow IT purchases, it is great the govt is supporting blackmailers, and making some security people very rich indeed. Yes, embarrassment is need to get the herd fit.
After their enterprise stuff had at least 5 backdoors, after EAL certification, I assumed CISCO would never never do that again, ever. Boy I was wrong. Now we need to suspect ladder attacks are built in. I pity Apple, as some of the Nxx ladder stuff has been brilliant. The right question to ask CISCO - is HOW did this get past their redoubled QA?
Clouds are supposed to be completely portable and the same. Don't like one - easy , move to another that's cheaper/better. That was how Gartner and the like sold it to CEO's in the early days. Then clouds needed certification levels - with the assumption that they must be OK if they are the mega players. The rot started when they demanded 12 months to five year in advance. Then CEO's thought hey lets create something, and say it is not capex or opex, but leasex. Sorry leasing is recurrent opex, and accounts has a mental in paying opex in advance. In realty, the cons being done now - YOU need a broker because nobody else knows if your deal is value for money. The term UPLIFT - if you live in a country with a weak currency - well you are up the creek. But now as people are hooked, key talent retrenched, it is 'Too hard' to bring it back in house - so they say. Yes, they are now abusing their market power, and should be investigated. Better yet, mandate they may NOT use the cloud, and all entities on them in annual reports list 'Leased Contracted services'.
Thank or Blame HR. Succession planning is not hard. But when you tell greybeards they are rubbish and not wanted - and untrainable.. Many of us COBOL programmers grew up with assembler language as well, so the design of data structures was tight and orderly. In addition overflow and edit checking was standard - everywhere (now optional?). Even IBM sort/merge is nearly a full grown GREP. Growing up, Pascal or ADA was the rage, fully typed too. But hey, strong typing and declarations - was inconvenient for shithouse programmers, Vs many COBOL super-programmers that I knew. Java is rubbish - I can see that RUST or C+ would be just as easy to convert. My sins included COBOL recursion to cover date based business rules in a spreadsheet format some consultancy company decided was good.
You will get my attention when Watson flags recursion and the dreaded interprocess communication layer . I have seen too many Indian conversion projects where transaction file header and footer records get turfed. So what if a CSV file is processed twice, or the is a typo, and some silently not processed at all. Solution: Just pay people what they are worth. And do code walkthroughs with top people.
Getting business working was solved in 1911. It is called import substitution, and a stiff tariff on goods with no local content, or no local approved offset activity. See India, or China before the rush there happened. In 2023 this would be awkward, because cost breakdowns would need to be provided - that that would expose tax evasion. EU will remain a backwater, because only a stick waving will induce change it not visible - nor tax haven attacks. Same for those other search engine monopolies. Only France is getting uppity. As for Taiwan, it is not about GDP per head - it is about cost per chip factory employee, and insurance that if one leaves, there are others. Value for Money, Taiwan and China lead the pack, plus they have a scalability advantage, and no strikes all year round production.
Wrong. 300K is chicken feed for a law firm, They decided to willfully take shortcuts to save money. For HIPPA data , known critical patches not delivered in a month need to be classed as negligence, no ifs or butts. There needs to be a register of shame, naming the actual people with actual responsibility for this intrusion, up there for all to see, as well as all elected directors. Lately there is a trend to appoint security fall guys to wear all blame, but have no say in the budget, nor an automatic emergency reserve. Most go for 2 year contracts, as first year might be a tight budget, and the 2nd year coasting on 'acceptable risk'. The pentests should also be placed online after any breach, so everyone knows slackness was the cause.
In Australia the public libraries collect it, it go's to one central place, then distributed. I think Canada and Sweden do the same thing. So Belarus does the same, only that entity has sanctions against it, preventing the money getting out. If I were designing sanctions, I would say money can flow out, but not in. Probably because China would love that, as its banned from paying for IP.
So there is no stealing, just that sanctions are working as designed. Again, a number of countries sweep unclaimed money into .govt coffers, including Australia. Or Belarus can send some Ukrainian currency bonds as payment.
I am with Elon on this. Codes that have nothing to do with safety or incorporate common sense. The city knows the situation is one of emergency. Pull the plug, leave the city. Not sure if Bentonville for Walmart is still cheap, but North Virginia or Clay City beckon. or Tx. Mature businesses need to ditch over the top expenses, including fancy HQ.
Not all X-rays are the same. What is the radiation dose the operator will get? Remember the big room, and the operators standing behind lead plastic when you go to hospital for a CT scan.
I though the devices were a mild form of backscatter radiation considered safe relative to the flight dose you will get. Maybe that patent cost for detection of nitrogen rich explosives and acetone is the real reason. I though the existing machines were fine , and the only thing here was the cost of software, and the insistence of a USA patent to get approval status, so software fees were unavoidable. Water is a non-problem, as is alcohol. Garnet stones, Women's cosmetics,oil rich food(peanut butter) and fuming nitric acid remain a problem. Do not believe the safety data, because the operator is slower, and some passenger luggage will deflect rays = radiation leakage.
The Philippines has some pretty stiff flight and departure taxes.Everything should have been covered. Philippines has excellent and cheap talent, so there are no excuses for simple foul-ups, or not saying why there was no redundancy. I know generators and UPS's are often falsely blamed, to avoid the real reason. Critical stuff also has power 'conditioners' like big expensive copper coil chokes, and for radar gas overvoltage banks to take a full lightening strike. Thus overvoltage sounds like a false excuse to me. Who signed off on the testing drills? No, this is a cover-up story. I suspect the batteries were never replaced or tested (along with the ups). A bigger than normal blackout happened, and someone unqualified (cheaper to employ you see) bypassed the GPS and power conditioners, did a direct connect, and the local power company on startup - let a surge in, along with 380-520v startup capacitors in every airconditioner and fan in the airport. (380*1.414= peak ac voltage of 518 volts, and if 3 phase) Oh dear! Speculation that the power conditioners were 1) sold off, 2) failed years ago, and just bypassed), that there was no UPS, and the dude* have no 3 phase experience. We look forward to the official report.
IBM SMP/E at least since 1985 kept track of every module and all dependencies used to build their mainframe OS. Change one module, and you could discover which products contained it. Any/patches/zaps/fixes you knew for sure, which products needed automatic fixing across the board. Looks like people are reinventing the wheel. So said, it was a difficult beast to master.
Patents primary purpose is to advance USA inc, because it can never match labor costs. The theory goes as USA was the best of everything, any serious disputes would be settled by cross-patenting for no money, thus other countries had no chance...However China now exceeds USA in quality research papers, and patents, and exposing fake or ever-greened patents. The USA tried the software/closed firmware cost on China route. Meanwhile Taiwan showed it got things right. In all, China will win long term, and overcome the trade landmines placed before it. Do not forget Sanyo, Sony and NEC suffered, LG and some Japanese cos failed, possibly Blackberry when cost of patent included a % of final retail price.
\
OK, China just runs on old servers that are adequate enough, but consumes double the electricity. So China just doubles its energy consumption till it can make something more efficient. ASML and the EU Greens should be livid about sanctions that drive global warming. China should put out a CO2 impact cost report to wave in their faces. In reality this is about economic protectionism and illegal trade subsidies. USA should do what its best at: Apply import duties and taxes to goods made overseas. Why that may even create jobs in the US.
Rather than port and reuse business rules, there is major major no-no's where the lowest bidder for a new system gets to redevelop the lot, and get this, NOT held accountable for not implementing critical rules that were in the old system that worked: aka less is better. Get that early delivery bonus. Over-promise, under deliver. Porting and Conversion is a dirty word.
Bad seasonal weather problems for airlines has been solved for decades. There is no excuse. There is a process called Operations Research or OR. Apparently given billions, SW failed to employ a decent analyst. You can bet there was no cost cutting on the revenue maximization engine that is responsible for jacking up fares. The only possible, just excuse is that the airports changed their software, and the inputs not available to the scheduling software. On the plus side, each worker is GPS tracked, hours worked and available known, if they have a mobile.
Same as 1960 tech, only smaller for those who remember. The main problem is faulty chiplets doing faulty speculation, or just no initializing memory/registers allowing leakages. The public seems to ignore defective cpus. Buslines have noise and crosstalk. If you shrink to 5mn then you are closer - less noise. Apple gets it, and have worked out better compromises with the shrinkage. But nobody seems to remember ICL(Fujitsu) SUN Computer, and DEC, loving fat rich busses.
You can BUY software, and the opportunity to resell it later, unfettered. But only in Germany and Switzerland, where on their Ebay's and the like, you may buy. Even Adobe - who were the last holdout. Germany takes first doctrine seriously, and the fines will be eye-popping for claiming otherwise. After that court loss, Adobe and others put critical bits online only, to get around that. Technically many countries are not charging yearly rental taxes - as they should. But older versions are generally good enough. Secondly, some Nordic countries do not criminalize civil matters, but set damages at actual rates, not imaginary in their dreams blackmail levels. Therefore is is legal to take measures for emergency recovery - such as hacking intrusion/ransomware. Few people know licensing bullshittery slows fast recovery, so in some countries you can remove or defuse software time bombs. Obviously the best solution is to hang on to what you have.
Hopefully the insurance/cyber insurance will not be paying for this. They had history. Apparently security was weak, as was the capability to move to backups. The amazing thing is other like entities are not spending big in fixing things - cheaper to wear downtime. And if you do look at cloud(other peoples infrastructure) you see they get hacked often enough.
Clouds took advantage of
1) Costcentres , costcodes and Project Time Management chargeback
2) Budget theft by OPEX CAPEX interchangeability
3) HOWLS - that something other than Opex/Capex needs to be invented when you sign 5 year leasing deals with MS or the other. Bit rich coming from Finance, Exchequer and banks.
4) Denial. Ask what happens when you don't pay your bills on time. See Turkey, Russia and Ukraine and others in that debt pipeline.
All bluster. What are you going to do, to beat TSMC. Oh I see, this and that, and hope to come in 3rd. Did they say they would be able to at least match TSMC: Nope. I also see speculative execution flaws - do not appear to be fixed yet. The good news is China is free to ramp up its laggard tech and fabs. May the best player win.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
