* Posts by Maelstorm

368 posts • joined 14 Jun 2015

Page:

Election security fears doused with reality: Top officials say Nov 3 'was the most secure in American history.' The end

This post has been deleted by a moderator

Maelstorm Bronze badge
Thumb Down

[ Moderator's note -- this comment has been deleted for election misinformation. There is no evidence of votes were changed systematically. See this AP fact check for more information.

Also, please report any comments containing misinformation, thanks ]

China compromised F-35 subcontractor and forced expensive software system rewrite, academic tells MPs

Maelstorm Bronze badge

Re: Now I read

Depends on what the payload is. If the UAV is packed to the max with explosives, then what you have on your hands is a manually guided missile capable of taking out a ship, SAM launch site, or any other high value military target. Considering that UAVs don't have human pilots on board, they can push high-G turns up to the limit of the airframe. Imagine one of these flying bombs flying into the open hanger of an aircraft carrier and detonating inside.

HP: That print-free-for-life deal we promised you? Well, now it's pay-per-month to continue using your printer ink

Maelstorm Bronze badge
Pint

Re: How the mighty has fallen

Well, like a murder of crows, a group of weasels has several name: boogle, confusion, gang, or pack. HP has gone the way of the weasel, nothing left but confusion. I tip my hat off to Scott Adams and his Dilbert comic strip: "The Way of the Weasel" was one of the books that he published in the Dilbert series.

Maelstorm Bronze badge
Terminator

Re: HP: That print-free-for-life deal

LOL

At least it wasn't known as Terminator 2: Printer Day.

Maelstorm Bronze badge

Re: HP striving to become every bit as likeable as Oracle.

About that. What if you are only printing text? Does it still complain? I'm not going to burn through photo paper when I can use regular copy paper to print reports, documents, etc....

Maelstorm Bronze badge

I have a Samsung laser printer that has true Postscript. It's B/W only, but when that thing gets warmed up, it spits out 30 ppm.

Maelstorm Bronze badge

Re: I envision the (class action) lawsuits being filed by the hundreds if not thousands

Small claims court. Here in the U.S., lawyers are not allowed in small claims court. Which means they probably won't even show up. If you can prove that they were served, then they have a court judgement against them. If everyone who was burned by this does it, it may make them rethink their position.

Zoom strong-armed by US watchdog to beef up security after boasting of end-to-end encryption that didn't exist

Maelstorm Bronze badge

Re: End-to-end?

In E2EE communications, the public key crypto is only used to send the actual crypto key to the other end. In a video conference, I imagine that the key is generated on the host's system. Then as each participant joins, they are provided the key using the usual key exchange mechanism. To control bandwidth consumption as each client joins in, the server would probably instruct the clients to use a lower quality video feed because it would be impossible for the server to transcode the video in realtime for each client's camera.

UK tax dept's IT savings created 'significant risk', technical debt as it faces difficult conversation with Chancellor

Maelstorm Bronze badge

Re: Defer (or cost-cut) regular Tech Refresh at your peril!

Another way to look at it is this: IT investments are just that, investments. Those investments are usually capital expenditures. When the investment stops bringing value to the business, then it's time to upgrade. One metric is to keep track of failures and cost of replacement (parts, systems, etc...). The moment that starts curving upwards could be a trigger for a new round of investment in IT infrastructure. That's assuming that everyone does their job properly, which we all know doesn't always happen.

Maelstorm Bronze badge

Re: What counts

That's unusual. My sister is an accountant, and she takes her job *very* seriously. That job being to shrink the distance between the top line and the bottom line by as much as possible using any means necessary. I have come to discover that is the common mindset of most bean counters. Although there are exceptions as your case demonstrates.

Maelstorm Bronze badge

Re: Misuse of English

I kind of have to agree with you since "technical debt" is a software development term. But what I'm thinking of is that they are applying the concept of it to IT in general, which does make sense when you think about it. Not exactly equivalent, but it does get the point across.

Maelstorm Bronze badge

Re: Fast, Cheap, Good: peek two.

you can't have at the same time the butter, the money for the butter and the creamer lady's arse

I haven't heard that one, but then again, I'm not French. Anyways, In that situation, if you are a good charmer, you just might be able to have all three if you bring the first two.

Maelstorm Bronze badge

Re: Killing maintenance budgets

The problem is that "Just In Time" usually isn't. Especially when there are supply chain disruptions due to unforeseen issues like COVID-19. Then if your kit comes from China, you might be waiting a month for it. A solution would be to migrate to the cloud, but that has a variety of it's own problems.

Maelstorm Bronze badge

Re: SDLC?

Sounds like you have some experience dealing with that as well.

Maelstorm Bronze badge

Re: A new Child Benefit IT system to replace the existing one

Yeah, it's called the red-headed stepchild here in America.

Maelstorm Bronze badge

SDLC?

Technical debt in IT? Deferred maintenance and upgrades? For hardware maintenance, the cases need to be popped open for cleaning out the dust and what have you, hard drives need periodic defragging. This is not including replacing parts that fail. Software maintenance includes running backups, applying patches for security and bug fixes. The SDLC for government systems can be measured in decades, and is usually part of waterfall methodology. That's government thinking for you. Mission critical systems, such as the systems that handles the collection of taxes and then doles it out to the different agencies as part of their capital budget, you cannot accrue technical debt in the maintenance of those systems. You might be able to do it for awhile and get away with it, but when something fails, you got the PHB running around with his two tuffs of hair on fire.

At some point, you have to upgrade the hardware. The two most replaced items in the box due to failure (in my experience) are hard drives and power supplies. Other components such as memory do fail, but it's rare. Video cards are another item that fails, but those are seldom. Backup tapes are another thing that needs regular replacement. The budget for failed components should be factored in to the total cost of ownership, but it rarely is. How many of you work or have worked in shops where they maintain an inventory of spare parts? I've worked in a few, but when budget cuts roll down the hill, that's the first victim. When the inventory is depleted, then chaos ensues because a system is dead for several days because the parts are on order, if they are available at all. There was one IT department where the budget was so tight, the management asked the IT folks to buy replacement parts out of their own paychecks and file for reimbursement because it was faster than waiting for official channels.

In corporate America, management types get promoted to their level of incompetence. This is especially true in government. It's good to know that this seems to be the standard everywhere.

You can forget your fancy ERP customisations because that's not how it works in the cloud, SAP's Oliver Betz tells users

Maelstorm Bronze badge

What if the customer's won't migrate? What are they going to do then? AFAIK, they cannot force the customer to migrate from their own hardware to the cloud. I agree that the cloud's greatest strength is that you don't need to host applications on premise...but that's also it's greatest weakness. What if there's an internet outage, or the cloud goes down? At least with on-premise servers, you can still get work done. Case in point: Microsoft Office 360. They have had a couple of high profile outages in recent weeks.

Then there's the security issues as well. If something get's put in the cloud, there is no guarantee that it will be secured. Look at all the reports of unsecured databases being discovered in the cloud. Then there is another exploit source: SAP themselves. If people think that SAP won't look at the customizations that their clients have made, think again. They will look at each one, evaluate it, and then incorporate it into their offerings to make money on your code. Furthermore, you will be prohibited from using your own customizations once it conflicts with an offering. I haven't checked, but I'm quite sure there is a clause in the license that allows them to do this.

SAP is an example of a company that has really outlived their usefulness and has become a money pit of software vendors. It's throwing good money after bad. No amount of cash is going to fix the inherent problems with their software either. After a certain point, you will have to cut your losses and run far away.

Let's Encrypt warns about a third of Android devices will from next year stumble over sites that use its certs

Maelstorm Bronze badge

Re: Counter intuitive?

Don't forget text messaging. I like to play games on mine. I use the Google Voice Assistant quite a bit to look things up.

Tech support scammer dialed random number and Australian Police’s cybercrime squad answered

Maelstorm Bronze badge
Devil

Re: I love these scammers

I did one with a virtual machine that was running Windows XP. I had a folder called banking and inside it was a file called confidential_banking_stuff.doc.exe. Of course I changed the icon in the exe file to look like a MS Word doc, and I turned off show extensions for known file types. Needless to say, he saw that, downloaded it, and opened it. Next thing that I heard was a lot of swearing as all the computers on his network crashed because he now has WannaCry ransomware.

Maelstorm Bronze badge

Re: Can you got to your windows computer ...

Being a former wireline telco employee who worked on the switching equipment, I can tell you for a fact that it is still like that here in the USA. Many people still have landlines. If YOU receive the call, and you hang up but the caller doesn't, then it takes up to 36 seconds for the call path to be torn down in the switch. If you are the caller and you hang up, then the call disconnects after 2 seconds. Why the delay? Flash signalling. The flash signal is a hangup that is between 300ms and 900ms long. Most flash buttons on phone are programmed to hangup for 600ms or so.

Google Project Zero to GitHub: You've had 104 days to sort out injection vuln – now we're telling world-plus-dog

Maelstorm Bronze badge

Three times and you're out...

This is the third time they pulled this crap. I'm not familiar with the feature they are talking about, but since this is GitHub, I'm assuming that it's the online component. Maybe GitHub needs more time to sort it out. Google are just being dicks, like usual. What happened to their mantra "Don't be evil." ???

H2? Oh! New water-splitting technique pushes progress of green hydrogen

Maelstorm Bronze badge

I thought they fixed that issue by using activated charcoal made from chicken feathers. The AC absorbs the Hydrogen like a sponge when under pressure, but it releases it when pressure is reduced. There's another issue with Hydrogen regarding storage too. Because Hydrogen will migrate through steel, you have a phenomenon that makes steel very brittle.

CERT/CC: 'Sensational' bug names spark fear, hype – so we'll give flaws our own labels... like Suggestive Bunny

Maelstorm Bronze badge

Maybe CERT should take a clue from the military which uses codewords to obfuscate operations, places, people, and things. They are masters of it.

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers

Maelstorm Bronze badge
Flame

Really?

Really Google? This is the second time that you guys pulled this: Disclosing a zero-day with no patch available. However, I think we can mitigate it by removing the driver in question. However, I don't know what that will break. My question is how do they know it's being exploited in the wild if it's a local exploit? Did they see malware using it to gain kernel level access? Or is Google pissed off because they are now under the Sherman Act microscope? Convenient excuse.

Microsoft to rethink crash-prone Visual Studio extension model, shift towards cloud

Maelstorm Bronze badge

That will escalate quickly...

IDE plugin development in the cloud? Who the fuck thought that was a good idea? That a really good way to have your crown jewels stolen. Microsoft has already proven that they are incompetent with their Office 360 crap (And yes, it's crap.) And if the IDE goes into the cloud (we all know it eventually will), then when the cloud goes down, not only can you not get your email or work on documentation, but you won't be able to get any code work done either.

The cloud...a bad idea that just keeps getting worse.

Maelstorm Bronze badge
Devil

Some of my colleges just need to stop flapping period and actually use their keyboards for once instead of that 'flute.'

After figuring out that hope is not a strategy, SAP has a new one: We're gonna shift on-prem customers to the cloud!

Maelstorm Bronze badge

Re: The percieved impact on the european markets is interesting

I'm waiting for MySQL to be added to that list since Big Red took them over.

Maelstorm Bronze badge

Re: Security and cost

And you hit the nail on the head. Hosting your own environment is way cheaper than hosting it on the cloud. Hardware is a one time investment (barring failures and part replacements), you still need to pay for internet connectivity, you still pay for software licensing fees for your software. The added expense is the operating system (usually a one time cost unless you opt for a support contract), electricity to run the server, backups, and a few bodies to make sure the server is running well and run patches into it.

Most medium to large businesses have their own IT staff anyways. Looking at the TOC vs ROI between the cloud and hosting it yourself, the long term is that hosting it yourself is cheaper. Not only that, it's generally considered to be more secure. Just look at how many 'open' databases have been found on the internet with confidential data for the taking.

Granted, when you go cloud, you are paying for the administration of the physical server itself, not the virtual image that's running on it. But you would pay that cost anyways hosting it yourself.

Maelstorm Bronze badge

Re: Security and cost

Um...sorry, wrong answer. The security personnel are only there to make sure the hardware is secure from unauthorized physical access and to make sure that the base operating system of the server is secure. They are not going to work to keep YOUR application secure. That's on YOU, your software development team, and your vendor.

Maelstorm Bronze badge

Re: It's called DevOps and Agile...

It will just be added to the backlog. The never ending list of things to do.

Maelstorm Bronze badge

Re: Changed days, straitened ways ..... for old means engaging new memes.

I think the bot is getting better, but there's some anomalous grammar issues. Besides, Myth Busters proved that you can polish a turd. They did it on the show.

https://go.discovery.com/tv-shows/mythbusters/videos/the-buster-awards-polished-poop

Software engineer leaked UK missile system secrets and refused to hand cops his passwords, Old Bailey told

Maelstorm Bronze badge
Thumb Up

Upvote for the XKCD reference. FYI, I've seen that one before.

Maelstorm Bronze badge
Big Brother

Here in the U.S., forcing someone to reveal their password has been hit and miss. Every case that I'm aware of centers around the government's argument of 'forgone conclusion.' In either case, here in the US or across the pond in the UK, I find it mindboggling that the government can force someone to produce the contents of one's mind. After all, we supposedly have the right to silence.

But then again, 'Rubber Hose Cryptanalysis' is a thing.

Take a length of rubber hose. Apply it forcefully and repeatedly to the feet of the subject until he/she gives up the password.

NSA: We've learned our lesson after foreign spies used one of our crypto backdoors – but we can't say how exactly

Maelstorm Bronze badge
Black Helicopters

Re: the NSA now claims it can't find the file.

Home routers are crap. But it's not in my router. My router is a full computer locked down so tight, Kim Jong Un would be proud.

Maelstorm Bronze badge
Pint

LOL. Have a pint on me.

Flash haters, rejoice! Microsoft releases tool to let you nuke Adobe's security horror before support ends

Maelstorm Bronze badge
Coat

SWF for Single White Female?

It almost sounds like a ploy on a dating site. In all seriousness though, it stands to reason that something will break. It always does. The question is can one live without the program that broke? Developers have had 3 years to update their code to a different environment. The plus side is no more flash based security bugs and cookies to track you everywhere you go. On the down side, people's flash based porn collection will go into the bit bucket. And with that, I'll grab my coat and exit, stage right.

Facebook tells academics to stop monitoring its political ads for any rule-breaking.... on privacy grounds

Maelstorm Bronze badge
Big Brother

Pot, meet Kettle.

So Facebook is trying to shutdown an academic research project that has found wide violations of stated policy? It sounds like they don't want that getting out. I hope they do make it public.

Facebook threating NYU because they uncovered unethical behavior at FB is like the SS threating the U.S if they don't burn the newsreels showing the SS's "ethics" at Auschwitz.

Oculus owners told not only to get Facebook accounts, purchases will be wiped if they ever leave social network

Maelstorm Bronze badge
Mushroom

Embrace, Extend, Extinguish?

If Facebook is trying to kill the Oculus, this is a great way to do it. Just piss off not only your existing customers, but all your new customers to. This is like the French threating to cut off the middle finger of British archers, but got defeated instead. The archers showed the one-finger salute yelling "We can still pluck yew!" The modified form is what everyone should be yelling at Facebook as their ass is dragged into court for bait and switch.

Your IT department should behave like a jellyfish, says Gartner

Maelstorm Bronze badge

Or ruin someone's whole world... After all, the article picture is a depiction of Cthulhu.

Usually, it's some incompetent PHB that ruins people's weekends. Dilbert to the rescue, again.

Ed Snowden doesn’t need to worry about being turfed out of Russia any more

Maelstorm Bronze badge

Re: If he needs a place to stay...

I was trolling the post. Besides, I'm not sure what Uncle Sam wants for him. But I can tell you that it's not pleasant for Snowden. Besides, even with the trolling icon...hard room.

Maelstorm Bronze badge
Trollface

If he needs a place to stay...

If he needs a place to stay during those cold Russian winters, I'm sure the U.S. Government will be happy to give him room and board, and three square meals a day for the next 30 years.

Google screwed rivals to protect monopoly, says Uncle Sam in antitrust lawsuit: We go inside the Sherman parked on a Silicon Valley lawn

Maelstorm Bronze badge

Re: FFS ..... Goose meets Gander and Both go on a Mindbender

Ok, either the bot suddenly passed the Turing Test, or a human wrote the above post. I think you are running an experiment in machine learning. I have to say you're getting better at it, but you still have a ways to go.

Maelstorm Bronze badge

Re: FFS ..... Goose meets Gander and Both go on a Mindbender

LOL LOL LOL I think the bot nailed it there. Whoever is coding it is getting better.

Boeing puts Loyal Wingman robot fighter jet through its paces... on the ground

Maelstorm Bronze badge
Trollface

Re: Stealth

Damn you. You beat me to it. You got the movie, but I got the EDI: Extreme Deep Intruder.

Down the Swanny: '2020 has been the most challenging year in my career' says Intel CEO as profit plunges 30%

Maelstorm Bronze badge

Over the last few years, Intel has been beset by one disaster after another. Intel just sat on their laurels while AMD caught them with their pants down. So just like the story of the tortoise and the hare, the hare found out that slow and steady wins the race. In this case, Intel is the hare and AMD is the tortoise. A lot of their current woes is from current events. But let's not forget that Meltdown bug a few years ago. The reason why people are moving to AMD (yes, I'm one of them) is because we do not trust Intel. We do not trust the quality or the security of their products. I was one of those who got burned by them. As Scotty once said "Fool me once, shame on you. Fool me twice, shame on me."

Is it Iran or Russia's hackers we need to worry about? The Russians, definitely the Russians, says US intelligence

Maelstorm Bronze badge
Coat

Here's something you may not know.

Here's the thing. Russia interfered in our elections during the 2016 presidential campaign because of Hillary. Yes, I am blaming Hillary Rodham Clinton for Russians interfering in a presidential election.

Why?

That's a good question. It's because Putin flat out hates Hillary. When Hillary was Secretary of State during the Obama administration, she ran a covert operation, in Russia, that interfered with Putin's reelection campaign. So yes, payback is a bitch. This is why I think we should let it go and call it even. Now if they interfere in the upcoming elections, then by all means make them answer for it. What form that would take, I have no idea.

Comcast’s president of tech falls offline while boasting about how great cable is for connectivity

Maelstorm Bronze badge
Devil

This story reminds me of another one that is sorta related in the software world. Here in the U.S., we used to have a publication called Computer Shopper. It was this 2 inch thick magazine, free, that was full of ads for computer stuff. Now, the publishers of WordPerfect (anyone remember that one?) took out a full page advert for their just released WordPerfect 6. On the facing page, was one of the few articles in the magazine. The headline read in 32pt font "Bugs Haunt WordPerfect 6." Now maybe it's just me, but after seeing that, I always thought someone at Computer Shopper had it in for WordPerfect.

Samsung aims boot at Apple's decision not to bundle a charger in with the iPhone 12, foot ends up in mouth

Maelstorm Bronze badge
Joke

Hmmm...

I'm for dis-ARMing Apple.

Software billionaire accused of hiding $2bn in income from IRS – potentially the largest tax scam in US history

Maelstorm Bronze badge

Wow...

I've never heard of this guy, but how stupid can you be? IRS investigators are very efficient and thorough. Many have been busted for using tax shelters. As for the paper being tracible, I doubt it. Inkjet printers use yellow ink while laser printers use microdots.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021