Yeah, smells like "embrace, extend, ..." of Oracle's bullshit VM policies...
... but I do not expect the usually following "extinguish" in this case, though ...
Posts by EricM
111 posts • joined 2 Sep 2016
The point of containers is they aren't VMs, yet Microsoft licenses SQL Server in containers as if they were VMs
As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother
Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more
Thursday 23rd April 2020 09:50 GMT
This is a textbook example on why to avoid "slippery slope" regulations at all cost
Once the UK agreed to create mass snooping capabilities for use against terrorists, these capabilites created demand in all other departments of government.
You _can_ better assess, direct and punish a population in a number of ways without any privacy laws in the way plus full suveillance. Most citizens of former Eastern Germany know that well from experience...
After all, only a citizen, that is observerd 24/7 is a) a secure citizen and b) a citizen _constantly_confirmed_ to be abiding the law.
While China was doing it openly to supress, in the UK it happened under the disguise (and maybe even intent) to fight terrorism. However, the result, as you will experience, is mostly identical.
Hopefully your example will at least spare some other countries the same fate as they have the opportunuty to learn by example.
I wish you good luck since reversing this situation and prying surveillance powers back from government agencies all over the place will be much more difficult than preventing it happening in the first place...
Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay
Saturday 11th April 2020 12:45 GMT
Re: You are not really familiar with computer security, are you?
Sure you do that - you block all known attack vectors to access the data.
Until someone comes up with a new idea or - as is likely in this case - someone turns an authorized user's computer into a trojan horse that effectively steals the documents.
For encryption at rest:
Many people think that's a silver bullet, however, if continous accessability of the information is part of the requirement (which is true in most cases) you need to distribute the password/private key in some form to the point of access, otherwise even the authorized end user cannot read and work with the data. That's why I tend to view most implementations of encryption at rest somewhat as snake oil. The just make it somewhat harder to extract cleartext data.
Same problem with air-gapping systems.
In this case you need to bring every user of the data behind the air gap. Which excludes such a solution from most real-world scenarios.
Especially in complex distributed development, where optimized sharing of documentation/information is regarded as key to mission success..
Saturday 11th April 2020 07:32 GMT
Re: You are not really familiar with computer security, are you?
> That is part of what I'm talking about - is it a fundamental truth that invisible doors and papier maché walls will exist? If so, why?
Neccesarily. Whatever you need to do in computer security, securing Websites, Web-Apps or simply securing documents inside a company, you need to work with existing (and continually changing) hardware, firmware, drivers, operating systems, network protocol implementations, firewalls, management solutions, etc.
Every component you work with is updated regularly (if you do it right). This means a) known bugs a closed, b) new features are added and c) new bugs are introduced, every single one a potential new door.
On all architecture levels mentioned above - simultanously.
> too much reliance on "somebody else".
Yes, every application you create/run/maintain today sits on a ton of other software you cannot control.
OK, you _could_ try to create a for example document management solution based on your own Hardrware, firmware, drivers OS, own network stack, own firewall code and finally own application.
But you'd need to invest thousands (millions?) of man-years to create and test tons of new new code.
And with an overwhelming probablitity your own code will have many more bugs than the stuff already on the market that has been tested in in thousands of installationson.
So, yeah, relying on somebody else is a problem, but having to code everything up from bare matal yourself would pose a worse problem in terms of security, let alone feasability.
Friday 10th April 2020 22:09 GMT
Re: You are not really familiar with computer security, are you?
> Now imagine the liability if you used that place to store hugely valuable stuff. You would have done your due diligence on the building before using it, and not taken someone else's word for its security. To do otherwise would find you liable for civil and possibly criminal action.
Accept criminal liability for security in a world where invisible doors exist and you cannot tell concrete and cardboard apart?
I'd get a new job immediately, since no amount of due diligence will make sure I have not overlooked one of the invilible doors. Or that no new door will pop up due to changes made by somebody else tomorrow.
Friday 10th April 2020 07:20 GMT
You are not really familiar with computer security, are you?
As a virtual real world example :
Try to secure a building. You use Perimeter controls, fences, secure doors, alarms, etc. Not hard, right?
Now try to imagine to secure a building where fences have holes you cannot see. Where walls have doors you cannot see. Some walls that used to exist forever are gone the next day. Some walls only look like walls when in reality they are just props from a film set. Where people that you cannot control are working on structural changes and who routinely refuse to tell you what they did. Where alarms notice some trespassers while ignoring others. Where you learn one day that while you thought you had the only keys to the building, the company who made the doors was handing out every key to every door they ever made to anyone who asked...
Good luck with that...
Astroboffin gets magnets stuck up his schnozz trying and failing to invent anti-face-touching coronavirus gizmo
Theranos vampire lives on: Owner of failed blood-testing biz's patents sues maker of actual COVID-19-testing kit
Wednesday 18th March 2020 09:34 GMT
0.00 as "reasonable compensation" for suing patent lawyers in this situation is too generous...
On an emotional level I'd like to see the the pitchfork- based responses above implemented, but that's a bit too much 18th century style ...
But what about some 100hrs of community service to make up for the crap they cause?
Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground
Saturday 7th March 2020 09:26 GMT
Problem: Math does not know if you are crook or cop.
Stopping E2E encryption of Whatsapp and Apple - Then what? Criminals/child predators moving to other services, of course. So what will be the next steps?
Will Telcos be forced to provide crackable in-transit encryption (like a backdoored https) in order to "earn" or keep their exemptions?
Will Hosting providers be forced to only provide crackable at-rest encryption in order to earn or keep their exemptions?
As the "law" would just authorize basically *anything* a comission comes up with, this could become a very slippery slope...
Math laws cannot be selectively enforced for citizens and waived for police. Every encryption that becomes crackable/backdoored for police will also become crackable for criminals.
So software and services of US origin will become insecure in a very basic sense of the word.
As a consequence, once this really becomes law, we will probably see the downfall of the great US software empire, as only the EU and Asia will be able to construct secure products.
Campaigners cry foul play as Oracle funds conservative lobby group supporting its court case against Google
Thursday 27th February 2020 21:19 GMT
Re: Who expects honesty and decency from Oracle ?
""Who expects honesty and decency from Google" I would also have agreed."
Agree, and I must say I'm not into this topic for Google. or for honesty and decency for that matter.
But if Oracle wins this case, the whole software industry which, since its inception, always was based on the fact that APIs are not copyrightable, will suffer heavily under lawsuit after lawsuit.
Thursday 27th February 2020 19:49 GMT
"They go after many respected think tanks and call them 'Google shills' while themselves getting money directly from Oracle"
Well, after all, accusing the other side of what you are guilty doing, is, in fact, an as widely used strategy as is buying support from groups that are portrayed as being neutral and interested in "public wellbeing".
A classic comms strategy, albeit dishonest and opportunistic ...
10/10 on the Oracle scale, I' say .
Let's hope the judges see through this ...
World Wide Web's Sir Tim swells his let's-remake-the-internet startup with Bruce Schneier, fellow tech experts
Tuesday 25th February 2020 11:16 GMT
Re: Well, Well, Well...
Yeah,
and based on the fact humanity came up with crap ideas how to use flintstone, fire, the wheel and basically every invention since then this was quite to be expected ...
_Every_ invention that works will also be used for negative goals.
And his invention works perfectly :-)
Oracle staff say Larry Ellison's fundraiser for Trump is against 'company ethics' – Oracle, ethics... what dimension have we fallen into?
Oracle tells Supremes: Fair use? Pah! There's nothing fair about 'Google's copying'
Thursday 13th February 2020 13:49 GMT
"Creative choices", yeah, sure ...
Actually Oracle bought SUNs server biz.
Java was an addition they never knew how to use - until they came up with using it as tactical weapon in court to unfairly attack competitors.
"creative choices" in API naming... can't make that shit up.
The only thing "creative" I see here is the Oracle legal argument....
Beware, Tesla might take away your car's autopilot if you buy its vehicles from third party dealerships – plus more news
Monday 10th February 2020 08:07 GMT
Re: bits of your car not working...
This is more like a traditional car maker breaking into the car you just bought from a dealership and removing a feature ( say, the NAV system or the seat heating ) because " - you - did not pay [the manufacturer] for it" ...
Sounds weird, in case this story really happened that way ...
Just because a "feature" of a car is a configurable software item and not a physically installed item, it still belongs to the car's features that are sold to the first customer who for all I know should be allowed to sell it to a new owner via dealership or directly.
WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral
Monday 3rd February 2020 11:39 GMT
Re: Exactly, attribution is THE problem.
I assume you are aware that Hacking attacks can - and in fact are - also be executed from the soil of the US, UK, Germany, France, etc.
If so, how much of a nail are these countries?
How appropriate would be military action in these cases?
And why should other countries be more of a nail, just because we do not live there?
Nope, thinking about responding to a Virus/Malware with military force is simply stupid.
Monday 3rd February 2020 10:31 GMT
Exactly, attribution is THE problem.
"If the only tool you have is a hammer, every problem looks like a nail" comes to mind ...
Applying military "thinking" to civil problems like computer security is a danger to public security.
Is this just a General trying to appear relevant or NATO trying to do the same?...
In the red corner, Big Red, and in the blue corner... the rest of the tech industry
Thursday 23rd January 2020 13:00 GMT
Re: Not Just Re-Implementing
That's how Oracle tries to muddy the water ...
Oracle basically claims that the hard thought-out and innovative names of functions and parameters, aka "the API" were copied/stolen by Google.
They never claimed the implementation itself was copied/stolen - but they sure as hell make it sound like that to the judges.
Oracle and Google will fight in court over Java AGAIN and this time it's going to the Supremes
Saturday 16th November 2019 14:11 GMT
From the principles it is the exactly same setting.
SCO claimed copyright on kernel API. So despite of a clean-room implementation Linux would have violated copyright.
Oracle claims copyright on API descrption on Java functions, so even clean-room re- implementations of the API would violate copyright.
You are right. No idea who owns the SCO ccopyrights these days, but they will rise in value massively, should Oracle win.
Google: We've achieved quantum supremacy! IBM: Nope. And stop using that word, please
IBM: Why yes, Red Hat is doing great. Thanks for asking. The rest of Big Blue? Sure, wait – someone's at the door...
Thursday 17th October 2019 09:22 GMT
Re: Ginni's cunning plan...
Improbable, as RedHat, just like any other Linux Distro, is pretty replaceable.
Re-training support staff from RHEL to another distro should be completed quickly if need be.
There's just not enough lock-in potential for IBM to get away with big price hikes or changes in the licensing fine print the way Oracle does it.
That said, I like RHEL, the way RedHat behaved as a company and how they were easy to work with.
I hope that will not change under IBM.
But, if it does, we are ready to move...
Tut – you wait a lifetime for an interstellar object then two come at once
Saturday 14th September 2019 07:54 GMT
Space ist -really- big and for the most part depressingly empty
Even at a rate of 2 Million in 2 years there would not be a goot chance of any direct hit with any solar system body, let alone tiny earth ...
However, the night sky view would become spectaclular : Imagine 10.000 active comets when you look up in the dark at night :)
Zapped from the Play store: Another developer gets no sense from Google, appeals to the public
Hong Kong ISPs beg Chinese govt not to impose Great Firewall on them
Thursday 29th August 2019 13:38 GMT
The Chinese Government not used to handling an informed population ...
It's easy to control a population if you completely control the News and all Internet activity - and the chinese government semms to have been gotten dependant on that level of control.
You can manipulate their perception, can blatantly lie to them whenever it suits you and can make them love the heroes of their government and the KP- even though these organizations roughly have the same percentage of corrupt bastards as in every other government.
Together with the social scoring system that enforces citizen's compliance and curbs any critic to zero - even by people you just happen to know - Mainland China has become a full-fledged police- and surveillance state that basically knows what people think and punishes them for thinking the "wrong" things or holding "wrong" opinions.
It must feel really alien to the chinese KP to not have that level of manipulation and control over Hong-Kong's population.
Must be like driving a bycicle hands-free.
Biz forked out $115k to tout 'Time AI' crypto at Black Hat. Now it sues organizers because hackers heckled it
Monday 26th August 2019 09:49 GMT
Re: Openly and fairly...
Judging just by the video linked in this article, I think it's perfectly open an fair to call bullshit on this "solution".
In fact, if the presentation maintained only about half the fantasy level of the video , I'm surprised they were even able to finish the presentation ...
Both, hackers and engineers, are not known to tolearate fantasy marketing very well.
Leaked EU doc plots €100bn fund to protect European firms against international tech giants
Friday 23rd August 2019 13:50 GMT
Re: What makes the EU think they can do better than the VCs?
Probably the fact that all VC money is currently spent on "doing XXX with blockchain/KI/Deep Learning" and more general on startups that promise to gather, use and sell sensitive customer data as recklessly as the current market leaders?
Donald Trump blinks in his one-man trade war with China: US govt stalls import tariff hike on Chinese phones, laptops, electronics
Wednesday 14th August 2019 08:16 GMT
Re: "I saved the Christmas!!!"
And that is also the reason why existing or announced tarriffs will not lead to significant relocations of production capacity.
These relocations need several months to several years to be planned & executed. Several more years in stable economic situations to pay for themselves.
And that stability can not be expected from the US government.
Either Trump tries raising taxes permanently, tanks the US economy and loses the next election or he will soon drop the new taxes in response a a probably meaningless "fantastic deal" he will pretend to have reached with the Chinese.
In neither case these tarriffs will last anywhere long enough to justify any long-term relocation of production capacity back to the US.
Neuroscientist used brainhack. It's super effective! Oh, and disturbingly easy
Wednesday 7th August 2019 12:32 GMT
Yep: Think Otherland instead of Ringworld
OK, the Ringworld reference was quite obvious from the Rat's "optimization" of behavior.
However, maybe Tad Williams' novel "Otherland" might offer a not quite so frightening scenario on how to use/abuse such tech, if it should become available and really reach that level of tactile and visual sensoric input.
Court drama: Did Oracle bully its customers into the cloud? Nine insiders to blow the whistle
Thursday 6th June 2019 10:54 GMT
That's because Oracle licensing IS meant as a trap ...
To be fair to your DBAs: The licensing traps like D&T, AWS, hot/cold standbys, SAN replcation, etc. are carefully avoided in technical DBA trainings and even experienced DBAs I work with are often fully ignorant of the licensing status of their installations, if they work in a puerly technical capacity.
Even Oracle sales staff will not allways produce correct answers when calculating the number of licenses for a given, even slightly complex, setup...
Especially if it involves Cloud components other than Oracle's legacy stuff ...
This, let's call it 'situation', opens up a nice huge attack surface for the other Oracle sales staff (auditors) to ram new products and services into existing victims/customers.
So this licensing complexity problem with Oracle products does not seem to have happened purely by accident.
It seems to be a carfully designed strategic sales tool of the worse kind.
Oracle co-honcho Mark Hurd can't wait to turn your $1 of IT support spend into $4 of pay-as-you-go cloud revenue
President Trump sits down with Twitter boss for crunch talks: Why am I losing followers?
New UK counter-terror laws come into force today – watch those clicks, people. You see, terrorist propag... NOOO! Alexa ignore us!
Friday 12th April 2019 15:28 GMT 
What are they trying to prevent - instant brainwash?
Is such law based on the assumption that terrorist propaganda, in a way, _creates_ more terrorists? So that a normal, law-abiding citizen just reads through some BS posted online and thinks: "Hey, killing people and using $DEITY or $IDEOLOGY as a pretense might be a great idea after all"?
Is it instant brainwash that should be prevented by this law?
Looks like someone watched too much Sci-Fi...
This is an interesting interpretation of "free will" and free speak that seems to form the rationale of this law.
Also note that the definition of what might be regarded as terror OR propaganda is rather foggy ...
Huawei savaged by Brit code review board over pisspoor dev practices
Oracle asks Supremes to snub Google's Java API copyright protest – and have a nice cuppa tea, instead
Thursday 28th March 2019 10:38 GMT 
If Oracle wins, expect the SCO-vs-Linux case to rear its ugly head again ...
After all, SCO also claimed copyright violations that centered around the header files of kernel functions.
So Google using the API defintions of Java to cleanly re-implement the bodies of internal Java functions ist to me ( programmer, not lawyer) exactly the same.
As Red Hat prepares to become part of Big Blue, its financials look as solid as Linux kernel 2.4
Wednesday 27th March 2019 05:58 GMT
Wise move financially? Perhaps. Culturally? Nope ....
The culture you need to maintain to retain staff in a company that is actively developing on the bleeding edge of IT and the culture of IBM ( or any on of the remaining IT dinosaurs) are two very different things.
Let's see what happens to RedHat's innovative drive - and revenue - once the standard IBM management techniques regarding (or better: disregarding) their human ressources kicks in.
This ain't AI, it's a goddamn arms race – but US shouldn't get too heated, Congressman warns
Two in five 'AI startups' essentially have no AI, mega-survey of nearly 3,000 upstarts finds
Age checks for online pr0n? I've never heard of it but it sounds like a good idea – survey
Thursday 28th February 2019 15:50 GMT
Re: Age check = ID
The one sensible idea in this whole mess is having a third-party do the actual identity validation completely independently from anything else. They are then able to provide some sort of verification token to any site that asks for it, presumably based on some sort of username/password you provide,
Yep, but providing uid/pw to a second or third party also reveals your identity to that party.
The possible promise of said third party to immediatly forget your identity after the queston does not count.
The biggest uptick in demand for software devs by bosses is for... *rubs eyes* blockchain engineers?!?
Moneybags Buffett on ditching Oracle stake: I don't think I understand where the cloud is going
Tuesday 26th February 2019 14:09 GMT
He doesn't understand "cloud" - well, neither does Oracle ...
Oracle still thinks it is becoming a cloud vendor, while in reality they are a tool vendor with a hardware compartment and identity problems ...
Cloud is the reason they they are losing territory due to detoriating tool quality and byzantine licensing terms & conditions in non-cloud and foreign-cloud environments .
It's a good thing Mr Buffet admits to himself he does not really understand the market and draws the correct consequences.
That is exactly the way Oracle is not acting.
Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints
You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you
Smaller tech firms just aren't ready for a no-deal Brexit, MPs told
Thursday 31st January 2019 12:28 GMT
Re: Taking Back Control!
yeah, true.
UK government takes back contol, but - based on what I see in the live stream from british parliarment- doesn't know how or where to drive the country any longer.
Without a deal EU companies are no longer automatically allowed to host data and services in the UK starting April 2019.
Likewise, UK IT staff is no longer automatically allowed to work remotely on EU data.
Hosting data/apps in the UK will be comparable to hosting them in the US or in northern Africa - regulation-wise. The potential legal problems will be enough for most companies to re-locate data and services inside the EU and staff it purely with EU citizens.
I guess there's not much individual businesses can do to prepare for that scanario. They will simply be excluded from what is currently a sizeable portion of their market.
