* Posts by Old Coot

34 posts • joined 16 Oct 2017

Detailed: How Russian government's Fancy Bear UEFI rootkit sneaks onto Windows PCs

Old Coot

Re: If Russian government ws able to pull this

Haha, good one. The russkys are like script kiddies compared to the NSA.

Next up: China waiting to bat

Identity stolen because of the Marriott breach? Come and claim your new passport

Old Coot

Re: Hotel-chain turned data faucet Marriott

This isn't/wasn't an admin problem, this is/was a security officer problem. And the responsibility should be with a C-level security officer.

They're not likely to worry about a fine if they're not worried about a breach (likely to be far most costly). Either way, they'll look to blame it on the person with the least clout (think Breaker Morant, or Lt. Calley).

It relates to the difference between formal and efficient causes, or something like that.

This is why I abandoned the DBA game after 10 years. If something goes wrong you're always the guy next to the machine, who with hindsight could have done something differently. What will not be taken into consideration is that your recommended, best-practice measures were not taken in order to save a few currency units. In my case, it was things like re-using backup tapes more times than recommended, or running versions of the database that were no longer supported ("we can't leave this one because our app vendor went out of business before migrating the app to the current version").

The C-level security person is usually a permanent employee (can't be fired without a court case, at least not in Belgium) with little technical knowledge. He or she relays the cost-cutting dictates to you and (hopefully) your warnings back to the C-suite. The C-suite claims credit for the lower costs, but not for any consequences this entails. To be fair, you can't tell the C-suite what the probability of an incident is, or the likely impact; it's not a game of dice, with a known set of possible outcomes.

What I've been seeing is that, for freelancers at least, there's a push to make us accept unlimited liability for anything that happens. I recently turned down a good offer because the agency's contract contained many clauses like this: "The contractor will be liable for any data breach". No qualifiers saying that it had to be my fault or even to have happened while I was there. They want to make you liable, but how much do they think they'll get from someone who's poor enough to be working for a living? The strategy seems to be to push off liability to someone else.

The deeper problem is in the technology itself: a small mistake or oversight can have consequences that are wildly out of proportion to the negligence involved. Even perfect best practice is no guarantee against total disaster (breach, data destruction). It's not only IT: think nuclear energy, genetic manipulation, bio-weapon development, ...)

The problem for most of the people who read this site is how to avoid situations where this looks like a real possibility. In my experience, you can usually smell such projects after a week or two. Sometimes you can even smell it at the interview.

China tells Trump to use a Huawei phone to avoid eavesdroppers

Old Coot

Re: Imagine what he'd say if Hillary had done this?

They're trolling Trump, just as he does to all and sundry.

Turnabout is fair play, they say.

Old Coot

Re: Where he tweets from?

What? A politician who's holding a high office in the US lying?

Almost as incredible as a politician who doesn't try to keep his campaign promises.

Oh, wait...

Russian rocket goes BOOM again – this time with a crew on it

Old Coot

Re: Oops.

At least the Russkys can build something that mostly works.

So the West, with all its tech marvels, has to rely on the Russians? How is this not a disgrace for the US, EU, Japan, etc.?

Oracle? On my server? I must have been hacked! *Penny drops* Oh sh-

Old Coot

Re: Hacker installed Oracle and then dobbed you in for the reward money

Would that go under cybervandalism or ransom attack?

AI trained to sniff out fake news online may itself be fake news: Bot has mixed results in classifying legit titles

Old Coot

It's turtles all the way down, with fake news tags being potentially fake.

Doug Hofstadter could relate.

Databricks pushes machine learning on easy mode: Rock star data scientist, meet sweaty engineer

Old Coot

Re: Don't employ a rock star data scientist

That reminds me of a story that Richard Feynman tells (in one of his books) about working on the A-bomb project. He was 22, fresh out of physics grad school, working with a lot of famous older scientists, among them Niels Bohr. Bohr didn't like Feynman, but wanted Feynman to be present at all his meetings, simply because Feynman was such a smart-alec that he would say so when he thought something was bad idea, or wouldn't work. (The other scientists were too intimidated by Bohr's reputation, and afraid of looking stupid.)

In other words, Bohr was the 'rock star' physicist on the program, and most people believed what he said because of his formidable reputation and achievements, But Bohr knew that he could still be wrong, even overlook something.

So it is for the rock-star anything, even a legtimately gifted one. (Go back and listen to all the Beatles' albums; even they wrote some forgettable songs.)

Mega-bites of code: Python snakes into 1st place for cyber-attacks

Old Coot

Re: So, is this a surprise?

Upvote for mentioning APL (them wuz the days!).

Only problem with APL, is that, unlike Fortran, you need the interpreter to be present on the victim's system. Python is now included on pretty much every 'nix system, even necessary for certain functions (e.g., Ubuntu software center). Only a few other languages (shell, Perl, Ruby(?)) will have such an extensive installed base.

Oracle pours a mug o' Java 11 for its addicts, tips pot of Binary Code License down the sink

Old Coot

This was always in the cards

I hate to say it, but this was predictable from the moment that Oracle acquired Java. Unlike Sun, Oracle gives nothing away.

The surprise is that it took them 10 years to spring the trap; I suppose they wanted as many projects as possible to wander in. But the rate of in-wandering seems to have hit an inflection point.

My own experience is that Java is now moving to legacy status (like the Oracle RDBMS); lots of installations, but declining take-up by new projects. Thus, a logical time to demand fees.

Stunning infosec tips from Uncle Sam, furries exposed, Chase bank web leak, and more

Old Coot

Re: Perhaps someone needs to read the 2018 SEC guidance a bit closer...

Maybe it's like the smith's fingerprint as a sign of handmade silverware. If they had a bot write that article, there would have been fewer errors, or maybe a different type of error.

Old Coot

belling the bat

Maybe not a typo. A bell around a bat's neck would interfere with its echolocation.

Mueller bombshell: 13 Russian 'troll factory' staffers charged with allegedly meddling in US presidential election

Old Coot

Re: Is lies! Lies! All lies!

I see, so it's always Russia. Tsars, Soviets, Russian Republic, doesn't matter; it's all the same thing.

(Like France: Bourbons, Jacobins, Napolean, Bourbons (again), plus one more monarchy, an Empire, and 4 more republics, it's always just France, unchanging.)

Don't worry, such things could never happen here.

Old Coot

One example

One of the lies these perps spread was that Hillary was somehow involved in the destruction of Libya, leading to millions killed or displaced, and a return of slavery in that country (now failed state). Can you imagine a more heinous lie?

Due to Oracle being Oracle, Eclipse holds poll to rename Java EE (No, it won't be Java McJava Face)

Old Coot

HaL -- Happy as Larry

I mean, if he ain't happy now, then when's he gonna be?

Nunes FBI memo: Yep, it's every bit as terrible as you imagined

Old Coot

"He put his own personal goals ahead of the country's."

Your statement implies that such goals exist and are self-evident. What are those goals, exactly? How did you find out? Maybe you have some links?"

The author also implies that the FBI acted within its rights. Suppose that the tax authorities ignored one party's candidates and did everything in their power to scrutinize the other party. That what's at issue here, not another click-bait Trump article with no connection to computers or technology.

Unlocked: The hidden love note on the grave of America's first crypto power-couple

Old Coot

Edgar Allan Poe

Wrote a story called "The Goldbug", featuring an encoded pirate treasure map that has to be decoded if the treasure is to be found. I'll say no more; it's a fun story.

Friedman read this story as a child and got interested in ciphers.


H-1B visa hopefuls, green card holders are feeling the wrath of 'America first' Trump

Old Coot

Re: This is how countries get poor

Russia? You mean the move into Crimea? At that rate, they should be in the UK in 2525 or so.

Agree about the collapse of the U.S., but is this outsource-everything trend a cause or a symptom?

Old Coot

Re: Bingo!

And for some closing laughs, remind them how Hillary's foreign-policy achievement was the destruction of Libya and all its attendant horrors. (That is fake, isn't it?)

It's not the fake news that gets you; it's the real news that you never hear about.

Camels disqualified from Saudi beauty contest for Botox-enhanced pouts

Old Coot

Re: Bunch of Pikers

There's a William Faulkner novel (can't remember which) where a horse trader named Pat Stamper buys a guy's horse, dyes it, then sells it back to him for more money. Old trick, I guess.

Stick to the script, kiddies: Some dos and don'ts for the workplace

Old Coot

No, I don't understand it; enlighten me.

Does it do something that the Unix shell doesn't, or do it better?

If yes, please enumerate

If no, then why make up a new shell system? Is it just for the sake of doing it, or is there a 3rd possibility that I've missed?

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Old Coot

Open-source chipsets

Aren't those Chinese Yeelong laptops using a MIPS open-source CPU? I recall Richard Stallman using on of those for just that reason. They come with Debian, or at least used to.

The Reg parts ways with imagineer and thought pathfinder Steve Bong

Old Coot

Re: Certainty?

You have to leverage the uncertainty. Since nobody can prove otherwise, put it on whomever you (don't) like.

US govt to use software to finger immigrants as potential crims? That's really dumb – boffins

Old Coot

This is actuallty a step forward

Considering that we'll drone strike an entire wedding party for the chance at getting one guy who's rumoured to be attending, just fingering the folks is actually a step forward.

Can't they just put an AI onto it?

Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Old Coot

Re: Minorities

--> 1)they refuse to learn local language

What percentage of Brits living in Spain or France have learned the language? Besides, Estonian? Pretty difficult, I'd say. Not a very good time investment, especially for an adult learner. I live in Belgium, similar issue. They should switch to English, but nah, that would be too easy.

--> 2)they support putins regime that is hostile to the countries, EU, NATO and democracy itself, while enjoying all freedoms granted by EU etc.

I'm glad to hear that the EU is highly democratic, as evidenced by their love of and respect for the people's will, referenda, etc.

3)they worship soviet regime and deny crimes against humanity committed by that regime, imagine germans living in Israel worshiping Hitler and demanding locals to speak to them in german - thats how stupid the situation is.

So a state of mind, a sentiment is an excuse for making people 2nd-class citizens. How about worshiping God or Allah, how is that different? Besides, why should they care about a country that's the only place they've known, but discriminates against them?

4)Hate the countries they live in but somehow dont want to go back to putins "paradise"

So Russia is just the Soviet Union? If so, how did the Baltic States get out? Did they fight, or were they let go by this USSR-lite?

Enjoy having your country be a missile launchpad; after all, what could go wrong?

Old Coot

Re: Round up the usual suspects

Perhaps what's needed is a scapegoat to draw attention away from the vulnerability recently discovered in Estonia's system. It seems many stories these days are of this variety; they don't aim to persuade you of anything, just to get some other, troublesome story off your mind.

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

Old Coot

down the rabbit hole stuff

Have a look at the story "Memoirs found in a bathtub" by Stanislas Lem for a satirical look at just how far such a thing might go. Spy vs. spy from Mad Magazine, if you're old enough to remember that.

Sean Parker: I helped destroy humanity with Facebook

Old Coot

vulnerability in human psychology

That's where the money is these days, in politics, business, you name it. I feel like that guy (was it Vincent Price?) who is the last non-zombie in the world when I'm on the street or the train and everyone is glued to their screen.

Official US govt Twitter accounts caught tweeting in Russian, now mysteriously axed

Old Coot

Re: "Official Government Twitter Accounts"

Or try getting a job if you're not on social media. They think you must have something to hide. I'm not religious, but how can one not think of the "mark of the beast" in Revelations?

'Lambda and serverless is one of the worst forms of proprietary lock-in we've ever seen in the history of humanity'

Old Coot

Re: Déjà vu

In Soviet USSA, regime changes you.

So, tell us again how tech giants are more important than US govt...

Old Coot

Re: Applying pressure on Twitter

You better check to see what the exit wealth tax is for corporate expatriation. I expatriated in January and know that, for individuals, it's quite high, in the 30-40% range (after a low threshold).

Old Coot

Re: Your opinion is is nice to see ...

>"text" their vote, rather than mustering at a polling place

I would definitely go for it. Going to the polling place requires me to look away from my phone for as long as 3 minutes. I might miss out!

US voting server in election security probe is mysteriously wiped

Old Coot

Re: @big?_john

" average Trump voter couldn't even put a key in a door"

Yes, maybe the average, but averages don't tell the whole story, do they? You also need the deviations and maybe there's even fat tails. As an American, I can tell you that the average American could not find the UK on a blank map (Canada and Mexico, after that it's fuzzy), nor tell you the name of any prime minister except maybe Churchill. Nor would they even be curious; it's really that bad.

I voted for Trump in hopes of avoiding war with Russia. Why does Western Europe (Lithuanians, Swedes, French, Germans) feel the need to invade Russia every century or so? When did it ever work out well? But here we are again, missiles on the border. Imagine sitting across a table from someone who's pointing a gun at you; how would you feel?

Everyone talks about how horrible Trump is; why not talk about how wonderful his opponent is? She was the Monsanto candidate, after all (look up the paid-speeches list); do you like the taste of glyphosate?

Ever been in combat? Imagine carrying a 50-pound pack through the snows of Russia, with snipers and land mines to keep you alert. Or maybe you could stay at home and find out what radiation sickness feels like when the missiles reach your town. Wonder how the IT infrastructure will work with all that extra EM activity

Even the endless virtue-signaling on technical stories is nausea inducing here. If there's no God and no punishment, there's no good or evil. Don't take my word for it, ask Ivan Karamazov. So your virtue-signals only impress the people who already think like you, that is, your operation is idempotent.

Everyone else sees only hatred and disdain for those with less cognitive endowment than you and fewer opportunities for develop what they have a beneath you and shouldn't even have the vote, at least not if they're white (or Asian). And thus are we not persuaded, but rather that much more hardened in our convictions. And however disappointed we are with the Golden Golem (and we are, e.g., Syria), at least he's not nuking Russia yet.

CrashPlan crashes out of cloudy consumer backup caper

Old Coot

Re: Alternative peer-to-peer backup?

Thanks for the tip. I looked at the other alternatives suggested here, but settled on yours.

I'm amazed at the breadth of features offered by the product as well as its low cost, so much so that I looked into buying their shares. Too bad, they're privately held.

Probably smart, that way they're less vulnerable to being gobbled up.


Biting the hand that feeds IT © 1998–2022