* Posts by Amused Bystander

8 posts • joined 10 May 2018

Rubbish software security patches responsible for a quarter of zero-days last year

Amused Bystander

Hah I laugh at your 200 Baud modems

I developed a bunch of BS6403 modems for two companies - they were replacing the old 50 Baud +/- 80V telex system.

BS6403 used V21 signalling but S_l__o___w____e_____r......

Dynamic Data do-over denied: Judge upholds $7m patent infringement claim against Microsoft

Amused Bystander

Complaining about daft patents..

My Aunt worked in the UK patent office for a couple of decades. The process of evaluating a patent application was to search paper records for prior art. The paper records had to be indexed when granted( physical cards ) and filed in the right place.

If possible prior art was uncovered, it was escalated to a more senior official (another civil servant with probably no technical background) who had to deal with dozens of applications a day.

In these days of Bingle we can very quickly find information, some of it true and accurate, but back in the last century when the index had few keys (possibly date of application, some vague words of description supplied by a non-technical clerk), the task of sorting through the index card by card and looking up the patent filing was very time consuming, boring, poorly paid work.

Thus it was only after WW2 that we discovered the Germans had obtained a UK patent on the Enigma machine in the 1930s.

I agree the broad, over-reaching patent is possibly unfair and stifles competition, but the idea of a patent is to protect someone who has a good idea from having said idea ripped off. See Joseph Swan and Edison.

British Army develops AI shotgun drone with machine vision for indoor use

Amused Bystander

Re: What could possibly go wrong?

Putting aside the obvious comparisons with Terminator et al, anyone remember the new years eve 2019 celebrations? While the rest of the world was firing off rockets & squibs (gunpowder - invented by the Chinese) In Beijing they had thousands of drones flying in formation, doing all sorts of stunts - murmurations of DJIs. If they can control that many for a one off show, imagine what the battlefield will be like when the next Big One kicks off.

Meanwhile the MOD is requesting all kit should have an RFI tag to aid logistics...Like you said, What could possibly go wrong? go wrong? go wrong? go wrong? go wrong?

OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...

Amused Bystander

It is theoretically possible

A decade or three ago I went on a course at a certain establishment in Cheltemham where we learned to read what golf-ball printers were printing by looking at the spikes on the mains. It was fun, looking up the spike and comparing with letter-frequency tables (E being the most common etc.)

As a demonstration of why TEMPEST was (is) neccessary, it worked.

However in the real world Google / Facebook / Twitter are much more profitable data sources.

Somewhat related: NCSC (GCHQ) have launched their anti-phishing scam address (report@phishing.gov.uk) - you can simply forward a scam email to them, and they investigate the scammer.

Except... GCHQ's Amazon AWS has blacklisted 1and1's email server.

So my forwards bounce... 1and1 host a couple of million domains.

And those emails we forward to them probably contain open distribution lists, company registration numbers, addresses in the signature.

And its going to an Amazon AWS instance...

Jeff must be delighted - slurp.

International investors gobble up Brit satellite specialist Inmarsat

Amused Bystander

#brexitfiresale - Everything must go

Former UK PM Tony Blair urges governments to sort out online ID

Amused Bystander

Re: "trying to come up with new forms of ID card"

There's a lot of anger here on both (every) side. Since we're all techies, how about we come up with a solution, instead of shouting into the Cat 5?

We do need some form of ID proving who we are, we also need some way of preventing Big Brother tracking our every click and tweet.

We need to decouple our Human ID from our Bank account, credit card etc, so that we can log in to whatever, but then present our account number separately.

As Ken says, everything in security is hard, its even harder to explain to a non-techie why THIS solution is better than THAT solution.

Biometrics? I think not - once a retina scan is in the wild, it can't be revoked, same goes for fingerprints, voice print.

Answers on a postcard...

UK.gov expects auto auto software updates won't involve users

Amused Bystander

Re: you mean just like windows 10

I agree with the sentiment about not allowing auto updates, but using this for another bash at Microsoft is going a little off-topic.

A BMW 7 series, I believe has a number of Windows licenses running, while Audi is using some old version of Android, others use Apple, and I wouldn't trust any of them to Auto-update.

I've written to Chris Grayling and my MP, Mr Gove, they pointed my at a "public consultation" in 2015 (which I had never heard of) https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/401565/pathway-driverless-cars-main.pdf

The upshot is the Gov is happy for manufacturers to roll out autonomous cars without any extra permit or license. And they can be autonomous, but the "driver" has to remain in control at all times (not sitting in the passenger seat). A wonderful compromise.

Coincidentally 2015 was when we first discovered the car manufacturers were cheating about emission standards. I'm sure they all learned their lessons and can be trusted with our lives.

A controversial idea - stop Bitching here and write to your MPs

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed

Amused Bystander

Re: PC 2.0

Microsoft tried it with WinRT - remember the original Surface that would only run RT code? I heard both the people who bought one were happy with the security.

We hear much the same speech every day from younger coders - "This is all rubbish, lets start again and do it properly". That's how start-ups work:

1) come up with elegant, simple, "obviously correct" design

2) get successful

3) fix bugs and introduce new features

4) fix bugs and introduce new features

5) fix bugs and introduce new features

6) rinse and repeat

7) become the legacy platform

8) get replaced by a start-up

The trick is to become so successful that other start-ups struggle to break in to the market. Hey I got an idea - write the code in your spare time (i.e. while not in your paid employment as a coder) and give it away, no one can compete with that.

Fire extinguisher primed and ready :-)

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021