* Posts by Flocke Kroes

1945 posts • joined 19 Oct 2007

You deleted the customer. What now? Human error - deal with it

Flocke Kroes
Silver badge

Re: Write temporary scripts when you're doing something potentially dangerous

Mine are:

type 'm superfluous_thing', proof read, '<home>r<enter>'.

A script with echo in front of anything dangerous. Run the script, then remove the echos.

Finally: restore from backups regularly.

Two days work in 6502 assembler on someone else's computer. Tested, working, and saved twice to 5¼" floppy disks (IAVO) on Friday afternoon ready for demonstration to the customer on Monday. Clean up everything on the borrowed computer, then find both floppy disks are unreadable. Suddenly I was not looking forward to the weekend any more. I have not lost data since then.

No project is complete until it has been restored from backups, preferably twice, the second time by someone you trust to deal with problems while you are on holiday.

5
0

Rats revive phones-and-cancer scares

Flocke Kroes
Silver badge

Re: Purveying woo

Mr Infernoz may well be a purveyor of woo, but not necessarily because of the last paragraph. The difference between pulsed and continuous microwaves on (yeast) cells is something I come across years ago (debunking cellphones cause cancer scares). I tried to find the article again, but it is one tree in a forest (is there a way to tell Google that 'pulsed' is important for this search?).

That forest includes studies where the modulation made a difference, and studies where it didn't. The quantity of studies where modulation is tested suggest that researchers in this field consider modulation an important factor in cell phone/cancer research/funding.

I applaud your skepticism, but recommend you follow it past a comment full of references. Last time I made the effort, I found some links supported electromaganic paranoia, some behind a paywall, some did not exist and a few said the precise opposite of what the commentard claimed they did.

I regularly find some quite disturbing results with rats that are not repeated when the test animal is more big-headed and thick skulled.

4
1
Flocke Kroes
Silver badge

Modulation makes a difference

"It seems wildly improbable to The Register that the difference between CDMA and GSM modulation somehow triggers a different response in rat DNA."

Studies have already shown that time varying microwave signals cause higher rates of apoptosis than continuous ones - in yeast. GSM uses time division multiplexing - over simplified, phones take turns to transmit, and spent only about 1/8th of the time transmitting. CDMA transmits continuously (multiplexing is done with codes). Clearly telcos with a high number of yeast subscribers should use CDMA.

Pre-liminary cell phone/cancer experiments often show interesting effects like higher cancer rates in the ear furthest from the phone. Regrettably the cancer preventing properties of phones often disappear when studies become large enough to be statistically significant.

4
0

Euro Patent Office prez's brake line cut – aka how to tell you're not popular

Flocke Kroes
Silver badge

The difference between genius and stupidy?

Genius has limits.

Bullet proof bicycle already patented.

5
0

$10bn Oracle v Google copyright jury verdict: Google wins, Java APIs in Android are Fair Use

Flocke Kroes
Silver badge

when does the copyright expire

I thought it was when Mickey Mouse says so. His earliest cartoons (1928) were saved from the public domain by Copyright Term Extension Act of 1998. (Mickey himself is a trade mark, which lasts as long as he is defended.)

6
0
Flocke Kroes
Silver badge

Re: Phew...

It was for rangeCheck. Out of the whole a Java, Oracle wanted billions just for rangeCheck. The judge reminded Oracle's lawyer that an expert witness had said a high school student could right it, and the judge is a programmer and had written similar code hundreds of times himself.

Oracle's lawyer boasted that he would not be able to implement rangeCheck in 6 months. As the lawyer (Boies) couldn't win a legal argument with a gardener, his claimed ineptitude at programming is actually credible. Multiply that by the hourly rate he gets for cases not related to SCO, and you still do not get to 9 billion. (Yes, it is the same David Boies who committed BS&F into representing SCO against IBM for a share in the profits.)

20
1

Bank in the UK? Plans afoot to make YOU liable for bank fraud

Flocke Kroes
Silver badge

Amazon works without Javascript

There used to be other sites that did not require javascript, but they changed and I abandoned them. I would really like Amazon to have some competition, but there are only so many times I am prepared to fail to create a new account before I go back to the site I know will work.

If only 'Do you want a free trial of Amazon Prime' were as simple to avoid as a Windows 10 downgrade.

1
0
Flocke Kroes
Silver badge

Re: Who doesn't use card readers?

I don't because I do not use online banking. When banking is possible without javascript I will re-evaluate their security practices.

2
0

Microsoft's Windows Phone folly costs it another billion dollars

Flocke Kroes
Silver badge

Re: MS Windows is finished

I would agree that Windows phone is mortally wounded, and about to expire.

Microsoft are still trying to get into the cloud market. The problem here is not specifically Linux, but Amazon. Amazon need at least ten times their average capacity to handle spikes in demand. The remaining 90% would just sit idle, so they rent it out. When there is a spike in demand, it is because people are looking at Amazon, not at the other sites hosted on the same servers. Until Microsoft need reserve capacity on the same scale as Amazon, they will not be able to profitably compete on price.

The old problem with China was that Windows was 'free' (pirated). Microsoft have made an effort to get revenue from China, but I do not have figures to support success or failure there. I would be surprised if the majority of residents in the countries you mention made an effort to understand computer security. Theresa May's best efforts have not caused a stampede to Linux here.

Microsoft haven't incorporated the Linux kernel into Windows because of licensing issues. Likewise, WINE does not include Microsoft code for the same reason. Each is a compatibility layer that allows software compiled for the other operating system to execute. Microsoft's compatibility layer lowers to barrier for Penguins to do something useful with Windows. When that barrier drops to lower than wiping and installing a penguin's favourite distribution then it might have some effect. Microsoft are a long way from needing penguins to claim their OS has developers.

When OSes have faded away in the past, the fanboys who wasted years honing skills with dinosaur wrangling found their rare abilities in high demand from those too locked in to jump ship early. A decade from now, Windows devs may be getting over £1000/hour from the truly desperate. We are not there yet.

8
1
Flocke Kroes
Silver badge

Re: No surprise here

Step 1 of Microsoft's traditional sequence is to buy out the company in third place. First place is too expensive, second place thinks he can be first place, and is too expensive. Nokia was in first place, but Elop's burning platform memo quickly dropped sales/profit below Samsung and Apple and got Nokia into third place.

Step 2 is to bundle the software with the operating system. Demand that in order to get Windows licenses, all PC distributors must include a Lumia with each PC. As phones outsell computers by a huge margin, that was never going to fly.

Step 3 is to sit back and watch the first and second place companies die of revenue starvation. The Microsoft product may not be as good, but it should be sufficient that people do not make the effort to buy something else. Windows Phone started with so many problems that 2 out of 3 purchasers returned the phone for refund/exchange. If you wanted to buy a Windows phone, the salesman would try to sell you something else to avoid the hassle of filling out yet another returned product form.

Microsoft did not follow their standard take over sequence with mobile phones because it was impossible. They tried anyway because the desktop PC market is shrinking and in future personal computers will be called phones. Elop nearly didn't get his $25million bonus. The bonus would only trigger if Microsoft bought Nokia, and Nokia wasn't in third place. The Lumia name was toxic - it didn't matter if Microsoft fixed all the flaws as only the truly dedicated would consider it, and lack of upgrades to incompatible versions pissed off most of the few remaining loyal customers. Elop's first attempt at selling to Microsoft failed. At this point, he made his first sensible decision: sell Android phones. Microsoft would and did pay to put a stop to that, and Elop got his bonus.

4
0

Boffins blow up water with LASERS, to watch explosions in slow-mo

Flocke Kroes
Silver badge

Re: A valuable extension of this kind of research

Already done, but with a rocket, instead of a laser.

1
0

Pastejack attack turns your clipboard into a threat

Flocke Kroes
Silver badge

Re: I think I'm safe, buuuut...

Completely safe if you have turned off javascript, and probably for other reasons too.

The article mentions something about copying with ctrl+c. Click and drag to select and middle click to paste have been standard in X since I was a PFY. The behaviour is so consistent that I had to ask for help when I was stuck with Windows for a few minutes. I have seen Windows style somewhat consistent keyboard shortcuts for copy and paste in Unix software either to make Windows user feel at home, or as pointless cruft in portable applications. Click and drag puts the selected text in the paste buffer, so my browser has no keyboard short cut for copy. It does understand shift+<cursor movement> to select, shift+delete to delete and shift+insert to put back, but those only work in text boxes, and do not use the paste buffer.

Someone brave enough to enable javascript could test to see if the code really required a key press, and if it can find the one used for copy (if it even exists).

For this attack to work the attack page needs enough social engineering to get a user to find and press the copy button, then paste into a shell instead of a text editor. A Unix text editor is the ultimate defence against this sort of attack. No-one can escape from vi.

4
1

Want a better password? Pretend you eat kale. We won't tell anyone

Flocke Kroes
Silver badge

If only you could type commands and have each output to the next...

strings /dev/urandom | less

A pathetic 8 letter password picked from the command above gets you over 10^15 possibilities, and with a little practice you can memorise double that by typing it repeatedly, waiting and hour, typing it again, wait till bed time, type it again, then again in the morning.

In real life, you will need at least a dozen passwords, and many of those will need their own date of birth, mother's maiden name and town of birth. So far, sites have been happy with answers like Miss Pertpwjb from Wdudlumy and echo $(($RANDOM/(32768/31)+1)) for a date. Put the sites' URLs, your user names, the passwords and all the lies in a file you encrypt with gpg, and remember to shred the file after you have proved you can decrypt the encrypted copy.

The only difficult bit is mapping a new site's password validator. If the rules seem too cryptic, you can always try:

Password'); DROP TABLE customers;--

1
5

Coders crack Oculus DRM in 24 hours, open door to mass piracy

Flocke Kroes
Silver badge

@John Bailey

Yes, the content providers wanted fewer sales.

You could sell a million for £5, or you could sell 100,000 for £20, wait three months and sell 200,000 for £15. Wait again and sell 300,000 for £10, and after a year sell the last 400,000 for £5. Plan B costs you some interest on not making all the sales early, but you do not have to buy enough capacity to do everything in the first month, then throw it away immediately after. Buying a twentieth of the capacity and running it for two years trims the interest on capital investment enough to match the loss of interest on early sales. There is less risk because you do not have to correctly guess you market size on the first day. You control rate of purchase by selecting the dates when you drop the price, and in my example get an extra 68% revenue.

If a distributor offers you a few million to reduce your sales (not revenue) for a year, then you giggle all the way to the bank because you will make the 'lost' sales next year. Oculus and the content providers both saw a mutual opportunity for profit. Ranting at either one does not help. If you feel cheated, then wait a couple of years and buy second hand.

2
1

Great, IBM has had a PCM breakthrough. Who exactly is going to manufacture?

Flocke Kroes
Silver badge

Re: Misnomer -> TLC or triple-level cells

Could be worse. Literal SLC can only store zeroes.

4
0

Hack probing poodle sacrifice cuffed for public crap

Flocke Kroes
Silver badge

Last time T-shirt Terror struck

It was this.

0
0

CIA says it 'accidentally' nuked torture report hard drive

Flocke Kroes
Silver badge
6
0

Destroying ransomware business models is not your job, so just pay up

Flocke Kroes
Silver badge

Re: Backing up encrypted files

A backup is not a backup until you have tested a restore.

10
0

ZFS comes to Debian, thanks to licensing workaround

Flocke Kroes
Silver badge

You cannot see what isn't there

If you go back in your time machine, software started without explicit copyright notices and licenses. It often arrived as source code, you fixed it, compiled it and swapped your patches with friends. This emphatically applies to AT&T Unix. AT&T were found guilty of using their monopoly in one field to create monopolies in others. Part of their sentence was that they were not allowed to distribute an operating system. AT&T split up, and one of the fragments was Unix Systems Laboratories.

USL promptly sued the Regents of the University of California for copyright infringement. There are many reasons why the litigation was an abysmal failure: They sued the people with money, not Berkley Software Distribution who actually distributed an implementation of Unix, BSD did not copy any source code from System V and there was evidence that USL did not own the whole of System V because some of it was from outside contributors.

If we take a step forward in time, it became fashionable for companies to distribute software in binary form with a license that said you could install on one computer with one CPU, and you could not transfer it to another computer or sell the original computer with the software license. The purpose of commercial software was to encode user's data in a proprietary format, then charge for regular 'upgrades' so users could retain access to their data.

This wonderful revenue model that vast majority businesses, governments and individuals are so keen on has a draw back: Programmers learn from reading high quality source code, and the source code in closed source software is hidden. One of the problems the GNU GPL was created to fix was the falling standard of programming skills caused by lack of good examples.

GPL gives users several freedoms: the freedom to install GPL software on anything they own, and use it for any purpose. The freedom to study the source code, and modify it. The freedom to distribute the software, and modified versions of it. The cost of GPL software is that you cannot take those freedoms from the people you distribute GPL software to. This is, according to some, totally unfair. Some companies clearly deserve the right to take source code created by others, add spyware, addware and secret file formats, then make everyone pay of a copy bundled with every new computer - all without making the modified source code available.

Years ago, it was legal to buy a computer with a licensed copy of AT&T Unix, and use that computer to create a GPL text editor, C compiler and debugger. Early GPL software was often replacements for the tools that came with AT&T Unix, but done better and with freedoms. You were also allowed to install your own operating system kernel such as BSD Unix or Minix, and continue your software development with open source tools. You could develop GPL software on AIX, Solaris, DOS and even Windows (check your license). The idea that software belongs to the owner of the operating system, and not the programmer who creates it is a modern one, and not entirely supported by the legal system.

And now we get to ZFS. Sun (now owned by Oracle) chose a license for their software. They chose CDDL (oversimplified: you get to play with the source code, but the changes belong to Sunacle, so they can change to license back to closed source and charge for copies of other peoples' contributions). For some reason there has not been a stampede of programmers giving their time and effort to Sunacle for free. The CDDL and the GPL are not compatible. This means if you link CDDL code (like ZFS) to GPL code (like the Linux Kernel) you cannot distribute the result.

The key here is the word linking, which means different things to different people - specifically Richard Stallman and Linus Torvalds. If I created some CDDL library and linked it to some of Stallman's GPL software, I would look at Stallman's definition of linking and see I cannot distribute. ZFS is a kernel module, and it communicates the the kernel in a manner that resembles linking, so Linus' opinion is the one that matters.

Linus has been perfectly clear on this for years: kernel modules do not link to the kernel in a way that automatically triggers the conditions of the GPL. Linus is not the only contributor to the kernel, and the opinions of the other contributors matter too. Some of the interfaces in the kernel are not available to non-GPL software. When you write a kernel module, you specify the license and the linker only shows you symbols you can use. There are kernel modules available with far worse licenses than CDDL, and they are legal. I can understand Debian with limited funds, out of an abundance of caution distributing ZFS in source code form only - especially with RMS ranting. As long as Sunacle have not damaged the way the kernel build system checks license compatibility, then ZFS for Linux is as legal as Sunacle choose no matter what RMS says.

2
0

Art heist 'pranksters' sent down for six months

Flocke Kroes
Silver badge

The problem would be collateral damage

There used to be statistics on collateral damage caused by police gun fire. For some reason I cannot find anything modern. According to the old figures, police were better at shooting bystanders than criminals, and far better at hitting innocent dogs than all the humans combined. The most accurate police shooting were from suicides, which can bring the hit ratios over 30% in some states. Likewise, innocent dog shooting figures are inflated by police raiding the address written on a package full of drugs (mayor's home) instead of the place where the drugs would have been delivered if not intercepted by the police.

The world is a little safer with these people locked up at tax payers' expense. The same money spent giving police regular fire arms practice and training for stressful situations would be more cost effective.

3
0

United Nations orders plan for tackling online terror propaganda

Flocke Kroes
Silver badge

Re: I was wrong

Depends on what the problem is. If the problem is 'not enough military budget' or 'not enough approval for mass surveillance' then increasing censorship is the solution. Everyone will believe censorship is for the government to hide the truth, and when the censored documents say you can sit on a bomb to blast your way to Jannah, a few will believe it. The security services need those bombers because of the Shirky principle.

0
0

Apple, AT&T, Verizon named in $7bn VoIP patent claim

Flocke Kroes
Silver badge

Re: So, I'm in two minds...

Making a product does not cause patent litigation. Making a profit does. You are safe until you have enough money to make it worth the trolls' effort to come out of their bridges. Once you have money, patents are no protection from trolls. The whole idea of selling patents to trolls is that they do not make anything but legal threats, and so do not infringe any patents. (For some strange reason, lawyers believe that the copious benefits of the patent system apply to every profession except their own, so the law is not patentable.)

Next up patenting your invention costs money. Patent lawyers frequently advise spending money on patent lawyers until you are bankrupt, then the patents can be bought from remains of your company for a pittance by trolls. Pretend you have a bottomless pit of money that means you survive until you get the patent, and someone infringes it. You can now demand royalties. If you make anything, you will get counter sued for patent infringement, and your cheapest option is to cross license. If you are a troll, it is important to sue everyone. Some of them will be dumb enough to pay up without a fight, and you use that income to pester richer victims.

If you have a USP that no-one else can copy, then you do not need a patent. A patent only helps if someone else does copy. You then cease manufacture / sell to a troll, then spend millions and wait years for a court ruling. To succeed with a patent it must be obvious. Journals do not print the obvious because their readers know it already. This means there won't be prior art unless someone has patented it already, and as it is so obvious, it will not take long for someone to infringe.

If you have something good, make it, sell it, then sell the company to venture capitalists (VC = someone who buys an operating cash cow, then fires the developers). Let the VC deal with trolls while you sell version 2 from the new company you set up with the proceeds of the sale.

0
0

Official: Microsoft's 'Get Windows 10' nagware to vanish from PCs in July

Flocke Kroes
Silver badge

Re: Linux is good as

"the consumer never wants to interface with it directly" except with their "smartphones, tablets, satnavs, servers, routers and myriad home entertainment devices".

"Linux is fugly". ROTFL. I get comments from people looking over my shoulder who think its pretty, but AFAIK, you can still put your choice of background images on various versions of Windows and get similar comments. The fun part comes when changes are made to one of the major user interfaces. You will hear screaming from penguins and windows users alike. The difference is that on Linux, there is a wide choice of user interfaces, and the screamers shut up when they switch to an interface that suits them. Windows users scream for longer, whine then grumble on in a foul mood because they are locked in to a single supplier who could not please everyone all the time even if they tried.

"abysmal sales" only if you discount "smartphones, tablets, satnavs, servers, routers and myriad home entertainment devices". The PC market is in decline, but if you want to focus on that, there have been plenty of reasons why pre-installed Linux on a PC have been almost non-existent: lack of crapware for Linux (used to) cause a price difference. No commission for MS Office / AV sales for Linux (a pity MS cannot run a successful App Store). Penguins prefer to install their own software to avoid pre-installed spyware. Many distributors now openly sell blank machines. They clearly see it is worth the effort to sell to penguins.

I too find it interesting that lots of penguins use "circa 2005/6 laptops". It is almost as if hardware has been fast enough for a decade (if you have decent software). A third hand machine that would otherwise have been junked gets the job done and is no great loss if it gets pinched or perforated while away from home. (We had quad core processors in 2006 too)

Thank you for taking the time and trouble to argue about a specific platform. I prefer to argue about a specific license. You could buy a time limited license linked to particular hardware, a second site-wide second license because the first one does not cover your actual use case and a third company wide license in case any of your sites miscounted the number of licenses they need. Or, you could install Linux on any number of machines, use them from any purpose and stop bothering to track which computers have licenses for what software.

I never thought Windows 10 was about security. Older versions are still getting updates. I thought it Microsoft switching to new revenue streams. Even Windows users have noticed that an old machine is fast enough, and are not buying new machines with new licenses as fast as Microsoft require. The new revenue streams are home (free/advert supported) and business (rental). Advert revenue requires spyware, and I expect that will be available on all versions (or the only version with your choice of version number). Rental appears to require you to give your credit card number for a cloud service. I assume the regular internet connection is required to check the clock has not been set back, and that the last payment arrived on time before allowing access to your data.

6
0

The 'new' Microsoft? I still wouldn't touch them with a barge pole

Flocke Kroes
Silver badge

Re: I stopped using Redmond products in the year 2000.

My last two Microsoft problems:

"The compiler will work broadly in line with the printed documentation." The compiler might have come with a shed load of online documentation, but the only thing on paper was a small page describing how to install. I followed the instructions carefully first thing in the morning, and let the computer chug away at the install process until after lunch. I had work to do, so I stopped the install and my shiny new compiler CD had to wait until Friday afternoon. On Monday morning, the computer was still chugging away - hard disks head movements were very audible back then.

The first half of my transition into a penguin began that day, but I still needed some cross-compilers not supported by gcc. "Of course XP can run all DOS software". It didn't, but a friend had some unused technical support questions left that were about to expire, and I remember the precise response he was able to get from Microsoft: "God hates you".

DOSEMU came to my rescue, and since then I have been a complete penguin. Ditching Microsoft has not been entirely without problems. When PHBs ranted because some other version of Microsoft Word screwed up all the formatting in his report, I had to make a real effort not to ROTFL.

14
0

Router hackers reach for the fork: LEDE splits from OpenWRT

Flocke Kroes
Silver badge

One of the upsides of free software development ...

... is that when a disagreement turns up, even if it is trivial, petty or downright stupid, a fork will lead to either two good projects that are suited to different users or to one project falling apart or getting ignored.

In computing, real learning comes from doing. Sometimes that involves doing it wrong a few different ways until you know better even if ten thousand other people have already learned from the same mistake.

7
0

Revealed: HMS Endeavour's ignominious fate

Flocke Kroes
Silver badge

Last I heard (2016-04-20)

Science Minister Jo Johnson demonstrates his respect democracy by looking for alternatives to Boaty McBoatface. He seems to prefer "Imaginative" or "more suitable than others". In second place came Poppy-Mai, but apparently the name will be "announced in due course".

0
0

Intel has driven a dagger through Microsoft's mobile strategy

Flocke Kroes
Silver badge

Linux on Azure, Office for Android, Subsystem for Linux

Microsoft have have been preparing for the transition for some time. I am not sure what the next small step will be. The big one will be when Windows==Linux+WINE. For some of us, that happened years ago. I cannot see Microsoft going there while they get such hefty troll revenue.

8
0

Intel loses its ARM wrestling match, kicks out Atom mobe chips

Flocke Kroes
Silver badge

Re: ARM are growing even without Samsung

Intel leaving mobile makes no difference to ARM as Intel had a microscopic market share.

Intel leaving mobile makes a chunky difference to Intel as they are not wasting money developing expensive low margin chips that hardly sell, and displace a sale of a high margin product when they do.

3
0

Miguel de Icaza on his journey from open source to Microsoft: 'It's a different company'

Flocke Kroes
Silver badge

Re: BSD license

BSD and similar licenses are often chosen by people and institutions financed by government grants. The license requires third party distributors to mention in their product literature that it uses some BSD or MIT or whatever software. The authors can include these mentions in their next grant application as evidence that something useful was done with the money last time. There is plenty of excellent software with a BSD style license that has ended up in all sorts of places - both free and proprietary.

The BSD license does not attempt to limit patent threats. These threats are not from the coders, but from third parties because some patent systems reward first to file rather than the inventor (even for software which patent lawyers refuse to admit is not patentable because it it a branch of mathematics). Microsoft and other companies like BSD variants because they can embrace and extend without sharing.

The GPL is selected by people who like the idea of contributing an onion and sharing the whole soup. There is an attempt to limit the damage inflicted by the patent system. The license to distribute is only available to people and companies who do not aggressively assert patents, so for some reason Microsoft actively despise the GPL, and will not distribute software with that license.

If you code something, or hire someone to code it for you, you choose the license. If you want to use someone else's code in your project, read their license and if you are not entirely certain about license compatibility hire a lawyer to explain it to you before you commit large amounts of time or money to a project with no future. Throwing chairs at people because you do not like the license they have selected doesn't make the world a happier place. The good news is that in the world of software, the wheel has been invented so many times that you can usually pick one the a license want.

6
3
Flocke Kroes
Silver badge

It was about the patents

The problem with Mono was never about what Ballmer said. It was about patents. If you used Mono, Microsoft could sue you for patent infringement. If you breathe, Microsoft could sue you for patent infringement, but would probably get kicked out of court before you had spent several million dollars. Using Mono and making a large profit would put you at risk of being sued until you look like SCO.

A clear promise from Microsoft not to enforce patents did not make headline news. To be fair, I was not looking for one, but for years a lack of such a promise was headline news.

I am sure Microsoft's lawyers a very aware of the difference between open source and free software. Open source means you can look at the source code, but without written evidence to the contrary, you should expect to be sued for wilful patent infringement if you ever distribute software afterwards (clearly you copied the patented structure, sequence and organisation of their gardening software into you motorbike design software).

Free software can be any price. The free refers to freedom - to run, study, redistribute and improve. Part of a free software license is a guaranty from the supplier not to sue for patent infringement - unless you sue him first. I hope one day, journalists will understand the difference between open source and free software. Judging by the current evidence, an Orion capsule will land on Mars first.

26
2

Linux greybeards release beta of systemd-free Debian fork

Flocke Kroes
Silver badge

systemd is not a boot loader

The sequence is firmware loads (part of) the boot loader, which is usually grub for x86 or U-Boot for everything else. The boot loader - using nothing but itself and some probably broken firmware - loads the rest of itself, then the kernel (and possibly a small disk image). The kernel mounts the root file system, and then runs something as process 1. That was usually sysvinit, or - if you are recovering a badly confused machine - bash. Systemd is a replacement for sysvinit.

When process 1 starts, it has the complete kernel and any modules the kernel requires, the root file system, and probably a few pseudo file systems like /dev. Sys[vt][ei][nm][di]t? starts almost everything else: all the permanently attached file systems, any strange configuration, various demons, login for each terminal and one of the gui login programs. When a process dies, its parent gets sent a signal. If the parent is dead, that signal goes to process 1. While running, systemd/sysvinit restarts any dead demons. During shutdown, sysvinit/systemd kills all the processes and unmounts all the file systems.

This makes sys{vinit,temd} very different from a boot loader - which self destructed when it handed control to the kernel within a few seconds of power on.

BTW: Debian architecture names make sense to techies, but not to computer illiterates. AMD64 is almost certainly what your Intel processor is pretending to be when it is not pretending to be an ancient pentium for 32-bit Windows users. It is the most common architecture on the planet. Raspberry pi is odd. The earliest ones are not quite armhf. The newest ones are ARM64, and the ones in the middle are armhf. Supporting raspberry pi means armhf with restrictive compiler flags. Banana pi is full armhf, and anything armhf should be able to use the same repository.

If we go through popcon in order of architecture, fist is AMD64. Second is i386 (probably AMD64 compatible machines, although some will be ancient / odd). Raspberry pi is not included in popcon, but is probably next in real life, then comes armel (arm older than the oldest pi), powerpc (old converted macs?), armhf (banana pi, and a pile of other arm based small cheap computers). All the remaining architectures supported by debian together are not as common as armhf. Devuan have chosen about three and a half of the most popular architectures. The most of the others are too old to run Debian Jessie anyway, have bigger problems than hatred of systemd if the maintainers want to upgrade.

22
0

CERN publishes massive data set

Flocke Kroes
Silver badge

The barn already has a definition - and it is a small area

The origin really is "Couldn't hit the broad side of a barn".

Harmondsworth great barn is 58.55 x 11.3 x 11.9 metres, so its broad side is about 7x10^30 barns. TheRegister already has a unit of area, the nanoWales.

1
0

Microsoft, Google bury hatchet – surprisingly, not in each other

Flocke Kroes
Silver badge

Re: encourage government regulators to investigate each other

Getting a PC without Windows has been getting steadily easier. It has reached the point where major distributors are openly selling blank hardware for less than the same hardware with Windows installed. The final nail in the coffin was banking trojans hidden in the crapware. The effort of searching for trojans exceeded the bribes for installing the rubbish in the first place. Although retailers could include Linux as standard, the first thing any penguin is going to do is wipe the machine and do a clean install, so I can understand them not making the effort.

W10 is Microsoft moving to an ad supported revenue model. The telemetry is part of the cost of the OS. If the cost is too high for you, don't buy it. You have choices that do not involve the old Microsoft tax. Forced updates and bundling of cloud services are more costs known in advance to anyone vaguely computer literate. Pay the costs or leave Microsoft to their thoroughly lock-in victims.

There is a whole chain of blame for lack of Android updates: The telco won't allow it, the manufacturer can't be bothered, the chip vendor will not maintain closed source drivers for old chips. You could wait a decade for the European court to reach a verdict, and another for effective enforcement. If you want updates, check out which makes get regular updates before you buy.

If you think Google are manipulating search results, jump straight to page 2. They are not the only search engine. I am more likely to search Wakipedia or Amazon than use a generic search. Java has an off switch. So does javascript. The web looks so much better without either.

Voting with your feet is far more effective than waiting for the EU to do something useful.

1
0

'Impossible' EmDrive flying saucer thruster may herald new theory of inertia

Flocke Kroes
Silver badge

Re: 'Cannot be explained by known Physics' they say...

Laser beams and light sails are easy: You put a big fan (laser) in you (space) port, and a big (light) sail on your ship. The fan pushes air in one direction and the Earth in the other, but as the Earth is so big, no-one notices. The air hits the ship. The air slows down (light bounces back) and the ship speeds up.

The first good thing about the EmDrive is that the fan and the sails are both on the ship. The other clever bit is a trick to reduce the size of the fan: You put sails at both ends of the ship, and the fan in the middle. You change the direction the fan spins back and forth really quickly, in time with the frequency that air bounces back and forth between the sails so the air speed builds up like small pushes on swing.

Because it is symmetrical, there is no net force. The trick to getting money out of investors is to make the sails at each end of the ship different sizes, and put a truncated cone around the ship to match the wind to each sail.

2
0

How innocent people 'of no security interest' are mere keystrokes away in UK's spy databases

Flocke Kroes
Silver badge

Re: Staff looking themselves up

I was wondering why this is a problem.

The most obvious answer is that the database contains so many errors that employees cannot rely on it to fill out their travel expense forms. If this became public knowledge, people might question whether this enormous database was worth all the tax payers' money needed to funnel garbage into it. I can see how this would be considered utterly intolerable, and that staff should be thoroughly discouraged from looking themselves up.

6
1

Bundling ZFS and Linux is impossible says Richard Stallman

Flocke Kroes
Silver badge

If it compiles, ship it

The key concept is that linking GPL code with code licensed with an incompatible license results in program you cannot distribute. Back when the GPL was written, linking to a library meant creating a single binary file containing its own copy of some of the code from the library file. The binary would run fine even if you deleted the library file. Later, dynamic linking allowed programmers to create programs that contained no library code, but several programs could share the same library (one copy on disk and up to one in memory no matter how many programs linked to it). The general consensus is that this still constitutes linking as referenced by the GPL.

Before compiling, the kernel must be configured. Most of the configuration options select which parts of the kernel are missed out, which get compiled into a large file and which get compiled into individual modules. Kernel modules can be loaded at any time and connect to the bulk of the kernel (and to each other) in pretty much the same way that a user land dynamic library connects to an executable. According to Linus, loading a kernel module is not the same as linking as referenced by the GPL. Linus is the copyright holder for much of the kernel, and is entitled to decide what is and isn't allowed when distributing derived works of his project. He can certainly decide not to sue even if Stallman thinks he should.

Linus is not the only contributor. Other people have contributed portions of the kernel, and they retain copyright over their contributions. Contributions are only accepted if they are licensed under the GPL or a compatible licence, that way the entire kernel including all the contributions can be distributed as a whole without all the distributors having to reach separate licensing agreements with all the contributors.

Not all contributors agree with Linus's opinion about kernel modules not counting as linking. To allow for this contributors can mark symbols in their own code with EXPORT_SYMBOL (any module can get the value of the symbol), or EXPORT_SYMBOL_GPL (only GPL licensed modules can get the value of the symbol).

The idea is, if you create a non-GPL module (which you can distribute independently of the kernel), and try to load it into the kernel, the kernel will check every symbol reference and will fail to load the module if it tries to use a symbol defined in code written by someone with a strict interpretation of the GPL. (I think compilation will fail, so you cannot not accidently create a module other people cannot load). You can see more of the details here.

Stallman is welcome to limit how derived works of his projects are distributed. So is Linus, but Linus lets contributors select their own interpretation of the GPL without screaming at others that they have to see things his way.

5
0

Ames boffins mix metals to boost electron velocity

Flocke Kroes
Silver badge

Re: Interesting

M(v)=M(0)/sqrt(1-v^2/c^2)

M(99% c) is about 7 times M(0). A big difference for the few electrons going fast. Electrons contribute less than 1 part in 4000 to the mass of metals, so you are not going to notice the wire putting on weight until you have most of them going at 99.99999%c. (If real life about 98% of the electrons in platinum are not going anywhere).

3
0

PC market shambling towards an unquiet grave

Flocke Kroes
Silver badge

Re: Gartner forecasts

Gartner have predicted of sorts of rubbish over the years. I have more confidence in Raspberry Pi's outselling desktops within a decade than in a random Gartner forecast.

10
1

Half of people plug in USB drives they find in the parking lot

Flocke Kroes
Silver badge

Re: I'll be more careful ...

The other magic command you are looking for is lsusb, to see if the device is pretending to be a keyboard. The challenge is to type lsusb before the usb device types something that modifies lsusb to make itself invisible.

1
0
Flocke Kroes
Silver badge

Re: automount

The automount demon requires CAP_SYS_ADMIN to mount devices. Back when I was a PFY, automountd ran as root, and did not run fschk before mounting a block device. A defective file system could crash the kernel, and a maliciously crafted one would be able to run arbitrary code as the kernel.

My information may be really out of date as I always disable automountd when commissioning a new system. (I do not use a file manager and I find it irritating to press <ALT><F4> every time I plug in a USB storage device).

2
0
Flocke Kroes
Silver badge

Another reason why plugging in a USB stick is dangerous

It looks like a flash device, but the software in it pretends to be a USB hub with a flash device and a keyboard attached. When it thinks you are not watching, the software pretends another flash device has been plugged in then types the required command to run the malware on this hidden flash device.

Of course, the OS can prevent this from happening by not trusting any USB keyboards, and all the user has to do is type "Trust me" to tell the OS which keyboard to trust.

5
0
Flocke Kroes
Silver badge

I thought I had a backup ...

... but she refused to type it in again.

6
0

Websites take control of USB devices: Googlers propose WebUSB API

Flocke Kroes
Silver badge

No source code, no sale

So, this web interface in going to find out the USB device is attached to a router running openwrt on a MIPS CPU. It determines the correct version of the kernel, applies the required patches and configuration file, modifies the driver code to match the kernel version, downloads a cross compiler and compiles the module for the USB device. It then magically pulls the correct system definition for QEMU, emulates my router in software, tests the driver, fixes some bugs, re-compiles and repeats until the tests pass before sending the driver to my web-browser - except my router does not have a browser. It does not have the X client libraries, so the only browsers it could run would be things like lynx, links and w3m.

Imagine how much easier it would be if manufacturers documented their hardware, and programmers contributed and maintained an free software driver in the mainline kernel. The driver could then be installed with distribution's standard tools and loaded when required without user intervention. Although there are many thousands of USB devices that already work this way, there are a few that don't. This is easy dealt with: no source code, no sale.

2
0

Anonymised search engine page found on 'kid-friendly' search site

Flocke Kroes
Silver badge

The other problem

I have no problem with a child avoiding tracking (I would be a bit surprised that one made the effort). A way around the porn filter is a significant failure, but hopefully they can fix it. The thing that really caught my attention was that trying to access lukol by https caused certificate not trusted, certificate expired and a redirect to http. The form tag's action attribute was http.

If you use lukol, your ISP will be able/required to log the address and search key and hand the details to your local Stasi.

3
0

Watch: SpaceX finally lands Falcon rocket on robo-barge in one piece

Flocke Kroes
Silver badge

Re: Dis link:

CRS-8 T-18 minutes until landing. youtube-dl.

3
0

Apple faces €48.5m fine from furious French

Flocke Kroes
Silver badge

Or looked at the other way:

Oh that poor little Apple corporation outsmarted by the big bad Telcos.

It seems to me that Apple's lawyers and negotiators did not spot a €48.5m hole in the deal.

The Telcos took advantage of Apple's reputation for negotiating horrendous terms with their business partners. Ummm Newsflash: business works best when both sides have something to gain from the deal. No-one gets it right all the time (it would be nice if AMD succeeded a little more often).

No-one forced Apple to try to evade their responsibility for fixing defective kit. They could have set up the required infrastructure to repair/replace/reimburse devices that failed under warranty just like all the other manufacturers who trade in the EU.

5
2

Google reveals own security regime policy trusts no network, anywhere, ever

Flocke Kroes
Silver badge

Re: source code not enough - need to control the list of keys in the hardware

I can imagine this working with Chrome OS. The boot loader only loads a signed kernel. The kernel mounts the root partition and the first time each time each block is fetched, its signature is checked before passing it on to the file system layer. It is an effective way to test for a trusted image in the root partition without a big delay on boot. The source code has been available for years. The downside is the effort required to delete the vendor's keys and install your own so only your signed kernels and root file systems can boot may require hunting down an exploit in the supplies OS.

(Do not bother if the device has AMT - unless Intel suddenly document it sufficiently for you to audit it properly.)

2
1

UK Home Office seeks secret settlements over unlawful DNA retention

Flocke Kroes
Silver badge

Re: secret settlements?

That would land on the people responsible. Wouldn't it be better to keep this quiet by handing over a pile of tax payers' money?

4
0

Windows 7's grip on the enterprise desktop is loosening

Flocke Kroes
Silver badge

Re: Whatever

Musk and Bezos could well reach the moon in a decade or two. I have not seen any Microsoft rockets.

2
0
Flocke Kroes
Silver badge

Re: "Sent from my iPad"

Reply:

Sent from my arm chair.

3
0

Forums