Feeds

* Posts by Paul Crawford

1611 posts • joined 15 Mar 2007

Oracle launches paid support for 'free' NoSQL database

Paul Crawford
Silver badge

Re: Clever

Also to add to the debate around the GPL, you do realise that you can still charge for software under the GPL?

http://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMoney

Of course, the requirement to distribute to source code with any binary may still not work for your type of application (you have not said what that is, and posted as AC there is no obvious way to find out) but for big range of application areas where the customer is moderately trustworthy this can be an advantage in completing a sale.

1
1
Paul Crawford
Silver badge

Re: Clever

"Free software cannot impose limitations on use"

I am sorry you seem to lack the ability to understand copyright laws and software licenses. Software that is "free" is released for use under the conditions expressed by the authors, which may be the GPL. They can, and do, insist that if you choose to use their code that you respect that intention.

What you do with your own code is up to you, but should you wish to use GPL code then you have to play according to the rules of those authors.

"it cannot be considered a free software license, an "ideological software license", perhaps"

Call it what you want, but it is still a license and a large number of people chose to use it. You don't have to use it, after all you could re-invent the same work on your own if you chose not to abide by the GPL.

The GPLv2 versus GPLv3 argument is a lot more complex than you seem to comprehend. One key point is v2 has allowed the likes of TiVo to use the software in hardware but to prevent the owners of the hardware from changing it due to boot loader signing, v3 was intended to address that restriction on the end user's freedom.

"Statistical anomaly. Most companies trying the "buy support, get a free application" model have gone to the wall. I addressed these outliers, do try comprehending the complete argument next time."

Can you give some examples of these failures?

Off hand I can think of some obvious success, like Redhat and IBM with support as a directly paid service, and others like Mozilla and Android that are indirectly paid via advertising revenue.

1
1
Paul Crawford
Silver badge

Re: Clever

"when I write a separate library which merely makes use of a GPL library, I am forced to release my own code. *MY RIGHTS* to *MY CODE* have been removed from me due to [A]GPL infection."

No, you seem to be unable to grasp the idea that the GPL library exists only for use by those who will agree with the author's intentions.

Why complain? You are not being forced in to using other's work, you are complaining that you can't legally take short cuts to developing an application without rewarding the GPL author(s) in terms of freedom, rather than money.

Funny you should consider GPL to be "fine for hobbyists and tinkerers whose efforts will never enter mainstream professional use" when a large number of contributors to, for example the GPL'd Linux kernel, include such money-hating organisations as IBM, Intel, Oracle, Cisco, and even MS made it in to the top-20.

Oh, and Redhat's current market cap of $9.76B clearly shows you can't possibly make money off a service business...

1
1
Paul Crawford
Silver badge

Re: Clever

"The GPL remove MY RIGHT to MY CODE."

The GPL protect the original author's rights to their code. They offered it openly with the intention that others would benefit and DO THE SAME for others. As I said, if you don't want to reciprocate then you have no rights to make use of such open source code.

Keeping code secret is not the only way to make money, though in some cases necessary. If you work from scratch you can do what you like with your work, but as soon as you want to make use of other's work you need to respect their rights.

Also if you get code under LGPL then it is acceptable to link it is as a library, but any changes to that library code need to be released back. Use things according to the author's intentions.

3
1
Paul Crawford
Silver badge

Re: Clever

"its infectious nature (you have to give everything away that derives from or links to GPL code, and thus can´t recoup investment costs) "

You write this as if it is bad, you know that you took someone else's work and expect to make money from it without giving anything back?

"If you are running a project, pick a license other than [A]GPL to ensure adoption."

If you are running a project, either respect the original author(s) rights, or do the whole damn thing yourself from scratch.

Fixed it for you...

6
1

Germany warns: You just CAN'T TRUST some Windows 8 PCs

Paul Crawford
Silver badge

Re: Swings and roundabouts....

Really, you can get *ALL* the code for windows and build it yourself? Including those modules considered "DRM" or "security", and promptly for all patches?

Why have the Germans not been aware of this openness?

10
0
Paul Crawford
Silver badge

Re: Swings and roundabouts....

This is much deeper than the auto-update feature, we already have that with most OS including Windows.

This is about stopping any way of monitoring code by means of a VM or debugger without the OS knowing. While that could be used for malware protection, that is not the primary reason why this was developed. It was developed for money - to toughen DRM and/or prevent users from things that go against the vendor's policy - like installing software that has not come from a walled garden pay-store, for example.

What I think the Germans are concerned with is this ability for the OS to hide its actions by not running (or running in a different mode) if there is any attempt to analyse it. Added to that you have the machine-ID aspect which a lot of organisations would love to have - a definite way of tying on-line activity to a specific machine.

28
0

Kim Kardashian's bosom pal in bling snatch Instagram unpleasantness

Paul Crawford
Silver badge

I expect most readers think it is wrong to steal, but equally they think it is mind-numbingly stupid to advertise / taunt the masses with something that is there principally to show off the fact that the wearer has more money to spend on a single item of decoration than the average person can earn in a decade.

As for taste, well that of course is one's own matter. Personally I think the watch is tacky, as a fraction of the cost would buy a selection of watches that are either better examples of mechanical engineering and/or more accurate in time-keeping (possibly both). If you ask readers of a technical news site for an opinion, don't be surprised if they don't share some of this view point.

7
0
Paul Crawford
Silver badge

I think that would still be true with a plastic watch from the Poundshop...

4
0

Need the loo AND need to build a website? There's an app for that

Paul Crawford
Silver badge

Re: Dedicated web presence

The problem (for them certainly) is when you then get "you have to log in to Facebook" in order to see the page. At which point they have just lost a customer...

1
0

Flash! Ah-ahh! Saviour of the universe? It'll save every one of us?

Paul Crawford
Silver badge

Re: Hybrid really isn't the way to go.

That is exactly what is wanted, but given there are no signs of any of the big OS vendors rolling this out in the next few years you will see punters option for hybrid as the "best" compromise between speed, capacity, and cost for those with either low budgets and/or big data files.

0
0
Paul Crawford
Silver badge

Re: Best upgrade...

I sincerely hope you are not using scandisk as that would imply you are using a Win9x / FAT32 system!

I am guessing you mean chkdsk? And if so you should be running it with /r option to search for any bad sectors.

But if your data actually matters to you, then in addition to a backup copy you would be using a RAID system and making sure it was scrubbed regularly to (hopefully) find and fix bad sectors while the other disk(s) are still good at that location.

By default Debian Linux systems using the MD RAID system do a scrub on the 1st Sunday of each month, but if your machine is not on 24/7 then you may want to run it manually or more frequently.

I have no idea if Windows has a scrub option for its software RAID, anyone able to comment?

Better still, use ZFS for its checksums and, again, make sure you have it scrubbed periodically so badness is detected and possibly corrected (or at least the disk failed out) before you get in to a state of being unable to rebuild the RAID parity as multiple blocks have failed across all of the storage.

0
0

Four ways the Guardian could have protected Snowden – by THE NSA

Paul Crawford
Silver badge

Re: But, but...

Look at it this way:

Apple - USA company, part of PRISM, closed source. Definitely compromised.

MS - USA company, part of PRISM, closed source. Definitely compromised.

Linux - no specific country, open to inspection. Probably compromised.

If you are *that* worried keep an air gap.

6
0
Paul Crawford
Silver badge

Re: A wrong assumption

DES was created and recommended in the mid-70's, is it any wonder that after computer power increased by several million times that the trade off in effort using it versus effort breaking it is a bit weak now?

It is also worth noting that DES was surprisingly resistant to differential cryptanalysis, something only made public years after it was created:

http://en.wikipedia.org/wiki/Differential_cryptanalysis

So you really need to reconsider your tin-foil hat's settings. Most attacks do not go via the algorithm (if it is at all competent) but via the key, probably using Trojans or rubber-hose cryptanalysis.

3
0

Brazilians tear strip off NSA in wake of Snowden, mull anti-US-spook law

Paul Crawford
Silver badge

Re: Dr Strangelove

An upvote for remembering an awesome film!

0
0

Firefox takes top marks in browser stability tests

Paul Crawford
Silver badge

At my work nobody has found a browser that allows you to keep ~100 tabs open and not either crash outright or soak up >8GB of memory and so page the machine in to oblivion.

I close mine every night and keep to ~20 tabs max for that reason :(

Back to the WTF point of this, even 400 tabs & 8GB or memory is approx 20MB used per tab, really how do you get that usage from a few 100kB of download per open tab?!

1
1

So, you gonna foot this '$200bn' hacking bill, insurance giants asked

Paul Crawford
Silver badge

Cheaper option?

Maybe just making those at the top of said companies liable for losses (or open to prosecution) from ill thought out IT systems being public facing, when the main driving factor to do so is cost-reduction and good IT advice is ignored or not sought, would cost us all a lot less?

4
0

Report: NSA spying deals billion dollar knockout to US cloud prospects

Paul Crawford
Silver badge

Re: U.S. NATIONAL DEBT

I can't see this making any difference to non-IT systems.

Maybe for Cisco, MS, etc. it will cause problems.

Most definitely for cloud provides as things stand. But really, the whole idea of putting your data into someone else's hands without verifiable client-side encryption is dumb by any standards. All that the recent NSA revelations have shown is this risk (your data being subject to secret access by a foreign gov) is real.

It applies no matter which country you store data in, not just the USA (though they seem to be the worst so far). The moral of today's story is encrypt before any others (ISP, cloud provider, etc) get access!

2
0
Paul Crawford
Silver badge

AES, or not AES...

Some people don't seem to grasp that AES was created by two Belgian cryptographers and after a lot of competitions and open peer-review by most of the world's experts and was ultimately decided to be the best by more or less everyone. That is why it became the official US choice (i.e. NIST), not because it was created with a NSA backdoor of any sort.

Now you might argue that the NSA has built acceleration hardware to assist AES code-breaking, but with the advent of FPGA systems that can be re-programmed to suit any cypher, hence no common cypher is going to fair better. And if you go inventing or adapting your own or some obscure one, most likely you will inadvertently make matters much worse for your own security.

So if cryptographic security really REALLY matters to you, you need to concentrate on having a high entropy key, and securing the key against "APT" style of system wide hacking. Most likely, that is the weak link.

Finally, don't over-estimate your importance to the spooks, most comentards seem to think the NSA, etc, will blow days of billion dollar machine's system time on their scribblings. They won't, not unless you are important enough.

Maybe you are, say a business that is serious money competition to a US gov supplier, for instance. But in reality making your data encrypted in any way means they (and advertisers, private investigators, etc) can't read/mine it so it gets stored away in case they do want to investigate you. Out of 1 billion or so Internet users? Really?

4
0

Horrific moment curvy mum-of-none Mail Online spills everyone's data

Paul Crawford
Silver badge

The entire Internet would go smarter.

There, fixed if for you...

4
0

IBM opens up Power chips, ARM-style, to take on Chipzilla

Paul Crawford
Silver badge

It will be interesting to see how this pans out. Sun was one of the first to open up a CPU for such things but it ultimately failed to make enough money to survive, and Oracle have, it seems, little real interest in this.

Given the "limited success" of Itanium, it seems the only significant player left is IBM so maybe it can work this. But...I find it hard to see what most users will find that makes it sufficiently desirable compared to the current market leaders of x86 (lots of legacy software) or ARM (cheap license, good for systems with lots of cores).

1
0

Can't agree on a coding style? Maybe the NEW YORK TIMES can help

Paul Crawford
Silver badge

Re: Clueless in America

Only the Japanese have the "correct" date format with MSB-left as in 2013-08-06

Those in the USA have sadly converted the spoken way of "August the 6th" in to numbers, hence the dumb approach.

Tip: Always use letters for the month, as anyone reading your text will understand that Aug is the month no matter where in the order it is placed.

0
0
Paul Crawford
Silver badge

Re: "several entry points, how far can that be from spaghetti code?"

Multiple entry points is really just a glorified "goto" mess but with the option of some locally visible variables. Quite why one would care about variable visibility if using such an horrible approach is left to the readers...

However, I think you are over-reacting with the multiple exit point issue. For example, if is not uncommon to have something like:

int myfunction(char *ptr)

{

if(ptr == NULL) return -1;

....<some code...>

return 0;

}

While you could code this as

int myfunction(char *ptr)

{

int rc =-1;

if(ptr != NULL)

....{

....<some code...>

....rc = 0;

....}

return rc;

}

I doubt it is any easier or more understandable to the reader. And that is what code is about, not just doing the algorithm, but making the process as transparent to the reader as possible.

p.s. A good read are any of the Numerical Recipes books (3rd edition is only C++), and not just for those with hard maths problems to consider.

1
0
Paul Crawford
Silver badge

Re: ARRRGGGGG!!!!!!

Macros are useful for building tables of names stuff, sort of:

#define ADD_VAR(x) {#x, (char *)&ptr->x},

table_t something[] = {

ADD_VAR(wibble)

ADD_VAR(wobble)

};

Which creates an array like:

{"wibble", (char *)&ptr->wibble},

{"wobble", (char *)&ptr->wobble},

etc.

As for "all functions have precisely one entry point" you have obviously never used old FORTRAN where a subroutine could have multiple entry points as well as exit points. Now that really is the Devil's work!

2
0

Tor fingers Firefox flaw for FAIL but FBI's also in the frame

Paul Crawford
Silver badge

Re: Why use Tor?

PPTP is not terribly secure and has no real defence (AFIK) against man-in-the-middle attacks.

OpenVPN is probably much better as it should be able to notify you of an SSH certificate change in such circumstances, though not all VPN suppliers support it so well.

Finally, any "free" VPN is not going to be very fast in general, someone has to pay for the bandwidth needed!

3
0

Arrr! Comcast working on new tech to nudge PIRATES to go straight

Paul Crawford
Silver badge

Re: This is just stupid

Yes, and 20 years for being an anonymous asshole and troll as well.

3
0

Big blue Avatar movie spawns THREE SEQUELS

Paul Crawford
Silver badge

Re: Avatar = "Pocahontas In Space"

"Dances with Smurfs" was used on El Reg recently, which sums it up...

1
0

Win XP alive and kicking despite 2014 kill switch (Don't ask about Win 8)

Paul Crawford
Silver badge

Re: That Was the Plan: The World Did Not Cooperate

You forgot to mention the bit about one major reason why Vista sucked so badly - DRM.

Yes, a lot of the effort they put in to "securing" the OS had little to do with protecting the end user, and a lot to do with sucking up to Hollywood as they hoped to make Windows the #1 choice for home consumers of media, rather then actual business/engineering/software development stuff.

See: http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html

4
0

Virgin Media blames scruffy students for HUGE drop in cable subscribers

Paul Crawford
Silver badge

Re: Downward spiral

Same here, but as currently cable is stable and fast I have not moved. Still, following the recent price hike and the censorship in the name of "protecting children of moronic parents" I might look at a move to Zen or Andrews & Arnold with ADSL as it might be better overall.

1
0

Ubuntu puts forums back online, reveals autopsy of a brag hacker

Paul Crawford
Silver badge

Re: "Hashed using MD5"

AFIK in practice any password extraction would rely on a rainbow table style of attack, not on any particular weakness in MD5/SAH1/etc. So the real questions then become:

How much entropy did the salt add?

Are you only trying for a specific user's login?

I have not seen what the salt used is, but have not really looked. For example, if just the email account then it would probably match other attack sites of interest, but if a hash of that plus the user's first log-in time, etc, then it could be usefully big in making a rainbow table impractical.

Anyone care to save my some time and to enlighten El Reg's commentards?

0
0

Highway from HELL: Volcano tears through 35km of crust in WEEKS

Paul Crawford
Silver badge
Joke

Logically, the answer clearly must be he is a Vulcan.

1
0

Mystery object falls from sky, area sealed off by military: 'Weather balloon', say officials

Paul Crawford
Silver badge
WTF?

Re: released from Where?

Yes, been there and had a walk in the forest and found - a lighthouse!

0
0

USB accelerates to 10 Gbps

Paul Crawford
Silver badge
Unhappy

Re: interference problems

I doubt it :(

In a world where everything is build down to a price, and the likes of Ofcom don't care about end user or public good but only licensing fees, we should not expect any radio gear to work at all well.

0
0
Paul Crawford
Silver badge
Boffin

Tsk, you should know El Reg's official measure of speed is the kilowrist of pr0n movies (at least, until UK censorship is implemented):

http://www.theregister.co.uk/2008/11/12/arizona_boffins_grasp_fat_pipes/

1
0

Chubby-chasing SEX TROLLS ran me offline, says fashion blogger

Paul Crawford
Silver badge

Re: Depressing.

"ashamed of my species...."

There, fixed it for you.

6
2

'Steve Jobs killed music biz', but Bon Jovi don't mind Google Glass

Paul Crawford
Silver badge

Pedantic correction

"biting the heads off bats" was a front-stage activity for Ozzy.

1
0

No fondleslabs please, says Microsoft as Office 365 hits Android

Paul Crawford
Silver badge

So it works (for the usual definition of software "working as designed" no doubt) on Android, but not for a fondle slab. Do they really think this will make anyone buy WinRT instead?

Maybe, just maybe, they will finally learn that your best business plan is to give customers what they are willing to pay for on the customer's terms.

3
1

Bugs in beta weather model used to trash climate science

Paul Crawford
Silver badge

Re: In this case ElReg is being even handed on the debate.

Just look at how Python add a list of numbers, and then you might have some appreciation for the difference between a basic programmer and a numerical analyst:

http://code.activestate.com/recipes/393090/

0
0
Paul Crawford
Silver badge

Re: In this case ElReg is being even handed on the debate.

Clearly you have never written any numerical software!

If you put the same numbers through exactly the same computation process, then (assuming no Monte Carlo-style random number generation in use) you do get the same answer.

If anything is different (e.g. floating point representation or rounding) you get a different answer. How much of a difference that makes to the end result depends on what you are computing and how you went about it. That is one of the two fundamental problems of numerical analysis:

1) Computers are not 100% accurate for floating point maths (finite precision), thus you need to chose computation methods that are as insensitive to this as possible.

2) Computers do not have infinite speed so you need to chose algorithms that are fast enough for your budget and/or state of the art in hardware (even if they are even less precise such as truncated power series for some functions, etc).

When you have a chaotic system to model, the finite precision effects are magnified. That is almost the definition of a chaotic system! This is exactly the same problem with the initial data quality.

It has bugger-all to do with if the underlying theory is correct or not, and everything to do with how difficult it is to model, and how the researchers have chosen to implement it on real-world hardware. Looking in to what is making the difference might result in a better implementation (e.g. a change of algorithm somewhere that is less sensitive to maths precision) or reveal that the underlying problem cannot be modelled to the precision/time period requested.

That is numerical science in action really.

6
0

Western spooks banned Lenovo PCs after finding back doors

Paul Crawford
Silver badge

Re: You are an intelligence agency. You find a backdoor. a)Tell the world b) Keep it to yourself?

You don't need any secret 'debugging' mode when you have the System Management Mode interrupt that can't be blocked (above NMI priority!) and can run anything the BIOS demands, making it the vector for the perfect rootkit.

2
0
Paul Crawford
Silver badge

Re: That's why we need free systems

Having open source BIOS & OS is the least-worst option from a security point of view, more so if you are not from the USA. To recap the recent revelations and discussions:

MS (thus Windows) is partner in PRISM and as a USA-based company hence under the jurisdiction of the PATRIOT act, thus almost certainly compromised (remember the _NSAKEY business around 2000?). No open code reviews or ability to compile and check updates etc, to suggest otherwise.

Apple (thus MacOS and iOS) also in PRISM and under PATRIOT act, thus and almost certainly compromised. As for MS, nothing to suggest otherwise.

Open source (e.g Linux) has lots of contributors (including MS, NSA, etc) so possibly compromised, but under not under PATRIOT act for code, etc, as not under any one USA company. Code open to review but no doubt not everything checked, or apt-get updates verified, etc.

Can you absolutely trust any of them? No.

If you are not in the USA which is the least-worst then? Open source.

8
1

Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Paul Crawford
Silver badge

Re: using RDP

I would have though most machines are now behind NAT and won't have port-forwarding for this. Unless, of course, there are a lot of routers with UPnP enabled that allow the malware to turn it on...

0
0
Paul Crawford
Silver badge

Secure boot, any help?

"easily infect machines running Windows 8 and x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."

That is worrying, as anything that good/stealthy is best killed by booting the machine off a live CD to scan and nuke it. Of course, with secure boot enabled that could be a problem, though we were led to believe it would stop this sort of root-kit ability to pre-empt AV tools.

Anyone had experience of using the Bitlocker or Kaspersky rescue CDs with a Win8 machine? Did you need to disable secure boot, and was that easy enough to do?

3
0

Apple KILLER decloaked? Google lovingly unboxes Nexus 7 Android 4.3 slablette

Paul Crawford
Silver badge

@Mark.

1080 is piss-poor at £1000+, but would be adequate at £350 for a basic laptop, after all you can get a 20" 1080 monitor for under £100.

I think 1200 is the minimum for "serious" use of a computer, and that means not as a media consumption device but actual editing/coding/etc. As pointed out 1440 is better still, as is 1600, but the cost becomes a bit high (having said that, the Dell U3014 monitor is 30" and 2560 x 1600 lines and can be had for around £900).

I don't particularly want "retina" resolution as I can't work at a viewing distance of 20cm or so to benefit from that, but I maintain that the current 768 lines is utter rubbish and that 1080 is piss-poor if you are paying £1000+ to avoid the 768 rubbish.

6
0
Paul Crawford
Silver badge

Re: What year is that?

0.98 is close to 1, as is 1.02

Can you only deal with integers? Or maybe just whole numbers, if negative values are too tricky?

3
2
Paul Crawford
Silver badge

Note to laptop manufacturers...

How come a small $269 fondle slab has better screen resolution than most laptops costing up to, and over, £1000?

Really, it is hard to get a laptop beyond 768 lines now, and most over £1000 are still piss-poor at 1080 lines (Macbook retina and Chromebook pixel excepted). And you wonder why customers are unimpressed?

61
0

Pentagon: Mobe operators want our radio bands? Fine, but it'll cost $3.5bn

Paul Crawford
Silver badge

Paired wires?

The two wires commonly used for telephones were not separate send/receive, as that would be way too sensitive to ground noise, but a twisted pair used bi-directionally:

http://en.wikipedia.org/wiki/Telephone_hybrid

0
0

ISPs: Relax. Blocking smut online WON'T really work

Paul Crawford
Silver badge
FAIL

Re: "The people of Scotland, thankfully, do have a choice"

Really? Do you think our muppets are going to be in the slightest bit better than the Westminster muppets?

Clearly you are a dim-wit who has not considered Scotland's history of repressive religion, or the way that Scotland's parliament went beyond the already stupid goals of the extreme pr0n legislation when drawing up their own. You know, the one where they asked for public submissions on sex-laws then filtered out and discarded the emails that mentioned sexual things due to a filter (or intelligence) cock-up?

8
0

Micron: Our flashy girth leaves the competition cowering in impotence

Paul Crawford
Silver badge

Re: Big data needs big memory

Yes, I remember ~2000 era when 4GB memory limit of 32-bit CPUs was seen as both impractically expensive in RAM and utterly unnecessary for most users. Now you struggles to run a fscking web browser in under 4GB!

0
0

SkyDrive on par with C: Drive in Windows 8.1

Paul Crawford
Silver badge

Re: AC 08:09

Thanks for the link.

However, that is how MS should have done it by default: that *you* alone decide to whom you share the keys to access *your* data, not the Google-style "let us scan all your files" approach. Mind you, after the PRISM revelations about just how helpful MS are to the NSA, etc, I doubt I would trust their implementation.

0
0