Feeds

* Posts by Michael Wojcik

2399 posts • joined 21 Dec 2007

That glass of water you just drank? It was OLDER than the SUN

Michael Wojcik
Bronze badge

Typical

What this implies is if the planetary disk didn't make the water, it inherited it

Damn lazy trust-fund planet. When I were a lad, planets made their own water. Built character.

0
0
Michael Wojcik
Bronze badge

Re: Panic!

We are literally awash with an alien substance. Tell the Daily Mail.

Do the Mail's readers wash?

(Awaiting downvotes from the three DM readers here...)

0
0
Michael Wojcik
Bronze badge

Re: "making it about one million years older than the solar system"

We await the appearance of your paper contradicting their results.

This is what I love about the Reg - the readers are so much smarter than everyone else in the world.

0
0

Mine Bitcoins with PENCIL and PAPER

Michael Wojcik
Bronze badge

Re: Proof of Concept

Interesting question. Has anyone demonstrated a nondeterministic algorithm for finding 2-SHA-256 preimages that outperforms brute force? And does it have reasonable characteristics (eg in space requirements)? I haven't heard of one.

Grover's algorithm doesn't look directly applicable to me - I think the necessary precalculation would take as long as brute force. Basically it's equivalent to creating a rainbow table. But I could be wrong; I haven't given it any real thought.

0
0
Michael Wojcik
Bronze badge

Re: Other fun tasks!

it's just that one group ("government") has the largest collection of paid enforcers and can thus exert influence over the general population under threat of violence. Note how another group ("criminals") refuses to subject themselves to the rules laid out by the first group and wilfully ignores them, even knowing the consequences will be violent.

Or put another way, the monopoly on violence is never total.

Ah, Max Weber, you silver-tongued devil.

(There's been a lot of thinking about the monopoly on violence since Weber introduced the concept in the early twentieth century. The Frankfurt School, Foucault, the poststructuralists... and a lot of novelists, of course. Contemporary thinking usually identifies a lot of exceptions beyond criminal activity per se, but it's the obvious example and nicely illustrates some of the complexities in the operation of political power.)

0
0
Michael Wojcik
Bronze badge

Re: "Here are some other fun challenges young Bitcoiners can do in their spare time!"

Bitcoin never ceases to amaze me. So much intelligence and ingenuity poured into being colossally stupid.

So ... it's like most other human activities, eh?

0
0
Michael Wojcik
Bronze badge

Finding a way to reverse the hash function would mean an earthquake in theoretical computer science. It would be a discovery on the order of cold fusion.

Finding a way to reverse a cryptographic digest would be an earthquake for causality, since by the Pigeonhole Principle it would in effect require time travel, or at least the ability to extract arbitrary information from the past, which in turn breaks thermodynamics.

Finding a way easier than brute force to discover a preimage (not the preimage) of a cryptographic digest has been done for a number of cryptographic digests already. The sky has not fallen.

If the strength of a cryptographic digest were based on some problem with interesting consequences - which probably boils down to something known to be NP-Complete - then a polynomial-effort deterministic algorithm for discovering a preimage would indeed be hugely important for theoretical computer science (and mathematics). As it is, when a crypto hash falls, it's of practical importance if the hash is in use, and of theoretical importance if the attack is new, but it's certainly not cold fusion.

0
0
Michael Wojcik
Bronze badge

Re: how long...

According to Algorithmic Information Theory, they've already proven a whole bunch of 'em. They're just not interesting theorems.

But yes, converting some interesting problem into a cryptocurrency mining problem is a nice idea.

0
0
Michael Wojcik
Bronze badge

"Forget Sudoku,"

Nothing to remember in the first place. It's a crossword puzzle, and trivial.

Sudoku isn't even vaguely related to a crossword puzzle. It's a Latin square with additional structure and some values masked. Calling Sudoku a crossword puzzle is like claiming TSO and sh are the same because they're both command-line interpreters.

As for whether it's trivial: the constraints are clear, and the problem can obviously be solved by exhaustive search with backtracking, and the search space is limited with a (small) constant maximum depth. So in a formal sense it's trivial. Whether a given puzzle is trivial in practice for a human to solve with pen & paper methods depends on the structure of that puzzle and the solver's capacity for backtracking; it's possible to construct well-formed (single solution) puzzles that require testing eight possible paths (three noncollinear cells each with two possible values that aren't locally constrained further), and that's beyond most people's ability to do mentally, without taking notes.

Solving by machine is simple (which is why I don't trust the statistics collected by websudoku.com, for example - I could easily write a solver in Javascript that solved their puzzles right on the page), but that doesn't mean Sudoku isn't a useful paideia.

I'd rather look out the window, or maintain the mahogany and teak on a boat, when I have a little down-time.

I've found lots of ways to spend my time, too, but I try not to sneer at everyone else's.

0
0

Ellison: Sparc M7 is Oracle's most important silicon EVER

Michael Wojcik
Bronze badge

Re: Memory Protection

What's different between the features a standard MMU has and Larry's new toy?

Details seem to be scarce online, but I ran across one quote that mentioned memory keys, so it does appear to be similar to IBM's POWER6 storage protection key mechanism.

It's basically a limited version of a capability architecture - you can assign page protections that are associated with a label, not just global ones, and then only (hardware) threads that hold the corresponding "key" get those permissions.

Conventional MMUs assign page permissions globally, and the kernel sets them on a per-process basis, so your protection granularity is the process. Storage keys let you change the protection granularity to threads and thread groups.

Of course a real capability architecture (AS/400, arguably Burroughs MCP, etc) is much fancier.

0
0

Ello, 'ello, what's all this then? We take a spin on the new social network driving everyone loopy

Michael Wojcik
Bronze badge

Re: noun too

I like Jon LeCarres comments about Americans violence with Verbs.

I like his comments about apostrophes and capitalization.

0
0

Turn OFF your phone or WE'LL ALL DI... live? Europe OKs mobes, tabs non-stop on flights

Michael Wojcik
Bronze badge

Someone has an car accident, can't call an ambulance, people die, person with jammer gets put in jail for manslaughter...

Yes, and what if that nice fellow from 24 is being jammed and can't call the President to tell him where the zombie terrorists have hidden the Ebola-spreading dirty nukes? THERE IS AN EXCELLENT CHANCE OF THIS HAPPENING.

0
1

How the FLAC do I tell MP3s from lossless audio?

Michael Wojcik
Bronze badge

I have found I can greatly increase the sound quality by using the green pens to color my cables.

Careful - that only works if you color in the direction of the signal flow.

0
0
Michael Wojcik
Bronze badge

I experience neither of those symptoms, so clearly the "bollox" is true.

But don't let me stand in the way of your ranting about your anecdotal and no doubt psychosomatic "evidence".

0
0
Michael Wojcik
Bronze badge

Re: One thing which hasn't been mentioned re MP3 encoding

how much grunge was audible, and more importantly how really irritating it was

That's how I feel about grunge too. Really ruined flannel shirts for me.

0
0
Michael Wojcik
Bronze badge

Why bother purchasing FLAC online?? Just rip a CD.

Maybe your time is free. Mine isn't. I don't give a rat's about FLAC, but when I buy music, I'm not going to spend the time to transfer it to a different medium or convert it to a different format. I have better things to do.

0
0
Michael Wojcik
Bronze badge

Re: @Dave Bell, MP3 compression

My impression is that MP3 leaves the sound intact, but compromises the emotional impact.

Fascinating. Let's file this next to the spirit theory of disease.

Possibly sampling the emotions at twice the affective frequency would help.

0
1
Michael Wojcik
Bronze badge

But if you can't tell the difference already, what "breakthrough" could possibly improve the experience?

And what if you don't care? I've been buying music (defined broadly) for three decades, and I consistently find myself unable to give a damn about fidelity. There are songs I enjoy listening to, and I enjoy them just as much from a bargain-basement MP3 player and earbuds as I do from a CD and fancy audio components (when I hear them played on someone else's system, since I don't own any player that cost more than $30).

Yes, I understand that many people do care; but some of the codec warriors don't seem to understand that not everyone shares their passion.

That said, when our phones all have terabytes of storage, we'll probably all use lossless.

I'll use whatever format it comes in when I buy it.

0
0

A Norsified Linux for Windows and OS X wobblers

Michael Wojcik
Bronze badge

Re: Strange habits

I always maximise as much as I can. It's a far more optimal way of working.

I always do X, because it's so prima facie optimal that I don't even need to present an argument in its favor, and anyone who doesn't do things my way is an idiot.

1
0

Sun of a beach! Java biz founder loses battle to keep his shore private

Michael Wojcik
Bronze badge

Re: Isn't this a federal issue?

Even the inland ones?

Certainly some of the inland ones, because some of them have a lot of coastline. Michigan has the 9th longest coast of the US states - only slightly less than California.

There are legal battles over beach access in Nevada.

It's not all about the oceans.

0
0

Hackers thrash Bash Shellshock bug: World races to cover hole

Michael Wojcik
Bronze badge

Re: I'm safe. I use a Microsoft Windows system.

Yeah. Microsoft shell bugs are usually just DoSes.

0
0
Michael Wojcik
Bronze badge

Re: I'm safe. I use a Microsoft Windows system.

As I posted earlier, I have multiple Windows systems with bash.

If I were running bash-interpreted CGI scripts, or scripts that invoked bash child processes, they'd be vulnerable to remote exploitation.

That's not so far-fetched. These machines are on the corporate network, behind firewall and NAT, so the threat model doesn't generally include direct attack.1 In the past I've had a number of quick & dirty CGI scripts on various development machines, for various development tasks. It would be easy for me to write an ad hoc bash-based CGI script to deal with some development process issue, host it under IIS or Apache or Tomcat (each of which I have running on various Windows dev boxes, for various reasons), and then forget about it.

And then there are all those "LAMP-on-Windows" kits that you can download to do Apache-MySQL-PHP development on Windows boxes. Some quite likely have CGI enabled for one reason or another. Probably they don't include bash, and probably they don't include vulnerable scripts if they do; but combine one with Cygwin and you're most of the way there.

In short,2 running Windows is not a guarantee of safety from this vulnerability. It makes it much less likely, but merely due to convention, not due to any difficulty in setting up a vulnerable system.

1Does that overlook insider attacks? Yes it does. Insiders have much juicier targets readily available to them.

2Too late.

1
0
Michael Wojcik
Bronze badge

Re: OpenBSD for the win @iEgoPad

AIX was derived from AT&T code

AIX was derived from all sorts of things. I was working at IBM in the early AIX years, and I've seen source code for a number of its incarnations.

AIX 1 for the RT PC was largely SVR1 / SVR2 based, but IBM and ISC also incorporated a fair bit of BSD userland code. And that version of AIX ran on top of the RT's VRM microkernel, so it was hardly stock System V.

AIX 1 for the PS/2 was a different codebase, written by Locus under contract to IBM. Also SysV based. Locus also did the initial AIX/370.

AIX 2 for the RT continued the mix of SysV and BSD code, but much of the kernel was written in PL/I. (I don't know if that was true of the AIX 1 RT kernel as well.) Obviously those parts had little to do with AT&T code.

AIX 3 was a major rewrite, incorporating parts of SVR4 and BSD 4.3, and dropping the VRM in favor of a new pageable, modular, dynamically extendable kernel. Features like the unified VMM, logical cross-volume partitioning, JFS, and XCOFF executable format made AIX quite different from SVR4 at the system level, while SMIT, the ODM, and the like gave it a unique userland for sysadmins.

Subsequent versions diverged further from SVR4 in some ways, but - largely under the auspices of POSIX, the Austin Group, and ultimately the Single UNIX Specification - AIX userland and APIs gradually converged with other UNIX implementations, so it eventually got things like dlopen, POSIX threading, etc.

1
0
Michael Wojcik
Bronze badge

Re: OpenBSD for the win

csh and its re-implementation are Sun-originated heresies

Bill Joy wrote csh at UCB. It didn't originate at Sun. If you're going to post pointless religious flames, you could at least get your facts straight.

0
0
Michael Wojcik
Bronze badge

Re: If you do not sanitize CGI input

"could pass function definitions TO a cgi-bin script FROM the web server in its runtime environment (as per RFC3875) ... e.g. crafting HTTP headers to include dodgy bash function definitions."

Really ? http servers now accept scripts execution in headers ? That's a novelty.

Perhaps you should withhold your sarcasm until you learn how the exploit works.

CGI/1.1 requires that the server set various environment variables before executing the target program. Those variables are set from data supplied in the request message, including request headers.

So those variables will be set in the environment of the target process, and of any of its children (modulo changes to the environment made by the parent process or any intermediary processes).

If the target process, or any of its descendants, is a vulnerable version of bash, and any of its environment variables have values that exercise the vulnerability, then those bash instances will execute the text in the value of the variable that follows what (appears to be) the function definition.

Nothing - not the HTTP server, not the bash instance - has to actually execute the function. Nothing has to refer to the variable. No "scripts execution in headers" is happening. The problem is that bash will execute arbitrary code from its environment, and HTTP servers that provide CGI access will put attacker-supplied data in the child process's environment. If the child process, or one of its descendants, is bash, then the system is vulnerable.

1
0
Michael Wojcik
Bronze badge

Re: CentOS 4

Or download the source RPM from the CentOS 5 updates repo, unpack using rpm, run rpmbuild, install the rpm binary package with yum, and voila, you have backported and installed a package to CentOS 4. It really is that simple.

Can I point out that really is not, in fact, very simple?

Don't get me wrong. It's not a terribly complex process - and downloading the source, then running "./configure && make install" is even simpler (though you don't get the benefit of package tracking). But I've been a UNIX developer since '87, and been using Linux since the mid-90s; I build and install OSS frequently (and modify it pretty often); I've used rpm quite a few times and yum several times; and I'd still have to review the man pages to see exactly what options I'd want for those steps.

And for someone who hasn't used the rpm and yum command-line clients? Who doesn't even know to use them in the first place?

For this sort of case, we really haven't progressed that far from "find a tarball with archie, FTP it, and see if you can build it".

Distributions that are still supported and pull updates automatically do make things pretty easy for non-technical users. Outside that envelope, though, even experienced developers who don't regularly mess with package maintenance will have to do some poking around to get things updated.

(And I'm not claiming any other OS is better, mind you. I've spent many an hour wrangling Windows updates - when Microsoft makes them available at all - and AIX PTFs and HP-UX depots and OS/400 APARs and you name it. The software industry is lousy at fixing its stuff across the board. And so are lots of other industries.)

0
0
Michael Wojcik
Bronze badge

Re: Eyes on the code? Not.

I haven't worked anywhere using CGI since about 2001.

Hurrah for you. How many zillions of cheap web-server providers out there are running cPanel? That's a big ol' bot army waiting to happen.

1
0
Michael Wojcik
Bronze badge

Re: Eyes on the code? Not.

>Well will somebody please tell me what the hell is secure?

I am sure somebody can give a formal Turing like definition

No one can provide a formal definition of "secure", because it's meaningless outside context. Specifically, it can only be defined as a sufficient (for some purpose) value of some metric (probability of compromise, attacker's work factor, average loss, etc) under a particular threat model."Secure" in the abstract means nothing.

0
0
Michael Wojcik
Bronze badge

Re: How to check?

Don't Windows Servers use BASH?

It's "bash", not "BASH". Yes, it's a partial acronym, but the "H" isn't an initial, and it's conventionally written in lower case.

And I've never seen a version of Windows that shipped with bash. There are bash ports for Windows, of course, such as the ones available with Cygwin and MKS. Microsoft used to have a collection of UNIX shells and utilities for Windows (Windows Services for UNIX - I don't remember offhand if it's still available), but it supplied the Bourne shell and ksh (and maybe csh), not bash.

My (development) Windows boxes have bash, because I have Cygwin installed. And it's vulnerable; you can even trivially demonstrate it by invoking bash from a Windows cmd shell session:

C:\>set x=() { :;}; echo Vulnerable

C:\>bash

Vulnerable

xxx@xxxxxx /cygdrive/c

$

Of course these machines don't have any listening processes that invoke bash, and they're behind a NATing firewall. But I'll be updating them shortly anyway.

(Dear Reg: Would you please fucking fix the formatting of preformatted text already? People have been asking for this for years now.)

1
0

Latest Firefox and Thunderbird updates plug CRITICAL SSL vuln

Michael Wojcik
Bronze badge

Re: Which other software is affected?

Wikipedia has a list, which I'm sure is not comprehensive.

This is a pretty bad vulnerability. It's due - once again - to poor ASN.1 handling. ASN.1 is a blight upon computing. Though in this case it looks like the problem could have been avoided by refusing to handle BER and insisting on DER, which makes ASN.1 a little better. (Is there ever a good reason to use BER? I can't think of one.)

One thing that's not clear in the descriptions I've read of the bug is whether it only applies to some RSA keys. It's a variation of the Bleichenbacher attack, which appends attacker-chosen data to the signed hash so it matches a bogus key supplied by the attacker. Bleichenbacher's attack only works on RSA keys that use 3 for the exponent. It'd be interesting to know if this new bug ("BERserk") also only applies to RSA keys with exponent 3, since that at least reduces the scope of the vulnerability.

And, of course, it doesn't affect certificates signed using other algorithms (DSS, ECDH, ECDSA).

0
0

Bash bug: Shellshocked yet? You will be ... when this goes WORM

Michael Wojcik
Bronze badge

Re: Oh $!#t.

Everybody who uses old-school CGI or anybody who hacked some stuff back in 2000 on the quick?

CGI is the obvious vector, but others include programs that invoke system(3) with insufficiently-vetted attacker-supplied data, if bash is the shell for the account that program runs under. Advisories have mentioned some dhcpd configurations, for example (though I haven't looked at the sources to confirm the vulnerability).

It's also possible to set environment variables with typical telnetd and sshd implementations. Again, I haven't personally tried to exploit Shellshocked through one of those, but I wouldn't rule it out without investigation.

Security protection for environment variables has typically been done by blacklisting (e.g. prohibiting setting PATH and LD_LIBRARY_PATH in sensitive environments) or whitelisting (programs will only set particular variables). It's rare to have programs that do support setting environment variables actually put much effort into vetting the supplied values.

0
0

iPhone 6: The final straw for Android makers eaten alive by the data parasite?

Michael Wojcik
Bronze badge

Re: lets look at this in another way..

I don't need a phone to be unsufferably smug.

I noticed...

Thanks! Would you be interested in blurbing my autobiography?

0
0
Michael Wojcik
Bronze badge

Re: lets look at this in another way..

I find it hard to believe that an Android phone can do 99% of what an iPhone does.

My Android phone can do 100% of anything useful I've ever seen anyone do with an iPhone, except be unsufferably smug about my choice of phone. And I don't need a phone to be unsufferably smug.

2
1

Are you a fat boy? Get to university NOW, you PENNILESS SLACKER

Michael Wojcik
Bronze badge

20%, eh?

As someone who possess a trim - one1 might even say "svelte" - physique, presumably I should take this study to my manager and demand a 20% pay raise3 to cover my "thin employee" premium.

1Specifically, me. Or any of my legion of admirers2, really.

2Legion of Admirers #12 goes on sale next week. Reserve your copy today!

3Or "rise",4 if you prefer.

4Let me forestall the prescriptivist complaints over the etymological and grammatical justification for either of these idioms. Both are reasonable; "raise" is simply active voice (I induce my employer to raise my compensation) while "rise" is passive, suggesting compensation has been increased through the agency of some unnamed, mysterious force. I blame that elusive superhero the Invisible Hand, though only his faithful retainer Mr Smith knows for sure.

1
1

4chan outraged by Emma Watson nudie photo leak SCAM

Michael Wojcik
Bronze badge

Does Rantic really exist?

There's some evidence on the Wikipedia discussion page for the deletion of the (now deleted) FoxWeekly page to support the theory that Rantic / FoxWeekly is a single person. That seems entirely plausible.

0
0

Man, its smartphones are SQUARE. But will BlackBerry make a comeback with them?

Michael Wojcik
Bronze badge

Can you imagine the struggle to get that fucker out of a tight pair of jeans?

I admit the first thing I thought of when I saw the picture was how convenient, and safe, it'd be in a pant pocket. If I wore a suit jacket all the time (which I would, if I had a good excuse to, but alas I don't) it'd be fine. As it is, I'm not sure how I'd carry the damn thing around.

As it stands, I'll probably stick with cheap Android phones with sliding physical keyboards for the foreseeable future. Nothing else looks like a viable replacement for my use case.

0
0

Apple: Beats Music is safe with us. Just like your selfies in iCloud

Michael Wojcik
Bronze badge

Re: Since the death of Jobs, Apple have lacked a true leader.

the iMagnum - a digital app-enabled .44 revolver with built in camera.

Only if the Google Gat doesn't beat them to market.

0
0

Troll hunter Rackspace turns Rotatable's bizarro patent to stone

Michael Wojcik
Bronze badge

Re: No easy solution

The problem with Patents is those reviewing and granting them don't have enough education to perform in the modern world.

Even if they did, they certainly don't have the resources to do a thorough review of every patent application. The only ways we could fund a USPTO (for example) that could diligently examine all applications, or even the ones that made it past initial screening, would be to take funds from elsewhere (a political non-starter) or substantially increase fees, which would raise the barriers to entry even higher and put patents out of reach of small inventors.

There isn't any easy solution to the problem, and the various camps promoting one are ignorant, self-deceiving, or mendacious. Getting rid of patents, getting rid of NPEs, requiring closer scrutiny - they all have bad consequences for entrepreneurs and small inventors.

Complex systems are complex.

1
0

Bill Gates, drugs and the internet: Top 10 Larry Ellison quotes

Michael Wojcik
Bronze badge

Re: God doesn't think he's X

I don't have an earlier citation (and a Google Books search was unhelpful), but yes, it's a well-aged saw. Google turns up variations for a number of public figures and professions (lawyers, actuaries, fighter pilots, surgeons...).

It's pretty tired, in any case. The bon is off the mot.

0
0

Moon landing was real and WE CAN PROVE IT, says Nvidia

Michael Wojcik
Bronze badge

Re: To all conspiracy muppets out there

there is NO CONCRETE on the Moon

How do you know? Have you been there?

0
0

Why Oracle CEO Larry Ellison had to go ... Except he hasn't

Michael Wojcik
Bronze badge

Re: Hardware

"I meant was not a file system, per se, but of just taking the data out of the database itself a slapping that crap right onto the disk itself"

People have already done that with RDBs as standard operational practice... Still not seeing what's new or better here.

Indeed. If memory serves, Oracle on UNIX machines typically used a raw partition, accessed through the block device driver, at least as far back as the late 1980s. A Usenet search (via Google's increasingly-broken "Groups" function) agrees.

1
0

Buying memory in an iPhone 6: Like wiping your bottom with dollar bills

Michael Wojcik
Bronze badge

Re: Paying 50 times the price

For unmolested (black) coffee, Starbucks is around twice as expensive as the convenience store, or around twenty times as expensive as brewing it at home.

Of course, Starbucks coffee is subsidizing their various costs, particularly the physical plant which houses a bunch of students, bloggers, hipsters, and the like who buy a single cup and then sit around all day taking up space, electricity, and wi-fi bandwidth. But it's still a lot to pay for an over-roasted indifferent blend.

1
0

Getting to the BOTTOM of the great office seating debate

Michael Wojcik
Bronze badge

Re: I bought my own chair, best $150 ever spent

I've always found the cheap chairs to be far more comfortable, particularly when sitting for a long stretch, than the expensive ergonomic ones. I had one of those Herman Miller Aeron chairs (inherited from a previous office inhabitant) for a while, for example, and hated it.

Different chairs work for different folks. I'm glad to hear you found one you like, but all the evidence1 suggests I'm much better off saving my money.

1I've been using office chairs for three decades or so now. And I've used quite a number of different chairs in that time, thanks to changing offices, visiting other offices, having a second office for my academic work, etc.

1
0
Michael Wojcik
Bronze badge

Re: Good news

If only you had access to some sort of world-wide collection of interconnected pieces of information, perhaps with some sort of index...

It's likely most folks who have ever, say, shopped for kitchen counters are familiar with Corian, as it's the oldest and most common of the "solid surface"1 fixture materials. Staron, on the other hand, seems to have a much smaller market share (haven't found any figures), so it's quite reasonable to expect that clause to be useful to a number of readers.

1I know, I know. But it's what they call them.

1
0
Michael Wojcik
Bronze badge

Re: MMMmmhhh

Indeed, these cubicle replacements are the very thing for middle managers supervising the output of "perspiration-encouraging manufacture halls".

0
0

Blood-crazed Microsoft axes Trustworthy Computing Group

Michael Wojcik
Bronze badge

Ground up

Security can be ground up rather patching later practice

Indeed, it appears that Nadella's strategy consists of grinding up everything at Microsoft.

0
0
Michael Wojcik
Bronze badge

Re: I wonder if that housed the evil or the good parts of "Trustworthy Computing"

By far the most important result of the TwC initiative was the SDL (Security Development Lifecycle), which doesn't necessarily depend on the existence of the TwC group.

That said, a critical part of the SDL is independent outside security audits, and with TwC folded into engineering, the independence of those audits is at risk. You do not want the same people responsible for getting a product out the door and vetting it for security problems; that creates a perverse incentive structure.

0
0

4K-ing excellent TV is on its way ... in its own sweet time, natch

Michael Wojcik
Bronze badge

Re: Chicken and Egg

@Gene, they did try that, so I called to cancel and the price went back down. Once Netflix came along we canceled the TV service entirely.

Hurrah for you. 'round here, cable is my only choice for reasonably usable Internet service, which I need for work; basic TV is bundled with the network connection, and the incremental cost of extended cable is about what Netflix would cost. And the TV service is less annoying than streaming from Netflix, which1 is far too prone to pausing for buffering.

1On the occasions where someone visiting the house has used their own Netflix account. We had their DVD-by-mail service for a little while, but dropped it because we rarely watched the DVDs.

0
0
Michael Wojcik
Bronze badge

Re: Chicken and Egg

By then, the internet will be standard at 1gbps to the home no doubt

Hey, can I borrow your unicorn?

So, 10 years from now, ubiquity

Not unless there's nothing else available. Frankly, I expect my current set (20-something inch LCD) to still be working, though its possible the no-doubt-crap capacitors in the power supply will have given up the ghost by then. And if it's still working, I'm not replacing it.

1
0
Michael Wojcik
Bronze badge

Re: ...and then you show them

Don't go and press your face against a 4K screen and get over excited: get 3 or 4 metres from one like you would at home

I have rooms in my house where viewers could sit 3-4m from a television screen, but I'll be damned if I'm going to put a TV in one.

In the parlor, where the TV is (the only set in the house), we're 1.5 to 2 meters from the screen. Maybe 2.5m for the furthest comfortable seat with a decent view.

Mind you, I wouldn't buy a 4K set either, regardless of where I'm sitting.

0
0