1346 posts • joined 10 Apr 2007
Re: @Seanie Ryan
As a side note, am I the only one thinking the film title should be 'Star Wars Episode 6 1/2: The Smell of Fear'...
It should be "Spaceballs 2: The Search for More Money"
...perhaps followed by "Spaceballs 3: The Search for Spaceballs 2"
Please no, not Zac Efron or any other largely talentless Disney "child star or teen-idol". And no ****ing time travel either - although I'll accept that there's a chance that an actor like Zac Efron might not ruin the film totally, adding time travel to it will.
Re: They'd never get me
I've been offered bribes of sex and cash in the past. Unfortunately it was a long time in the past and when I was working on the gates to a concert, nothing IT related.
Re: Well if it involves...
Yes I'm that shallow.
I'm not. How tall is Anna Chapman? :)
"Effective or necessary" depends on your point of view. Certain certified environments mandate that all systems have antivirus software installed and that the images are regularly updated (I never did get a real answer as to what they meant by "regularly" though).
In some ways AV software is like a biological immune system where you get a shitty cold and get protection only after the infection, but you are protected from a repeat of the same virus - the difference is that your protection can be shared with others. One serious problem with AV software virus detection is that it is retrospective - it takes time for a virus to be detected in the wild as the "best" viruses avoid detection for a while and then for an AV vendor to produce working detection rules and to check these in house against various permutations of the virus and known "safe" software that shouldn't come up with a false positive. The AV vendors are always behind, and end users always suffer as each detection rule added to AV software increases the number of checks that need to be made, necessarily slowing your system down to a crawl.
It's not a situation where the AV vendors can ever win, the only "fix" is to improve prevention and this requires careful operating system design. When the most common PC operating system has roots in a system that was designed specifically for single user, stand-alone use with everything else cobbled on top in a frequently changing direction with "new" products and platforms abandoned and left hanging regularly it's no wonder we're in the mess we are in. A more secure system is a more closed and controlled system, but how closed can it get before we start reacting to the loss of the freedom that enjoyed before?
Re: Bring back Ada
The heartbleed bug could be merrily implemented in any language that supports memory access, it was an algorithm error, not a bounds violation of any form.
Modula-2 might be ok but it was ruined by the inane insistence of the designer that it was going to be a single-pass compilation process. In reality this just doesn't work and you either wind up with horrible kludges to the code or progressively more unwieldy development environments.
I'm becoming increasingly convinced that there is simply *no excuse* for writing stuff in C (and C++) any more. There's just better ways to do it these days.
No one language is so superior to all the others that it is usable at all levels, from device driver all the way to up to user script level. As a general rule: the closer you get to the hardware, the lower the level of language that is appropriate for use. Efficiency really matters at the lower level, while wasting thousands of CPU cycles with boilerplate and support code is almost acceptable at the application level, it most definitely is not for an API call that could be called hundreds of thousands of times a second. Like everything there are always trade offs balancing code security and with efficiency.
Re: GOTO be GONE?
GOTO statement still have some relevance, but in general in higher languages it should be avoided. An algorithm can usually be written in a more structured, clearer manner where a GOTO statement is no longer required.
I would much prefer to see a GOTO statement than a "BREAK <n>" statement where you have to work through the layers of conditionals and loops to work out how many levels are actually being skipped out of in the parameterised version of the BREAK statement. "COMEFROM" would be clearer :)
Lower level, of course, you will see the exact functionality of GOTO everywhere because it is a fundamental control structure - JUMP and (conditional) BRANCH operators are key to assembly language processes. It's just that with progress we've abstracted their use away to reduce the number of problems they cause.
Re: Note to all C programmers
The style definitely doesn't help - and I'm certainly not a "friend" to many of the code formatting styles out there which encourage poorly indented and defined conditional blocks.
It's an absolutely appalling bug to be in place because:
1) An automatic code formatter applied to the code would have shown the problem with ease in a visual review.
2) The compiler would have produced a warning that the code block following it is never executed. Modern compilers are helpful like that. Then utter fuckwit developers either turn off the warnings or ignore them as there are so many. Hint for the clueless: the warnings are there for a reason, deal with them.
3) Testing should have revealed this bug very quickly as the function would not have behaved as expected. To be fair what probably happened was that the code was tested, then the developer hit Ctrl-D while the cursor happened to be on the badly formatted line, duplicating it (Ctrl-D is a common shortcut on many IDEs) probably while pressing Ctrl-S to save the current source file. However again, a commit of the source and the subsequent diff should have revealed this error straight away unless it was introduced as part of a larger block of changes, in which case the unit tests should have been re-run for all cases and the fault identified.
Re: A brain is not the answer.
A brain is a massively parallel pattern matching system. It also has a relatively ingenious lossy compression memory as well that manages to overlay many memories over each other but somehow keeping them intact enough to be separate.
Any individual, small part of the brain can be implemented faster in silicon, however the ability to form and reform a wide mesh of analog connections between many neurons (quite flexible processing "cores") is something that is very costly to implement.
Repetitive, exacting processes are ideal for procedural computers, however other processes such pattern matching, approximation and detail substitution are much more suited to neural networks. While one can substitute for the other in most circumstances, it is far less efficient.
Re: @Nick Ryan
You need to get a copy of Settlers 10th anniversary.
Oooh... thanks for that. I think I may need to purchase that straight away!
Re: My fondest gaming experiences have been two+ player:
Settlers... with a cardboard screen splitting the screen in two so we couldn't so easily see what the other one was doing. Unfortunately settlers got worse and worse for 2-player with every new version and it lost all the charm of the first. The latest, is completely ruined by unisofts moronic insistence on everything being about meaningless "micro-purchases", a ratings ladder and very limited (if pretty) maps - they don't even permit a ****ing save game feature in two player because it might be mis-used in the ratings ladder. Guess what, we don't give a flying rats about the rating system, we just want to play the game. And without unisoft's DRM and other intrusive nonsense getting in the way as well.
Sensible Soccer (tournaments) - we took teams, played against each other, drunk beer. Some days just never got better.
Re: Well, it was only a matter of time......
I'd much rather that "touchwiz" was an optional, uninstallable skin that could be installed (vendor locked) or uninstalled as desired. Same for the other manufacturer's launchers as well. If I never see another bit of "carrier" content again I'll be happy as well, I remember too many phones utterly ruined by the total trash that the networks put onto devices while simultaneously removing anything useful that competes.
On a side note, if The Demon Spawn of Redmond, AKA M$ or Windoze (or whatever tired and unimaginative insults you can come up with) had announced plans to do this to their OEMs (or if they were to do so in future), what do you imagine would have been/will be posted on a thread like this one....hmm?
To be honest, this Google plan doesn't sound very different to how MS currently operate with Windows Phone, so they'd be hard pushed to make such an announcement.
While it is an extension of the Nexus devices, which in my opinion appear to be there to keep the other manufacturers on their toes, I'm not sure if this is going too far.
Maybe I'm missing something, but other than the headline where did it mention ARM? The Basic Qualifications section of the role lists "In-depth experience in optimizing workloads for high-performance x86 architecture" with no mention of ARM anywhere.
Intel are also working with integrated or custom dies as well and while it's a rather different licensing model to ARM's the basic principle is similar.
Headline writers... grrr... it's like they're attempting to catch our attention or something :)
Re: I actually like Windows phone
Why so many downvotes for somebody simply for saying that they like a product? Bizarre.
Because this topic is fan-troll bait, including as it does the topics of Windows Phone and Android in one therefore even rational posts are going to get lots of spurious down votes but few counter-arguments.
The only comment I'd have about the above poster's comparison is that IMHO he's not comparing like-for-like devices, but given the number of devices and combinations of features and devices it's hard to really compare devices objectively.
Re: "reacts like a teenager whose divorced dad has been seen dating a young stripper."
I think we need a "I think this would be better demonstrated using playmobil figures" icon... :)
Re: Low power tasks???
Yes, Video playback is a relatively low cpu power task - the processor has to do little more than orchestrate the passing of data to the dedicated video decode hardware that is genuinely efficient. Hence low power, as in a low-power CPU can perform the task.
The display will take more (electrical) power to display the video...
Re: Luckily for me
It also aids productivity because it ensures (*) that you concentrate on one thing at a time rather than continually flit like a geriatric lunatic between different tabs and downloads.
* as in, it could only do one thing at a time itself, therefore that is how you had to operate. No downloading in the background, no seeing the page until it was loaded, no tabs (don't remember an "open in new window feature" either)... and no .png support, no scripting... errr... I'll just load up lynx thanks. Did it even support marquee and flashing text?
I think I like the term "earslab" better though.
Re: Pottie "Moz's C/C++ replacement Rust"
"....what about C#?...." The problem for C# for many of the Penguinistas is that they see it as firstly a Microsoft product, and it is, in their eyes, therefore too tainted for them to consider, despite it now being an ISO standard CLI language. They even get huffy over the FOSS Mono version, calling it an MS Trojan horse.
C# is a Microsoft product - while it is labelled as an "ISO standard CLI language", we all know how Microsoft rigged the standard for Office documents.
Once the Microsoft dependencies (libraries) are stripped out, there is unfortunately not a lot left to C#. While the same could be said for other languages, at least for many of the others there are working alternatives for the functional libraries. Once these Microsoft dependencies are removed there is not a lot of real incentive to use C# compared to C++ as there are relatively few compatible libraries and pools of example code, although recently more have been released. AIUI it's also quite a bit slower than C++ for many tasks due to the additional baggage that comes with managed code - in theory it is safer though.
It now has 540 million such profiles, of which around 300 million people are said to be active in the Google+ "stream".
Is this "around 300m people" the ones who haven't figured out how to or haven't yet, disabled the g+ "integration" options on everything google?
Re: Not that easy
Unless there's a head crash, inserting old Amiga floppy disks into an old Amiga disk drive shouldn't damage them. There is a chance that if the data is magnetically "faded" (not sure what the correct term for this is) then it could be flipped by the read head but in this case the data is probably knackered anyway. Still, the caution that they exhibited wasn't entirely unwarranted given the potential value of what may be on them.
Amiga disks didn't operate with a variable speed, that was a feature of the Macintosh systems. The actual physical disk drive components used by the Amiga 3 1/2" SD floppy disk drives and PC 3 1/2" SD drives were the same it was the interfaces that were different. The biggest problem was that PC operating systems were designed such that supporting other formats other than their own was very difficult. AmigaOS, on the other hand, had a very flexible disk operating system and supported different formats with relative ease. Most problems with this support came down to supporting the primitive file systems and their inefficient use of disk space - e.g. 8.3 uppercase formatted file names compared to case-capable but case insensitive full length file names, 720k capacity compared to 880k. While annoying it is easy enough to copy content from an Amiga to a PC using an SD floppy disk, although if you want to preserve file names then it's a good ideal to compress the content into an archive file of some form - lha and lzh are supported by many PC archive applications. Other transfer alternatives are null modem cables and the huge number of transfer suites that are, or were, available for this, and even IPv4 networking if you have the patience to get it working. One of the most useful tools I remember was software that mounted an FTP site as just another drive in the Amiga - this allowed you to relatively painlessly copy files to and from a FTP server using whatever application you wanted.
Converting data from the majority of IFF files, which encompassed ILBM and a lot of other formats, is not a particularly troublesome task given even basic coding skills. Again there are a few tools still going that help with this.
Re: Some clarification
There is also the issue that what is traditionally referred to as "junk" in the DNA is in reality not junk and is critical. As a result comparing a "few" marker genes in no way is a complete comparison of species - it's a starting point though. The actions controlled by this "junk" are very interlinked, resilient and there are clearly documented cases where different arrangements of this "junk" trigger the same end result.
Whatever it is for (most likely AppleTV of some form), a speech control interface is welcome. Siri may have its faults, but it's a step in the right direction.
Would save so many problems with losing the remote controls all the time...
Re: The odds are not too shabby @ Bilby
Come friendly asteroids, land on Milton Keynes?
Just doesn't quite have the same ring to it as bombing Slough. Although I'd argue for Slough, Milton Keynes, Luton and a good few other places as well.
I am far from a luddite (maybe rather closer to a closet tech-geek), but why do the damn interfaces on these things have to be so awful?
It is much nicer to use a push on/off rotating dimmer switch compared to dual function up / down buttons. I hate button re-use with a passion, it makes for some of the worst interfaces. It's not as if switches have to mechanically control the circuit therefore a digital rotating control, perhaps with a mechanical stop, and a push on/off button is not hard. And get rid of the bloody LEDs. I have too many of these things glowing away for no readily useful reason and while a nice subtle LED lighting a switch in a dark room isn't an entirely bad thing, a "burn your eyes out it's so bright" blue LED is what tends to get fitted these days.
And as for the remotes... the cheapest, nastiest, OEM remotes with... wait for it... dual function barely explicably captioned (icon'd) buttons. Gits.
Re: Here is an idea
"Free markets have made you, and billions of people all over the world considerably richer."
So has (currency) inflation. Millio, millio, millio...
Faster and faster HFT systems...
Faster and faster HFT systems is all very well, but what do they interact with? An external system?
If so, what are the speed of these systems because in any correct systems you should have transactions, and the negotiation "promise" stages leading to completion. Far more likely to be concurrency / queuing issues with these rather than a trader's systems. As these systems are dealing with trading finite resources ("resource" can be quite an abstract term, but even shares are finite) there should be a register of who owns what to ensure that duplication, and therefore fraud, is not committed where multiple parties claim ownership of a resource or more of a resource is being traded than in reality exists.
Just some thoughts that come up from these kind of systems...
Re: More Concerned About Safety Gear
Considering how clothing much many builders wear in the summer, she's quite well covered up really.
errr... yeah... I had a train of thought at some point but seem to have misplaced it. For some reason.
And then I noticed that in the (photoshopped) "asus beach babe" image the girl couldn't possibly be using the device due to the angle of the screen. Do I have my priorities right? :)
If the professionals can fit sensors upside down and confuse metric with imperial measurements, I'm sure a missed blown fuse is quite forgivable :)
Re: computational density...
That's intriguing. It would seem to me that it implies that the FP64 processing is implemented using the multiple steps of the FP32 circuitry (splitting and then re-merging the values?) rather than native FP64 circuitry.
Ah yes, the "in-memory database" that's effectively crippled due to lack of support for many standard and commonly used SQL operators.
However I'm sure that if you had specific data requirements that you need to run at an acceptable speed, you could redesign your database, separate the data that you need fast access for and then work around the dependencies. In general it may be useful for specific new cases, useless for speeding up existing databases.
Oh hell, yes. I forgot the bullshit of acronyms everywhere... with DS, DD, OH, LP, DH and everything else that just makes it all as cliquey and incomprehensible as possible.
Some of the info on mumsnet is actually useful - children are different and finding out what other parent's solutions, or attempts at solutions are, can be invaluable.
Unfortunately it's hard finding the useful information under the heap of junk posted by the batshit insane.
At full arm's length?
At full arms' length, those pixels are probably going to be far too small to make a difference
Full arm's length? When was the last time you saw anybody hold a hand held device such as a mobile or tablet at full arm's length? Apart from the logistics of doing this in public, you'll soon realise just how heavy these devices are, and how heavy your arms are, when you try to hold something at full arm's length for any amount of time.
My desktop monitor is only just a full arm's length away from me... strangely this makes it less than ideal for a touchscreen interface.
It wouldn't be rotatable, and it would probably be pretty horrible to use when rotated 90 degrees.
It probably wouldn't have happened in the first place. There would have been actual code reviews, code analysis, testing etc etc.
Nice troll :) Commercial organisations are much lazier about their validation and testing and code reviews because a) it costs too much and b) nobody else will see the code therefore problems are hidden through obscurity.
This is a functional programming error, a memory bounds checker would not pick this up because there no memory violations taking place. Unless an independent code reviewer thought about the case in enough detail and thoroughly dismantled the code it would be missed. This is a small function of a rather large code base.
On the other hand, this function was evidently not tested to destruction through putting the full combination of extreme values into it.
Why do I always internally sigh whenever I hear anything coming from "Federation against Software Theft (FAST)"?
Firstly, there is very little Software Theft, and theft is generally a police matter. e.g. somebody has stolen your collection of install media and licences from your office. Intentionally misnaming an organisation to further an agenda is ethically wrong.
Next, while FAST like to report themselves as a "not-for-profit organisation", they are not a registered charity, instead they are registered as "PRI/LTD BY GUAR/NSC (Private, limited by guarantee, no share capital)", which while similar is rather more flexible - the only enforced limitation is that they have no shares and therefore shareholders. FAST have also registered a for-profit organisation. It may all be above board, but it just feels wrong.
Not that I'm against software being correctly licenced (I'm all for it, especially given my business), but misrepresenting things, seemingly only to support the large software organisations and ignoring the small and making up ridiculous statistics at whim just doesn't sit well with me.
Re: Who Still Uses Malloc?
This bug is nothing to do with malloc - it's a basic overflow - the data returned is bigger than the allocated size, thus returning other parts of the processes memory/variables.
So even using calloc throughout would have made no difference here.
It's not a "basic overflow", there are no memory bounds being violated in this bug which is why the automated code checking systems, good as they are, didn't pick up this bug.
The bug is that the memory allocation code allocates one size block of memory, which being unitialised contains whatever was in that memory space before, hence the problem, but overwrites this block with a different number of bytes. In this case a 64k chunk is memory is allocated, one byte of it is overwritten with the return data and all 64k of it is returned.
Re: For $63Bn
Completely agree, this is a classic case of an analyst fundamentally failing to understand the products and their reasons for success.
The iPad is successful because of what it is - a quality media consumption device that allows some (limited) media creation. The MacBook devices are also quality devices but more targetted towards media creation compared to consumption. There is some cross over between the two but each have their specialisation and that is their key strength.
If you really want to use an iPad to create content a bit more easily you can always link a keyboard to it. There's a reason why most people with iPads don't do this.
Re: Yeah, but..
It's in the equivalent US and UK agencies' remit to do exactly the same - to promote their nation's interests (both commercial and non-commercial). This covers industrial, commercial, political and military espionage and this has been the case long before the Internet became so prevalent.
As I understand it, it's the normal political "please don't do it" kind of espionage slap down where both parties (privately) know damn well that it is happening, that it will continue to happen and neither really want to escalate it any further. This tends to result in token grudging actions but nothing fundamental and in general everything will carry on as before. When it escalates further, sometimes diplomats are expelled as well, usually to be replaced by somebody just the same but with Internet espionage even this is less relevant and is just a token protest measure.
Nations also have internal agencies that spy on their own citizens or, more accurately, anybody within their borders. This is for various reasons such as tracking extremists, criminals activities (organised crime groups and lesser crime elements), counter-espionage (you need to know who could leak information or who is) as well as more benign political analysis where the reaction of the populace can be measured and reported on.
Interesting, however it is a struggle to see how it compares with other wireless technologies for many applications.
On the other hand, if you have a few sensors that can be put in awkward places and don't want to or can't run cables around but have sunlight available then you have a remote sensor that powers itself. It's line of sight, which may be a problem for some applications but for many sensor systems this wouldn't be a problem and the uni-directional nature will make it a little more efficient on the power over distance front.
Re: "Trust the OS" - If only it were that simple...
This exploit isn't about buffer overruns as such - that is where you throw too much data at a process and it overwrites executable code with whatever you threw at it. This exploit cannot be detected using memory bounds checking, because it is not violating any memory bound.
When an application allocates memory, this memory is in an "undefined" state. For a cold started system or a block of memory that has never been allocated yet, this memory is usually all zeroes, however there is no guarantee of even this. Hence "undefined".
This exploit allocates 64k of memory, which being "undefined" will generally contain whatever application or process last wrote. Due to deficiencies in the code one byte of memory is copied to this and the whole 64k of memory is returned. It's pot luck what is in this 64k block of memory, but keep on requesting memory and you will eventually get something interesting back.
There are various preventatives for this, such as zeroing the memory on allocation, but for a low level library this is inefficient and as the block of memory should have been overwritten entirely a pointless exercise in wasting processor time. Another is to zero the memory on de-allocation, again for many low level processes this is also inefficient as a relatively simple process could then take 20x longer to complete, multiply a low level task by the number of calls to it and the overall system impact could be disastrous. On the other hand, a code process that stores passwords and private keys should damn well clear the memory after use, but again this is an efficiency argument compared to what can be done on an otherwise "trusted" system.
Re: Rust would help, but there's a reason it's not used there
That is the problem. There are some very clever code analysis systems that can help to spot these kind of mistakes, but they can't spot everything.
Re: This attitude is not the key to success
System libraries usually need to be implemented in the most efficient possible way. That efficiency is achieved by working as close as possible to the "bare metal" — And C gets you there.
BOLD TALK ... FROM THE EIGHTIES! Well, already in 1984: The Lilith
Writing in C means you have to be much more careful
THIS ZIMMER FRAME REALLY GETS ME THERE FASTER, I JUST HAVE TO BE CAREFUL WHEN GOING DOWNSTAIRS. SURE I BROKE MY NECK A FEW TIMES, BUT IT'S NOT GONNA HAPPEN AGAIN.
This kind attitude to coding is exactly why many current applications and indeed operating systems are so staggeringly inefficient and slow compared to the equivalent of even a few years ago despite the hardware being orders of magnitude faster.
The lower level the API the less appropriate it is that it is implemented using "managed" code. If you had an understanding about just how much more processor resources (memory and CPU cycles) are consumed by managed code than unmanaged code then you would understand. Some things are appropriate implemented one way, some another. No one programming technique is appropriate for all cases and attempting to use one across all or to use the wrong technique is utterly stupid.
Re: I don't get it..
I don't get it either, all the open source morons have been saying for years their OSS crap is more secure, then we get things like this. Oh and the 23 year old x windows vuln exposed a few months ago.
Hint: down arrow is below, morons lol :)
Mistakes are made equally in Open Source Software and Closed Source Software. The point with OSS is that it can be made more secure. This kind of fault in closed source may never get spotted or reported and then you'll be in an even worse situation where you don't know about the fault or how long it's been there.
Re: Read between the lines
In this case it would appear that those responsible forgot that they were dealing with a work-force based in the UK and treated them as if they were in the US.
A common mistake made by many Americans, they seem unable to realise that laws differ and that laws of the USA are not universal.
The gulf in differences in quite staggering... effectively in the US an employee has no rights whatsoever compared to the UK. AFAIK many of these rights come from contract law where both parties have to agree to contractual changes, rather than a company just making changes as they feel fit.