* Posts by sed gawk

71 posts • joined 1 May 2008

Page:

Vodafone didn't have a £6bn tax bill. Sort yourselves out, Lefties

sed gawk

Re: Yes, but

It's clearly not the same but the basic point you raise in one where it's clearly a made up scheme not a real situation.

The reality is more complicated, at what point do you require a company to *deliberately* not be as tax efficient as possible?

Take my small business, I pay vat every three months, if I don't pay it on time, they charge me more money. I read the rules saying "pay on time or it will cost more" and I pay on time, hence I have deliberately structured my affairs to reduce my tax bill, why is that wrong?

I think you'd agree that seems a fairly reasonable action, but really how is that any different to the ones who are on the right side of the law with very complicated corporate structures?

At issue is the basic principle of legality, we have laws not morals to bind us. There are "moral" legal systems in the world, and I am eternally grateful that I do not reside within their jurisdiction.

Which leaves us with laws, either its legal or not, and if its legal and you want to do it, you should be allowed to do so with whatever degree of complexity you desire.

Should you be able to use any legal means at your disposal to reduce your tax bill, including setting up elaborate but legitimate overseas holding companies?

If you want to do so and you are not breaking the law, yes you should be allowed.

2
0
sed gawk

Totally agree the tax laws are too complicated to be bug free.

I don't really understand why a flat rate for everyone couldn't work, I'm sure someone will be along to explain why it's hopelessly naive.

I have a problem with the fairness aspect. Essentially, either something is legal or not.

If it's legal, however repugnant the activity, one should be allowed to do it unencumbered.

It seems fairly simple, if I pretend my situation is different, then it's evasion, if it's true then it's avoidance.

It's then seems to be wrong to say "you read the rules and structured everything to avoid giving even one bent copper more than the law compelled you to but broke no laws." but it's illegal anyway.

I'm not arguing in favour of screwing over the taxpayer, but a prohibition on working out the best execution path through the cruft ridden (tax | *) system seems unjust in a society where being a horrible person is not yet illegal.

4
0
sed gawk

Re: Abolishing Corporation Tax

Without taking a view one way or other, purely as a thought experiment, the difficulty for the average person would be getting an employer to go along with the idea of paying every person through a company.

I don't think they'd wear it, which would limit the usefulness, but I think if you were so inclined I think you could do so.

Not sure its quite as straightforward to make it work for you, I run a small business, I pay my bills, fixed overhead and variable invoices from multiple customers and I frequently pay other people to assist me.

If you pretend all the invoices in one year came from one "employer" being a business returns me less cash compared to sticking the total into an online paye calculator like http://www.listentotaxman.com/

To answer the obvious question, I am a business because my customers won't deal with me otherwise.

What am I doing wrong if it's a simple as being a business = save loads / make loads ?

1
0

Facebook worth more than Portugal? Hell, it's worth a LOT more than THAT

sed gawk

Re: Opportunity cost?

Completely agree, but have a different take on productivity.

I think there is a maximum amount of productive effort to be gained from an employee while keeping them happy. Trusting them to deliver that effort combined with firing piss takers, can let you just leave people to get on with their work.

Huge caveat, you need the right people, but why bother stopping people being people for diminishing returns on productivity?

I read the reg at work sometimes but I also work extra sometimes as I like to keep my clients happy.

There is definitely a line and piss takers must be pruned.

1
0

Blind justice: Google lawsuit silences elected state prosecutor

sed gawk

Moreover, he fundamentally attacks from the standpoint that Google should be censoring search results.

They should comply with the orders of the court, it's really not optional for the rest of us.

1
2
sed gawk

Re: Economics 101 and morals

Drugs are not evil. They are contra indicated for some people and in some cases contribute to poor decision making. The issue is most drug users quietly go about their business preferring not to become an anti-prohibition lighting rod at the cost of their liberty, livelihood and family.

Hence the main visible cohort of drug users are the problematic ones.

I'm a bit too old now to have much personal interest in the issue, but anecdotally I know several people with unimpeachable morals, good decent people, who like to consume drugs, which they fund by working in responsible jobs. I'm sure you know some people just them, though given your stance I'm sure you'll forgive them for not being entirely forthcoming.

We actually devote significant resources to keeping the dodgy people in business, we lock up their competition, thus we ensured that the people willing to take stolen goods in exchange for narcotics are still in business, can you imagine boots/wall mart/${big_corp} doing the same? In case the point is too subtle, we collectively subsidize the illegal industry by keeping it from being required to pay taxes and file accounts.

Why not take the morality out of it, help the needy of all stripes and tax the consumption and sale of narcotics in a sensible manner, rather than the current taxpayer subsidy of the illegal industry?

Final thoughts, in my country, the U.K. it's easier for a kid to buy weed than it is for the same kid to buy a beer. That seems like a pretty good argument for making it all legal, and easy to control.

3
0
sed gawk

Re: It's all Google's fault

This translates as "Google continued to do its job as a search engine." If many people enter those search terms in the land of the free, then they ought to be thrown up by autocomplete.

Your argument suggests that where technical quality is in conflict with the law, that the law should be made to yield. That's not a level playing field, it's flagrant disregard of the law, and if you try it, chances are your feet won't touch the ground.

And the correct answer is that they shouldn't have rolled over to those governments in the first place, although they didn't have much choice. Of course, now we're in a situation where every Tom, Dick and Harry with an ounce of political power thinks they should be able to get Google to manipulate search results to serve whatever hot issue they think will get them some votes. Or sue them for some of their supposedly bottomless funds.

Again they should comply with the law, it's a business, and complying with the law in all its insane glory is the cost of doing business.

We really need to get past this whole idea that the solution to every problem is "make Google fix it".

Are you for real ? Oh poor 300 billion dollar corporation, complying with the law should be optional for delicate little flowers like Google.

Piracy and copyright violations? Google's fault.

Google make money by serving adverts next to content, that means they can choose not to serve a particular market, if it requires they break the law, just like everybody else.

Kiddie porn? Googles fault. People want to buy prescription drugs? Google's to blame.

Google publish a list of links, they absolutely are responsible for what makes it on to *their* list. They make money by placing adverts next to content, some of that money will come from objectionable sources, and where it's flat out criminal, they should censor the list and leave the money from putting an advert next to kiddy porn on the table.

Somebody broke the law, and now their reputation is damaged. Oh look, it's Google's fault. Give it a rest already.

You don't seem to get how the law works, we as the public get to comply, that's basically the deal. Rightly or wrongly, there is a law which (personally I think is a bit pointless, but nonetheless) requires Search Engines to censor the list for particular keywords, again compliance is not optional for everyone else.

2
6

GCHQ: We can't track crims any more thanks to Snowden

sed gawk

Re: So before Snowden...

curses talk sed cat, wait vim, whois top

3
0
sed gawk

Re: The clueless will pay for their ignorance

Leave off, Sec-ops have sweet fa to do with vulnerable (being charitable here) people giving their details to fraudsters, with companies under-investing in professional architectural assistance with software security.

Snowden just confirmed what most (for a given value of most) thought, as the cost of tapping everybody started to be less than working out who to tap, it became more likely it would happen.

The only ones that needed to be concerned about monitoring of communications by authorities was the crims. It's not about being concerned, it's about living in the kind of society where freedom is not a slogan, some people are rather attached to the idea, so much so they've paid very high prices in service of that idea.

4
0
sed gawk
Pint

Re: Suspected

So what they mean is they can't track *suspected* criminals anymore. Suspected should mean nothing.

While I agree with the wider point you are making, I think *suspected* just means *not convicted*.

They absolutely should be going after suspected criminals, they should just apply to a judge for a warrant first, so they can convict them and turn them from *suspected* to convicted / or remove them from suspicion.

They overstepped the limits of the legal framework, just like the baddies. And they know it.

No, they flat out broke the law, in an industrialized manner, that's really quite different from a technical breach of process, it's the difference between shoplifting a mars bar and hijacking a confectionery truck.

if there's enough evidence of a crime having been committed then it should be trivial to obtain a warrant and poke that under the noses of communications providers.

Completely agree with you here, I don't object to the mass trawling in principle, but I do think a case *must* be made for each and every person affected, with the requisite paperwork filed with a judge. If that means that some dangerous evil people slip through the net, so be it, it's kind of the deal with being free, freedom doesn't translate to safety.

If that makes mass trawling unworkable, well again, that's the whole being free thing again.

Have a pint

9
0
sed gawk

Re: So before Snowden...

Surely pre-pay phones and fairly innocuous chatter is going to be the best bet here.

Look at the legitimate (i.e. non-obfuscated) chatter going over the web on an average day, facebook,stack overflow, twitter, amazon etc.

How really can you determine "hello mate, pint and same again please" -> "sure, same place ?" -> "yes, bit later - say five?" -> "see you there ;)" relates to some illegal exchange of goods or services.

It's fantasy - the blatant point of all the trawling is to provide an ability to *retrospectively* throw every possible extra charge at someone under arrest to get them to give up, whomever they're associated with.

I'd be willing to bet that the big scale stuff is disguised as company purchases for intangibles (IP payments perhaps) and looks like any other sales ledger unless a forensic accountant gets her hands on the books.

The little stuff is just not hidden.

I seriously doubt a sophisticated infrastructure is required to work out what "got any weed?" -> "how much do you want?" could possibly relate to.

5
0

Elasticsearch tells us all about its weighty Big Data tool

sed gawk

Re: Laziness

Your ATM's suck (by design) if they aren't faster than and are relying on your average disgruntled user who ran out of pocket cash and will take the time to tweet about it.

I can well believe something cobbled together in house, scraping twitter with a regex like /ATM (WTF|random expletive)/ would be easier to get approved and into production than properly secured access to either the ATM sensor data, the ATM operational logs, or the ATM maintenance schedule.

0
0

Untangling .NET Core: Open source for Windows, Mac, Linux

sed gawk

Re: Dear microsoft guy...

Seems a bit of a straw man argument..

As someone who has eschewed the Windows platform for over a decade, I take your wider point that it's a bit much to blame the Microsoft of today for the Microsoft of yesterday, and really what else can they do but try to do better.

As a developer, I welcome the appearance of openness from Redmond, but they lost mindshare so comprehensively that *today* open sourcing .Net is not enough to buy them any credibility.

If you are only targeting Windows, sure thing .Net will do the trick, but if you want cross platform code, the only sane way is C or C++ in my opinion - where an actual specification exists and the language and runtime behaviour is well specified, with multiple interoperable implementations.

3
0

Judge bars dead Steve Jobs from appearing on TV news FROM BEYOND THE GRAVE

sed gawk
Thumb Down

Re: Nothing So Rare As Common Sense

Mussolini got one train to run on time, as a one off - that's not that impressive,

By all accounts, he was a very naughty boy (tm) otherwise. While Jobs might have been a not very nice person, it's just disgusting to draw parallels between the business practices of a fairly cynical and exploitative company and a Fascist responsible for the deaths of real people.

I'm not even going to touch the Hitler reference.

Hand in your keyboard at the door, you're clearly unfit to possess it due to being a colossal asshat.

1
1

Deprivation Britain: 1930s all over again? Codswallop!

sed gawk
Pint

Re: The per captia figures may be better but that's not the point.

I think I'd find it easier now. Information is cheaper and more accessible.

*Data* requires processing to turn it into *information*, there is *more data*, not *more information*, again you need a guide to help you tell the difference.

Just a small example, I think someone really did fly a plane into the twin towers, I also think man walked on the moon, there is huge amounts of data on the web which appears to contradict these viewpoints,

without some basic knowledge, it's quite hard to make educated judgements of the quality of a data source.

Tuition is cheaper (not all subjects may be mastered within the state education system, even when grants were avilable for uni). Prospective employers are more accessible. The internet means I can produce and sell software 24x7

A logistics operation allow one to trade twenty-four hours a day, three people on eight hour shifts let you keep a phone answered around the clock, I'm not sure how you make the leap from your web server being on all the time, to a logistics operation, I've set a few up for customers, they take quite a bit of effort and cash.

I get that customers can look at products all the time, like the Littlewoods catalog and telephone shopping, perhaps? The web basically changed the cost of distribution for certain things e.g. product catalogs, it reduced the marginal cost for other things, e.g. spam, but basically it has had a less profound effect than it's credited with, I'm open to being convinced but other than search which is a new business if you ignore the phone directories, advertising (that disruptive new business model) is what makes money online.

Good for you, and shame it got shut down. I was never one of the smartest kids but I've always believed opportunities like that should exist. Why waste our brightest minds simply because they;re working class?

I was lucky enough to have a wonderful primary school teacher who gave a shit about the kids under her care, my only contribution was passing the entrance exam, it's her achievement as much if not more than it was mine, more so as my parents wouldn't have known about it without her.

Or, you could always do a distance learning dgree for about £12k

Firstly unless you get a degree from a Russell group uni, now days I'd say don't bother, it doesn't confer the advantage it used to, which it also my secondary point about it being more difficult to "level up", all you had to do before was get a desmond or better degree and you had a better than average chance, now it just means you're in debt, and it's not a point of differentiation, as everyone has one.

The best bit is that you'll be able to work while funding it. Had this been an option when I was young, I would be a very rich man by now, because I'd have bought a nice house back when they were cheap and would have had no university debt (grants didn't cover books, food, rent etc by the time I went).

The OU started taking students in 1971 and nowadays most degrees count for nothing, with certain exceptions.

It does, but it also has more practical content than MIT, if you wish to persue a trade or even just repair your own home without having to stump up for a tradesman to visit. I've done a couple of crypto courses online myself and to say they were of a very high calibre would be an understatement.

YouTube may well be a good source of data for something visual, but I can't really take it seriously as a teaching tool, nor recommend it in good conscience.

Books are excellent. I'm reading several just now. You missed free wifi off your list though. I frequently used to use it at service stations, shopping malls, coffee shops etc when on call and its certainly fast enough to use the internet for research and learning.

You need portable computing equipment, at a few hundred quid, or a smartphone which is really more of a consumption device then a creation platform, so not sure how free wifi somewhere where your presence costs money really counts as free, I'm fairly sure if you rock up to starbucks and sit without buying anything for long enough, they'll turf you out on your ear, I suppose you could go from shop to shop but it not sure that's that conducive to learning, it would be cheap.

Libraries still exist, or at least my local one does, though I accept they are a shadow of their former selves... if only people had used them... like say those persuing knowledge to better their situation while on a low income?

Libraries are being shut down, for several reasons, it's discussion all of its own, suffice it to say that its a happy coincidence that a less educated population is easier to control.

Education is not more expensive. £12k for a full BSc degree. It means you can do a BSc and an MSc cheaper than what I ran up in rent while doing my first degree. I see where you're going regarding quality of tuition, but even allowing some falling standards, an MSc has to be equivalent tot he BSc when I did mine, and it was well worth having. 12K is a lot of money, not for me, and not for you, but 12k is more than some people earn in a year. If you are on the dole, you'll get about 65 quid a week of actual cash (leaving aside benefits in kind, like housing benefit and council tax benefit, as you basically don't see them) that's (52 * 65) = 3,380.0 per year of actual money, for food, and bills, it might as well be twelve million.

most people derive their income from work, if their work never pays them enough money to allow them to "upskill" they'll at best stay where they are

Even taking minimum wage, you'd only need an additional part time job of 17 hours per week in order to fund the 4k fees while keeping everything you earn today. So work overtime for three years then study for three and you have your BSc. The income increase from that will be enough to fund the MSc and now you're made. Oh, I already deducted taxes from the minimum wage and assumed no assitance at all.

In our country, you can legally pay a nineteen year old worker £2.73 an hour https://www.gov.uk/national-minimum-wage-rates, which assuming fifty weeks per year, forty hours per week, is 5,460.0.

By the way, this means your 2,000 hours of labor earns you 1.04 over sitting at home on JSA (5460 - 3380.0) / 2000.0 = 1.04 oh and you'd lose council tax/housing benefits.

I think you're doing most peopel a disservice, or you worked considerably harder than I. I believe most people capable of doing what I did because I've seen so many others do the same.

I can't speak to your experience, perhaps it would have been easier for me had I known then what I know now, but I genuinely feel that both education confers less advantage than it once did, and the kind of jobs I did are both harder to come by and worse paid, while housing and all other costs of living are higher.

It's a network and an application layer protocol, not the second fucking coming, with extra cherries.

ROFL. Best description I've heard of it to date. The internet is a vast opportunity and open market for those that wish to use it. I wish I had the motivation to use it properly rather than mostly browsing... I could be getting paid for content (Give me a Guardian OpEd piece and watch the page hits fly while they go into meltdown seeing who can disagree with me the most), or writing and retailing software to do things.

find a functional recipe for black powder online, report back with all your fingers.

In the days before the web I had a small library of these culled from Gopher and FTP. In these post 9/11 times, I'm not even going tot hink about looking for that, sorry. And yes, I destroyed my small library many moons ago before it was verbotten to have such.

Gopher that made me smile. You have no intention of using that knowledge for evil purpose, yet you fear even the taint of its association and that in and of itself is not an issue, not a barrier in your educational path?

So no teaching yourself chemistry then, really read that again and please tell me that is not acceptable, I liked making things go bang as a kid, science is fun, fuck anyone who wants to paint a box around knowledge, my actions are what should count, frankly it won't keep me out of prison if the .gov really wants to push the point, but fuck em anyway.

Yeah... I'm not the one pretending what we did was beyond most people, or that most people are incapable of learning unguided. Anyone can better their situation in the UK, literally anyone without sever disability, if only they're motivated to try.

The high horse is in response to the blatant assumption that I'm saying "don't bother" from a position of ignorance and the frankly patronizing tone of your first response, a tone which is *markedly* absent from this response.

But, I don't say it's beyond most people, I just don't think the social ladders are as numerous as they were, I don't think the degree helps like it used to, I don't think that its easy and just getting by has got harder, it takes a lot of work to make it, and I think it's harder in almost every way, you clearly disagree and that's your right.

I admit that my view is coloured by my experience, I genuinely hope that it's less bleak than it appears to this cynical old sod.

I can't really find it in me to blame you for your optimism, even if I think you are misguided.

Have a drink with me.

1
1
sed gawk
Pint

Re: The per captia figures may be better but that's not the point.

cheers, I get a bit ranty after a long day, have one with me

0
0
sed gawk

Re: The per captia figures may be better but that's not the point.

@Phil O'Sophical

Difficult != Impossible.

Can't be arsed to paste this in from the last reply, in short there is an opportunity cost to spending time educating oneself, a person who is poor feels it may not be worth it, a person who is not poor feels it's own reward.

The cost of getting that decision wrong is now around 30k in the UK, that's a big ask even if you'll never be asked to pay it back, as most people who were/are really poor are terrified of falling further behind, I certainly was, and I know a few from the old days who still are.

1
1
sed gawk

Re: The per captia figures may be better but that's not the point.

@ Matt Byrant - do fuck off, you're a blight on this forum and the personification of the need for killfiles.

@ Lurelout, Just to get this out of the way, I started from fuck all and, I don't in point of fact hold a degree, I do run a business, and I'm doing very well ta very much, so less of the class warrior guff thanks, I don't really need to give you the full flannel nor do I intend to get into who had a more difficult start, it's beneath me and beneath you.

I'm very glad that you managed to make a difference to your circumstances, as did I, I still think it's harder now and I don't fancy my chances if I was doing it now, hence my original post.

Just to clarify a point, "difficult" doesn't mean "impossible", which seems to be the general theme of your post, the clue is in the different spelling.

(1) I got an education thanks to a scheme which was shut down in 1997 by the incoming New Labor government, nothing has since replaced it to my knowledge (happy to be corrected) In essence, it paid for smart kids from poor backgrounds to go to private schools, hence I got access to the likes of the Acorn Archimedes and a decent grounding in maths and science.

So, the early start in computing which formed the bedrock of my career wouldn't have been available to me had I been born some twenty years later.

(2) I choose not to do a degree as I was already working in industry by the time I was eighteen, had I chosen to do a degree, it would have cost me the princely sum of zero pounds on a grant.

Today that degree would be both less likely to be as rigorous and would involve acquiring a debt of at least twenty-seven thousand pounds (9k per year, three years for undergrad) http://www.city.ac.uk/courses/undergraduate/computer-science

These two things alone make educating oneself more "difficult", not "impossible" but more "difficult", and if being nearly 30k in the hole before you start doesn't give you pause, your benchmark for being poor is out of kilter.

(3) The internet (I think you mean the web), and you're right, no-one trusts a degree now, as they've been watered down to homeopathic levels, hence coding tests and basic complexity questions in interviews for senior staff. A deluge of data, and very little information, without a guide, who will steer you away from schild thttp://www.seebs.net/c/c_tcn4e.html and towards K&R ? YouTube videos, really, had you name checked MIT's open courseware, I'd have given you a pass but YouTube by his noodly fucking appendages.

(4) Just to follow up, so you're poor right, your access to the net is likely on a prepay dongle, which is charging you some 15 quid a Gig http://www.vodafone.co.uk/shop/dongles-and-mobile-wi-fi/, and you want to learn by watching videos, how about reading, in a library if you can find one, is that too "last gen" for you.

(5) Libraries were a feature of my childhood, adolescence and early career, they are a hollow fucking joke now.

So to recap, education more expensive, more data of indeterminate quality until you are clued up enough to filter the bull for yourself, "learn to code" http://decoded.com/uk/code-in-a-day/ seriously, learn to be a proper programmer, in one short lifetime.

"Not true. I commute more than 16 hours a week and have time to prepare home cooked nutritious food for my family. Laziness may explain it, but time or distance travelled for work does not."

(6) woopdy fucking doo da, try working three jobs in every fast food shithole known to man as they don't pay a living wage, and they won't let you work enough hours to turn a poverty wage into provision for oneself, see how much you feel like cooking once you've had your three showers to rinse the stench of grease from your skin - then lecture people on proper food preparation.

I commuted from the UK to main land Europe, it's a piece of piss, taxi to the airport, breakfast in the sky, taxi to my desk, taxi to the airport, dinner in the sky, taxi home, much more than sixteen hours a week, not the same hours, not by a country mile, my son.

(7) To earn enough to make a significant change to one's life is out of reach for most "poor" people.

This is fairly simple, most people derive their income from work, if their work never pays them enough money to allow them to "upskill" (fucking americanisms, it's however apropos), they'll at best stay where they are or more realistically go down (inflation rearing its ugly head). Hat's off to McDonalds here as being the only employer paying poverty wages willing to let someone work a twenty-three hour shift, no sarcasm here, if they pay you fuck all an hour, the least someone can do is allow you the *option* of working until you drop.

(8) You say your not "clever, pretty, talented", neither am I, but I grafted my arse off, I worked and studied and worked, the effort required to change my life, was *non-trivial* most people can't work like that and frankly neither could I now days, I was lucky to be young and stubborn, scratch that I was lucky full stop, don't turn your back on the lady, she's a fickle mistress.

(9) The s/internet/web/ provides a way for porn to become free, programmers to bitch to one another, and for the great unwashed, a way to see what bulletin boards would have been like with more pictures of cats.

It's a network and an application layer protocol, not the second fucking coming, with extra cherries.

The web is a library without the benefit of indexing or peer review, where the "wisdom of crowds" prevail, not to say there nothing of value online, there about the same amount of useful information as was always there, just many orders of magnitude more dross, still without curated content, it's not really that useful for the uninitiated, hence the booming success of IRC as a service ( twitter), Html with css as a service (facebook).

(10) It's educational value is great if you understand what you are looking for and looking at, if you are starting to teach yourself a subject you know nothing about, not so much. Don't believe me, find a functional recipe for black powder online, report back with all your fingers.

(11) In summary, get off your high horse, and off my lawn.

6
1
sed gawk

Re: The per captia figures may be better but that's not the point.

One's life chances are measurably less dynamic then once was possible.

Yes, the poor are in relative terms richer than historically the poor have ever been, but it's harder now to change one's life by dint of honest effort.

Education used to be the primary social ladder, it's now very difficult to educate oneself out of a subsistence level to a more comfortable existence.

Life expectancy is indeed better, but good, cheap food requires knowledge and time to prepare, time is something which is in short supply, as the less you earn, the more likely you'll spend some of your time in traveling to allow for cheaper rent.

It's this double effect of watered down education and housing insecurity that makes people feel poor.

It's as much a mental issue as a lack of funds, not to blame someone for how they feel.

To earn enough to make a significant change to one's life is out of reach for most "poor" people.

To put that in perspective, you're less likely to risk being in debt from a poor background, less likely to risk being out of work while you retrain, less likely to be able to afford childcare and risk falling behind on bills.

Yes, there are feckless people, but frankly we are a rich enough society that the small number of people, who are determined not to work are not worth fighting over.

Poor is not about money, it's about opportunity, it's about expectation, it's about the consequences of risking failure while trying to improve one's life.

Less people are prepared to suffer the consequences of failure than once were, and that makes us all poorer.

6
3

Vendor lock-in is truly a TERRIBLE idea ... says, er, Microsoft

sed gawk

If you have (for political or business reasons, it really doesn't matter) multiple groups who cannot even agree on what distro they want to use but they don't want two largely-idle servers... well, the one group can use Redhat Enterprise Linux, the other can use Ubuntu, and more or less pretend they each have their own server. This isn't really possible without containerization or virtualization.

I can see that being a valid use case, but packaging for all supported distros is not that big a deal these

days, https://github.com/jordansissel/fpm will take a folder and spit out a rpm/deb/solaris/osx packages (no affiliation, just a user)

I'm fairly agnostic about what distro, it does the same job but the scripts are a little different, - again you only need to build the base image once.

Virtualization is assumed these days, everything is kvm on physical metal, and vm above that, so sprawling application only really affect their vm - most of which is run until it dies/needs upgrading and replaced with the current base image + meta-package. (We never upgrade in place, we replace the vm with a new one).

I can see the benefit in chroots / bsd jails, but these days - the entire vm is the jail, as far as I can see.

Okay that's perhaps risky https://blog.nelhage.com/2011/08/breaking-out-of-kvm/ but its what we currently do.

0
0
sed gawk

Still don't see what all this docker stuff buys you.

As someone who basically doesn't do windows - it's all linux or bsd.

So assuming you have a private repository of packages (debs/rpms/tarballs ).

And a base image with sane defaults configured to pull packages from your private repository.

Why am i using docker over just packaging an application as a meta-package depending on the bits I need.

So if i only want a sane webserver setup, I package corp-httpd and job done.

The only hard bit is to decide what a host will do, and that can be a shell script that sets a hostname and installs on first boot.

I don't really care what flavour of linux or bsd, it's roughly the same process, why would you bother with docker, when you can do all of this on a loopback mounts with a few hundred lines of shell.

I get that not everybody has access to the tooling to turn a debootstrap into a production webserver,

but it seems that with docker, you still have to do all the packaging right, and that's all the work.

The rest of it is basically unpack tarball and chroot install, which almost everybody has scripted away.

Gentoo does this with custom stage 4, debian does this with seeds, redhat does this with kickstart.

I'm hazy on the proper bsd way but it surely exists.

Most of the deployment stuff can really be boiled down to a kernel and rootfs image, at least on linux.

So Docker helps if I've got all that stuff, but if I've not got all that stuff then what does it buy me.

What am I missing here?

2
0

10 PRINT "Happy 50th Birthday, BASIC" : GOTO 10

sed gawk

Re: C

my way of seeing if the carry flag is set is based on an observation that if((a + b) < a) then overflow has occurred and therefore the condition denoted by the carry flag is true.

0
0

Can't agree on a coding style? Maybe the NEW YORK TIMES can help

sed gawk

Re: @sed gawk @Robert Long 1

Bellyfeel doesn't seem appropriate - grok is "to drink" - a sentiment appreciated after much hunting through source code - mailing lists and man pages to finally make a leap of intuition having drunk deeply of the well of information.

Bellyfeel is more like uncritically accepting "goto is evil" without wondering why.

0
0
sed gawk

Re: @Robert Long 1

Read http://en.wikipedia.org/wiki/Stranger_in_a_Strange_Land - grok is one of the more appropriate tech borrowings from literature.

1
1

Apple wins documents fight with Google in Samsung case

sed gawk

Irony

It means sort of like iron ;)

0
0

House passes, Obama disses 55,000 visas for educated immigrants

sed gawk

Re: Of course migrant workers don't take away american jobs in the long run.

Just a datapoint, I'm from the UK, I'm working in Europe, paid in sterling a good rate for back home, there is no way I'm cheaper than a local with exactly the same experience and professional background.

So there must be a reason they went overseas to find people, maybe, just maybe that reason wasn't money.

2
2

BBC iPlayer downloads BORKED by Adobe Air update

sed gawk

Re: Testing, testing, 1-2

Testing within BBC is getting better, but there is still some way to go, fundamentally its still a very top down place to develop software, and the valiant efforts of the various teams can only address so much upstream cruft (e.g. third party binary blobs), The cult of agile is quite strong there, with a (non-technical) project manager for every five developers, but not very much pair-programming, TDD, code reviews or (technical) project post-mortems.

I would say that they are genuine in there attempts, and they sincerely are trying to do the right thing but the path of advancement hinders disruptive change, (you can't really get a top job unless you have a very similar background to the people already in the top job). So the head of product (responsible for the software delivery for an entire Fiefdom of the BBC) would be an ex-journo (take Sports for example, ex-ITN and not a techie.)

This means something "radical" like a "major" platforms test harness for mobile is seen as too disruptive to adopt, and instead the "safer" choice of outsourcing a mobile app to a third party is chosen.

The bbc news app was built by a third party developer (fact) who has now allegedly been removed from the approved supplier list (gossip, but I believe it to be true).

On the flip side, the BBC is a big place and a lot of very well meaning people work there, for example, I saw a demo of NativeDriver from Google, which is an automated gui testing tool for android applications, guess what android app it was being talked about deployed on (that's right the buggy android news App)

BTW the list of things wrong when it was delivered, and the list of things that the public got to see are of markedly different lengths so don't be too hard on the mobile guys.

3
0

The GPL self-destruct mechanism that is killing Linux

sed gawk
Stop

Dont rag on autotools

The autotools are a bit difficult to learn but I think they are worth the effort, M4 is a bit fugly but

with a bit of practise and ruthless factoring into small macros its not that bad, (Top tip add banner lines to your macros so you can spot the output in the generated configure script)

With the autotools, I get cross-compilation/packaging/ cross-compiled unit-tests execute in a cross environment/transparent replacement of missing functions at link time/standardised argument handling which generates help messages/binutil access and ability to mung various assets (images/sql etc) in to my code with very little effort.

Mostly I copy my build-aux and m4 directories into a new project and write a simple configure. My heart sinks when I have to work on project that doesn't use autotools.

So I think the autotools survived because when you take into account everything it provides, it's streets ahead of everything else. (Libtool is still a thorn in my side, admittedly)

1
2

Google spikes old MS file formats

sed gawk
Thumb Up

Re: Download =/= upload

There exist large organisations who don't run the Microsoft Office suite and won't let you send anything other than an (small) image or PDF over email. DOC - DOCX and related binary formats don't make it through, if you send me a CV electronically and it's not a PDF it's going to get quarantined and I won't read it, all I'll be aware of is that someone tried to send me "spam".

TL;DR Don't be spam - PDF or paper.

toodles

7
3

'Programming on Windows 8 just like playing bingo' - Microsoft VP

sed gawk

Re: thx for asking about variadic templaces

It's not that bad, You don't have to rushing to write the cleverest template code you can.

Write simple code and C++ is a lovely language to work in provided you follow the rule.

Finally you have both typedef and a macro pre-processor, you really don't have any excuse for code that's hard to read.

Boost and the STL contain some very clever code (a bit hard to read, I grant you) but there are quite a few open source frameworks which are rather easy on the eye, try looking at http://www.webtoolkit.eu/wt for an example of clean easy readable C++ write on top of Boost no less.

0
0

Chase joins Bank of America in possible Islamic attack outage

sed gawk

Re: Time for a Radical Muslim Disconnection

Might have something to do with the fact English and French are taught nationally in Egyptian schools (perhaps other Arab countries as well)

0
0

Ambitious Alibaba wants to take on Android

sed gawk
WTF?

Re: The Key Missing Factor is Trust and Quality

Racist rubbish.

There is good and bad hardware and software everywhere - nothing about the country of origin tells you anything about it's quality.

As for the level playing field, I'm writing this in the UK, it's not a level playing field here either. As for govern'muppets interference. You think that doesn't happen in the UK?, it does!

The Chinese produce the same level of quality as the rest of the world, sorry to disabuse of your charming slight on 1/5th of the world population.

0
0

Dropbox drops JavaScript, brews CoffeeScript

sed gawk

Re: plus ça change, plus c'est la même chose

1) ASM to C - easy win, chances are your' ASM is worse than the compiler generated code.

2) C to C++ - rewrite would be a bit strong, wrapping C functions with classes perhaps but rewrite C code rather than wrap in C++ - madness.

3) C++ to Java - stupidity on a grand scale.

Coffee to JS is more like C with a preprocessor vs C without a preprocessor, it's not a paradigm shift.

like

1) reliquishing control over register allocation.

2) Letting someone else manage the container library and using automatic RAII.

3) Going from portable multi-paradigm elegance to overly verbose, badly designed kludge.

It's just a preprocessor, they are cool, C/C++ benefit from a preprocessor, Java suffers the lack of a preprocessor, anything that makes JS less painful can only be a good thing.

0
1
sed gawk

Re: Which Script has 5 less KLOC?

CoffeeScript is just a preprocessor. The underlying language (if you can call it that) is still JS with all the kludge that JS implies but there a couple of common idioms folded in to the language which you don't have to write by hand.

So for example string concatenation is a little less verbose in CS but will expand to the long hand form in JS. From a coder's perspective the results are the same but one is a little easier to read.

From the point of view of correctness I don't think it is a silver bullet but it does make working in JS less painful and more importantly IMO easier to automate generation.

1
0
sed gawk

I agreee really

As title, I do think it's a little more readable but there's not that much really, my thinking was that you could prototype code in ruby and make a couple of small tweaks (two lines in the above example) and run it through the translator and hey presto some JS.

Still you could just write the JS in the first place as you suggest, but I do think it's a little more readable but then again I don't really like JS anyway and I do quite like ruby so YMMV.

0
0
sed gawk

Simple example but it's less painful then JS, I'd say more rubyish than python.

RUBY

>===============

def encode(decimal)

# restrict range of input to 1 .. 3999

max_decimal = 4000-1

exceeds_range = "Only numbers in the range ( 1 .. #{max_decimal} ) are supported"

raise "Cannot convert (#{decimal}): #{exceeds_range}" unless (decimal <= max_decimal && decimal > 0)

# table of translation factors for each glyph in the subset of the roman numerals supported

factors = [1000, 900, 500, 400, 100, 90, 50, 40, 10, 9, 5, 4, 1]

glyphs = ["M", "CM", "D", "CD", "C", "XC", "L", "XL", "X", "IX", "V", "IV","I"]

# factorise decimal representation into roman numerals

result = ""

factors.each_with_index{|numeral,index|

order = decimal / numeral

decimal = decimal % numeral

result += glyphs[index] * order

}

result

end

Coffee

>===============

@romanNumeralGenerator = (decimal) ->

# restrict range of input to 1 .. 3999

max_decimal = 4000-1

exceeds_range = "Only numbers in the range ( 1 .. #{max_decimal} ) are supported"

throw new Error("Cannot convert (#{decimal}): #{exceeds_range}") unless (decimal <= max_decimal && decimal > 0)

# table of translation factors for each glyph in the subset of the roman numerals supported

factors = [1000, 900, 500, 400, 100, 90, 50, 40, 10, 9, 5, 4, 1]

glyphs = ["M", "CM", "D", "CD", "C", "XC", "L", "XL", "X", "IX", "V", "IV","I"]

# factorise decimal representation into roman numerals

result = ""

for numeral, index in factors

# in a more cpu focused language we could just use integer division

remainder = decimal % numeral

order = Math.floor(( decimal - remainder ) / numeral)

decimal = remainder

# this is the js eqivilent of glyph * order in ruby or

# glyph x order in perl

result += Array(order+1).join(glyphs[index])

result

JS

>===============

// Generated by CoffeeScript 1.3.3

(function() {

this.romanNumeralGenerator = function(decimal) {

var exceeds_range, factors, glyphs, index, max_decimal, numeral, order, remainder, result, _i, _len;

max_decimal = 4000 - 1;

exceeds_range = "Only numbers in the range ( 1 .. " + max_decimal + " ) are supported";

if (!(decimal <= max_decimal && decimal > 0)) {

throw new Error("Cannot convert (" + decimal + "): " + exceeds_range);

}

factors = [1000, 900, 500, 400, 100, 90, 50, 40, 10, 9, 5, 4, 1];

glyphs = ["M", "CM", "D", "CD", "C", "XC", "L", "XL", "X", "IX", "V", "IV", "I"];

result = "";

for (index = _i = 0, _len = factors.length; _i < _len; index = ++_i) {

numeral = factors[index];

remainder = decimal % numeral;

order = Math.floor((decimal - remainder) / numeral);

decimal = remainder;

result += Array(order + 1).join(glyphs[index]);

}

return result;

};

}).call(this);

1
1

Job ad seeks 'mediocre' developers

sed gawk

Re: What the company is missing ...

Funny thing is that web application is likely to be I/O bound not CPU bound so you could write the backend in assembler and you still not see a drastic improvement.

6
0
sed gawk

Re: What the company is missing ...

Professional grade is my term not yours, I meant a tool fit for a professional to use for a front end, in the example you quote.

I've written a few applications as.

1)Front end application implemented as some web interface (ruby/perl are 50/50 % split here)

2)Interface layer implemented as scripting language extensions in the same language as (1)

3)Backend end libraries in C & C++

Quick to develop, easy to enforce constrains in the API layer and access to your favourite scripting language for the glue.

language choices for 1 & 2 have largely been dictated by the client existing software stack.

For me I've not really seen much to choose between the current crop of scripting languages, they all more or less do the job within the contraints I've encountered. Then again perhaps we are thinking of different use cases.

I use ruby as a glue/scripting language, maybe some parsing/pre-processing or tools. But the code is more or less the same code I used to write in C i.e. I still use the self pipe trick and select in ruby ( it doesn't expose the pselect syscall, I can still use pseudo-terminals etc).

Nowdays, I'd only write in C/C++ to talk to hardware or if the code is something other than the usually (throwaway tools/sysadmin helper/fancy web app) that ruby seems to end up being used for.

The quality of people producing ruby code varies but I see ruby and C as complementing each other. I agree that given time to craft the work and a skilled worker, C and C++ and a sprinkling of assembler is all one really needs.

I'm glad I have ruby in my toolbox, I'm intensely grateful that it's not the only tool, I still don't see why it's a toy and not a tool ?

3
1
sed gawk

Re: What the company is missing ...

Hey jake, ruby is not so bad..

Hows the ranch? I love the sound of a slackware driven greenhouse..

Why would you classify ruby as a toy and perl as professional grade?

I quite like the (ruby) extension api as a way to expose C or C++ libraries to a scripting language (plain C api) as opposed to some of the other scripting language choices..

Ok it's totally hamstrung by a slow vm, but I must say it's quite nice to knock up little tools and scripts, testing is quite well supported, the community, well the community is the community what can you do?.

Perl is nippy and very powerful but testing perl is painful, extending perl is initially painful, (perlguts lied to me and I'm still sore).

There's lots of stuff I wouldn't use ruby for but I don't think it's a toy, so I'm interested in your thoughts, I usually enjoy your posts.

Sed

3
0

Super-powerful Flame worm could take YEARS to dissect

sed gawk

Re: Years to dissect? Really?

- didn't paste all the code..

#include <pthread.h>

#include <string.h>

#include <stdio.h>

#include <ctype.h>

#undef D

#undef E

#undef U

#ifndef C

#define I int n,r;

#define D(N) void*N(void*);

#define C pthread_create

#define E int l;char *ak(char *u){return (*u=(l+=6,*u)=\

='@'?'K':*u=='.'?'P':*u=='-'?'M':tolower(*u))?ak(u+1)-1:u;}

#define U int

#elif ! defined J

#define H "x\0\b\0\200\1\0\0\0\0\377\377\377,\0\0\0\0x\0\b\0\0\3"

#define E tn; char h[30]="GIF87a" H;void *(*fn[25])(void*)={

#define U };

#define D(N) N,

#define L return fwrite("\1\t\0;",1,4,stdout)!=4;

#define K {I for(r=0;r<8;r++)for(n=0,putchar(l);n<l;n++)putchar(B[r][n]|8)

#define J h[6]=h[24]=l=l-3;fwrite(h,1,30,stdout);K

#else

#define T pthread_t

#define E char B[8][256];

#define U int main(int c,char **a) { bdefhklmnprtuvwxyz57(ak(a[1]));J;}L}

#define D(N) void *N(void *y) {\

static I char *x=y;\

T t=0;\

if(!n && (r=tn)<24) C(&t,NULL,fn[++tn],y);\

if(*x&&strchr(# N,*x)) B[2+r/5][2+n*6+r%5]=16;\

n++;\

if(*x) N(x+1);\

if(t) pthread_join(t,&y);\

return y;\

}

#endif

E

D(bdefhklmnprtuvwxyz57)

D(bcdefgiopqrstz23567890K)

D(abcdefgjopqrstz123567890K)

D(cefghkoqstz23457890K)

D(mntuvwxyz7)

D(bcdefghklmnopqrsuvw256890K)

D(aimnxy1)

D(jkt14)

D(abdhmprxyz0)

D(mnoquvw237890K)

D(abcdefghklmnopqruvw560K)

D(befhikprs45689MK)

D(befghjmnqprstwxyz156890MK)

D(dghs234789M)

D(amnoquvw90K)

D(abcdefghjklmnopqruw4680K)

D(aivxz40PK)

D(ajkrtwy1247PK)

D(abdghnqvx456K)

D(amnosuw34890K)

D(abdefhklmnprxz25_)

D(bcdegijloqsuwz12356890_PK)

D(bcdegloqstuvyz123567890_PK)

D(cehklorsuwz1234890_K)

D(amnqxz2_K)

U

#ifndef T

#include __FILE__

#endif

0
0
sed gawk

Re: @PyLETS (was: 20 meg malware "threat" in the field for 2 years, undetected.)

Hey Jake,

Perhaps you could elucidate further.

Sed

0
0
sed gawk

Re: Years to dissect? Really?

I understand the point that you are making, in that syscalls/win32 calls have a fairly destinct appearence in the dissassembled output of a native binary.

However, there is no requirement for a malware author to use the api's for the intended purpose, meaning taking the api/syscall signatures at face value is unlikely to be helpful.

Suppose you have large volumes of logic in a scripting language that you can generate at runtime, then your native app, is just a host with the lua generator seeds + interpreter.

Also, what happens if all your interesting native code is application layer, and the api calls are just false flags.

What does this do - ( this is from the IOCC - so give it a punt before you look up the answer)

#include <pthread.h>

#include <string.h>

#include <stdio.h>

#include <ctype.h>

#undef D

#undef E

#undef U

#ifndef C

#define I int n,r;

#define D(N) void*N(void*);

#define C pthread_create

#define E int l;char *ak(char *u){return (*u=(l+=6,*u)=\

='@'?'K':*u=='.'?'P':*u=='-'?'M':tolower(*u))?ak(u+1)-1:u;}

#define U int

#elif ! defined J

#define H "x\0\b\0\200\1\0\0\0\0\377\377\377,\0\0\0\0x\0\b\0\0\3"

#define E tn; char h[30]="GIF87a" H;void *(*fn[25])(void*)={

#define U };

#define D(N) N,

#define L return fwrite("\1\t\0;",1,4,stdout)!=4;

#define K {I for(r=0;r<8;r++)for(n=0,putchar(l);n<l;n++)putchar(B[r][n]|8)

#define J h[6]=h[24]=l=l-3;fwrite(h,1,30,stdout);K

#else

#define T pthread_t

#define E char B[8][256];

#define U int main(int c,char **a) { bdefhklmnprtuvwxyz57(ak(a[1]));J;}L}

#define D(N) void *N(void *y) {\

static I char *x=y;\

T t=0;\

if(!n && (r=tn)<24) C(&t,NULL,fn[++tn],y);\

if(*x&&strchr(# N,*x)) B[2+r/5][2+n*6+r%5]=16;\

n++;\

if(*x) N(x+1);\

if(t) pthread_join(t,&y);\

return y;\

}

#endif

E

/* ____ END OF CODE __ */

Not trying to be difficult but I'm not any sort of expert in the domain, and I reckon I'm aware of quite a few techniques to make it difficult to determine the intent.

A simple stream cipher + interperter + randomized memory locations should slow most people down for long enought to collect the paycheck and move on to the next gig.

Imagine what tricks you might know if this was your domain, I fully expect that there are techiques for this kind of thing that make my feeble imaginings look rather old hat but hey it's not my domain.

Just some food for thought,

Sed

0
0

Don't bother with that degree, say IT pros

sed gawk

// reverse in place

void str_reverse(char *str)

{

if(!str)

{

ERRNO = EINVAL;

return;

}

else

{

// new scope for autos

char *begin = str;

// swap begin and end until we meet in the middle

for( char *end = (str + strlen(str))-1; end > begin; --end, ++begin; )

{

// using a temporary is probably faster now days but I like this method

*end ^= *begin;

*begin ^= *end;

*end ^= *begin;

}

}

}

Complexity

Hash tables/containers are O(1) -> lookup complexity is not dependant on size of container

Trees are O(log n) -> lookup complexity is logarithmically related to depth of tree

// Design patterns

The observer pattern is fancy name for a list of callbacks, something that is "observable" provides a mechinism for interested parties to register a callback (e.g function pointer in C).

When something happens, the observable object iterates over its list of interested parties calling the callback.

You might use that in an application by using the observer to update the view in response to changes in the model, in a traditional MVC application.

For what it's worth these question are a bit rubbish, anyone with any STL knowledge will know the complexity ratings of the various containers.

Secondly GOF is probably the most overrated book in the literature, some of the patterns are useful and some are widely overused outside of the problem they actually solve, e.g. the singleton solves the static initialization problem in C++ but almost everywhere else is just disguised global.

How about some questions which assess useful knowledge.

// knowledge of testing and refactoring

1) how would you refactor a piece of code which is atrocious in implementation but correct in behavior to a more maintainable design while preserving behavior.

2) how would you prove the behavior was the same.

// knowledge of existing methods

3) implement an efficient hash function for strings

4) explain why you chose that implementation and any tradeoffs in the design.

// Recursion -> Iteration

5) implement a recursive pre-order tree traveral i.e. visit(*node)

6) implement the iterative equivalent.

// IPC

7) name three methods of IPC

8) explain when you would prefer one method over another and why.

// Memory Managment

9) Explain how you would determine the maximal memory usage of a process

10) is there a way to impose a hard limit on the usage of your application (e.g allocators)

// Sorting

11) describe the behaviour of a quicksort

12) describe the behaviour of bubblesort

13) describe when is a bubblesort preferable to a quicksort

// STL knowledge

14) name three sequence containers

15) when should you prefer a pair of sorted std::vector<K> over a std::map<K,K>

// CI & build systems

16) what is the function of Continuous integration

17) name two CI systems

18) name three build systems e.g. Make/Ant/CMake

// Copy correctness

19) what properties are needed to make an object "trivally" copyable

// Estimation and planning

20) How do you estimate how long it will take to complete a piece of work

21) What safety factors do you build into your estimate.

// Low level knowlege

22) what is an atomic operation

23) how would you implement atomic increment and decrement on an x86 processor

24) how would you implement a mutex given the following primitives atomic_increment() and atomic_compare_and_swap();

BTW, left school at fifteen, been a paid programmer since seventeen, been training graduates and post-graduates since the age of twenty-three, now the highest paid person on the team (the only one without a phd).

Do I regret not taking a degree? Sometimes, but not so I could spend three years, reading textbooks that I could read at anytime, but more for the esoteric parts of the discipline, compiler construction - access to different architectures other than the x86 and mips.

I learned a lot on the job, working with really good programmers, I'm still learning all these years later. It's not about code - it's about design and architecture. You can learn these things yourself overtime, but the idea that three years trying to get your end away and killing braincells in the student union, confers some advantage to three years at the coal face learning your craft is a joke.

The main advantage of the really good course are the additional elements of the industry, but for your developer as opposed to your quant, a degree doesn't confer much except a whole bunch of bad habits which must be shaken out of the incoming member of staff.

As for getting your foot in the door, here what you do..

Setup a github account,

Start writing code, make sure that code has tests.

Go to the agile conferences, meet people around the industry.

Learn new technologies, for example teach yourself erlang.

Buy a copy of sedgwick`s algorithms - implement them, understand them.

Install Linux on a old pc, any old piece of junk will do.

Write some code, disassemble it, try and understand the relationship between the high level code you have written and the assembly it generated.

Learn a scripting language - like ruby or python - learn how to interface them to native languages.

Write simple network applications and use a packet sniffer (Tcdump or wireshark) to examine the packets and understand whats going on when you send something across the wire.

Use distributed source control (git or mercurial )

Keep your chin up and your resolve strong and you will do it, keep applying and don't let the bar-stewards grind you down.

Qualifications don't mean anything, ability and experience are everything.

You can't teach ability and remember experience is a fancy way of saying "I made that mistake already so I won't do it again" no more - no less.

0
0

The 64-bit question

sed gawk

That wou;d be NSPluginWrapper

nspluginwrapper is method to run 32-bit plugins inside a 64-bit firefox

0
0

Enough with the Apple App Store apathy

sed gawk
Thumb Down

Rubbish

I write code for a living, I work for a large company on a massive source base 5 million + locs I also contribute to a few FOSS projects. There is way more stinky code @ day job than in the FOSS arena. Where commerical software has the edge is being *able* to pay people to work on nice interfaces. That said the *ablity* to afford decent ui design doesn't automatically translate to the *desire* as shown by the woeful UI design of many commercial applications.

2
0

Virgin Media set-top box modder gets 5 years

sed gawk
FAIL

Wouldn't be so impressed with SKY.

Prior to a rewrite of the payment gateway for mobile purchase, 1 in 10 boxes shared the same decryption key due to the limited range of the code used and the cobbled together *in house* crypto (not worth the name).

After the rewrite, now *only* 1 in 1000 boxes shares the same key. Still stored on the box, but at least now they use a reasonable cypher.

Still, the code only protected some really crap games so *shrug* not so big a deal, still if you're going to implement crypto then use a cryptographer and do it properly.

0
0

Smart meters pose hacker kill-switch risk, warn boffins

sed gawk

Re Rental

Not quite, nominally the idea is that the meter is supposed to help you workout if you can save electric, but really the thing is just a method for working out that a particular electric signal is a fridge and not a telly, so you can more accurately model the usage profile of different times of day and adjust accordingly (you as a punter, not so much the electric company).

As a punter, your bill will be more accurate but other then that, I couldn't really see any huge benefit to the punter for having one, no downside either really).

The Net and PC combo is only if you want the pretty graphs as a user, the meter itself doesn't require an active connection, it just broadcasts encrypted data when ever a suitable dongle is in range.

Sed

Meter reading becomes, as simple as turn up to premises with laptop and 3gdongle with spare usb port.

Insert dongle, wait a couple of seconds to grab the usage data and off you go, not much different from just looking at the numbers on screen.

Given I wrote the code myself, I'm quite sure that the code only exists in my former employers git repo.

About the only thing from that board that is available to anyone other then the manufacture is the AES implementation and fat lot of good that will do you.

As for Mac/Nix etc version of the dongle code, no you have to log on to the website and *choose* to upload the data.

Of course there are many versions of low power short range comms over usb out on the market but, it doesn't matter as the dongle itself doesn't forward the data, its just a passive consumer bit like a oyster card reader.

0
0
sed gawk
Thumb Up

for what it's worth at least one of these meters is well secured.

I worked on one of these smart meters for a previous employer.

The smart meter hardware was not accessible from outside the fusebox (inductively powered).

The meter encrypted all data with 256-AES as a block cypher (i won't disclose the stream cypher built around it, but suffice to say it's an encrypted-authenticated protocol) prior to broadcasting to a USB dongle attached to

the user's pc.

This encypted data was passed to the electric company servers, decrypted there and

the data used for graph generation and peak usage analysis.

The cypto protocols were designed by a proper cryptographer at a truly eye watering daily rate.

Key points.

1) you can't shut the thing off remotely as you can't communicate with the meter directly.

2) all data is encrypted between meter -> dongle -> server

3) the key on the meter's only help you with that meter and don't help you touch any other meters.

4) no keys are stored on the dongle and the meter key is burned in at manufacture time.

5) the protocol between the server and the meter had some nice safeguards built in so someone trying to hijack an established connection would fail, hard causing that meter to be flagged.

6) the meter itself is an embedded board(no external connections), so in short unless you remove your own meter, reverse engineer it to derive the key *AND* somehow break into the server with the master keys, all you have is a really rather useless meter that will be spotted next time you try to connect to the server.

@AC 15:55

Professor Anderson is quite well known in crypto circles, I suggest you google him prior to gobbing off about him trying to get publicity.

2
0

ConLibs leave open question over net surveillance

sed gawk
Black Helicopters

Agreed

I personally think that the widely used algorythms are secure, however it's not beyond the realms of possibilty for *GOV to;

1) have sufficent distributed computing power to reduce the problem to the point

where a rainbow table or some variant thereof, might solve it quick/easier then rubber-hose cryptanalysis.

2) have suffiencent funding to employ experts in cryptanalysis on a 24/7 basis just to squeeze a few percent more of some refinement on brute force using the aforementioned computing power.

There are some really quite head scratching side channel attacks, but who know, if anyone has the money or the time to explore every option no matter how bizzare or unlikely it seems, it would be *GOV.

That said, I think brute forcing no matter how smart you make it, is going to struggle on internet scale volumes of traffic, and god know what *useful* info you glean from the junk flying back and forth.

Still if something really really big comes up, it'll leak, scientists engineers, programmers gossip like old women and breaking AES by 5% or whatever would keep you in beer for quite a few rounds.

1
0

Home Secretary swats away calls for Mosquito ban

sed gawk
Thumb Down

There is a nice example of this in Bristol

A friend of mine is a (probation) youth worker in Bristol, the offices where her clients are *required* to attend, are directly opposite a large supermarket which has these fitted.

So choose between suffering a persistent sonic assault or violating parole conditions, some choice!

I think these devices should be illegal, and the makers forced to compensate people who are *required* to attend areas where they are deployed.

If you want to disperse people, what's wrong with the old nightclub favorite of playing country and western music, it cleared the room in every club I've ever been in.

0
0

Page:

Forums