* Posts by bazza

1548 posts • joined 23 Apr 2008

Microsoft, IBM, Intel refuse to hand over family jewels to China

bazza
Silver badge

Re: Benefits...

Ask yourself this: how would the average Chinese citizen react to hearing their government actually benefited a foreign company over one of their own? Outrage! (and as calculated by the party).

It's more complex than that. Huawei, a Chinese company that does actually come up with good ideas of its own and makes good money selling them all over the world, has problems with their products being faked and flogged by other Chinese companies. There's not much patriotism in play, it's all about making as much money as quickly as possible no matter what the risks or consequences. Hence the various food contamination scandals, etc.

The communist government is quite capable of controlling what people think - it controls the media. A few years ago they stirred up some anti-Japanese sentiment for some crazy reason or other, riots, Japanese cars being burnt in the street, etc. Whatever it was all really about escapes me (there was some WW2 angle used as an excuse) but it went too far; the Japanese auto manufacturers started closing their factories in China, put a lot of people out of work. Funnily enough the riots stopped just as quickly as they'd started but it was too late. A lot of Japanese manufacturers decided that operating in China was more hassle than it was worth.

20
0

Google turns on free public NTP servers that SMEAR TIME

bazza
Silver badge

Frustration

What makes this all very frustrating is that there's already perfectly good solutions to the leap second problem.

If OS developers wrote their OSes to use International Atomic Time instead of UTC as their base timescale, the OS would never need to deal with a leap second.

And there's perfectly good libraries for converting TAI to, e.g. UTC that already handle leap seconds, can do accurate time calculations, etc. One such example is the SOFA library from the IAU.

Like everything else it cannot predict leap seconds, but an OS is already well placed to receive library updates as part of its regular maintenance. Why not this one too? And if every developer used TAI instead of UTC to represent time values then all their calculations would always be correct, with conversion to UTC for display being the only thing that'd be wrong in the absence of updates.

8
1

Aw, how sweet: Google Brain claims to clock diabetic eye diseases just like a proper doc

bazza
Silver badge

Welll...

The problem as always with something like this is clinical responsibility. If you make something that can tell whether or not you have some condition or other, it is saying either "yes, you have it", or "no you don't".

The problem faced is that if your box is even slightly subjective (such as a neural network output), you cannot really afford to have it say anything substantive. So the answers it has to give have to be toned down to "maybe, go see a doctor", or "maybe not, go see a doctor". In which case, what's the bloody point of not just going to see a real, qualified human doctor in the first place?

Not toning the answer down and giving a straight yes/no answer means you're accepting clinical responsibility for the accuracy of the answer, and the resultant liability for those occassions where your box's answer turns out to have been wrong. A false positive upsets patients, and may lead to damaging and inappropriate medical intervention. A false negative may kill them. If you've made claims of complete reliability, you take the blame for that.

So whilst their system might have a strong performance from a statistical point of view, it doesn't amount to anything practically useful at all unless Google are actually willing to accept the liability for the system's performance. I can't see them doing that.

The same's true for a human doctor, but they can get insurance cover.

2
1

Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars

bazza
Silver badge

Re: That's a lot of code

Perhaps not all of this code is safety critical. Perhaps most of it could be banged out over a weekend, in the usual manner.

That's basically what the self driving car types are doing. Their approach is to get enough cars running incident free for long enough that they can get approval through mere statistical argument.

It's deeply worrying that this approach may actually be accepted by regulators. Unreviewed, unprovable safety critical code with no triplicate redundancy? No thanks. A statistics-based approval ignores the possibility of a systemic date-sensitive bug lurking unnoticed in the code base that will do something very damaging at some point in the future.

Fortunately it seems that their best efforts so far are a long, long way from being statistically acceptable.

4
0

San Francisco's sinking luxury Millennium Tower: Tilt spotted FROM SPACE

bazza
Silver badge

In fact, the Japanese built an entire airport on a man-made island that is sinking at many centimeters per year... and all of the structures there are built on jacks. It's actually quite remarkable. So if something sinks more than expected, that doesn't mean the safety margin has been exceeded.

Kansai Airport has sunk far more than expected, and there is some nervousness that it won't stop before it sinks beneath the waves. The building jacks keep them level, but won't keep them dry.

The loss of Kansai airport would be hugely problematic; they're planning on closing Itami airport in nearby Osaka, leaving just Kobe's small airport as backup. Basically the whole region needs Kansai airport to stop sinking.

6
0

Integrator fired chap for hiding drugs conviction, told to pay compo for violating his rights

bazza
Silver badge

Re: When you've done the penalty, that should be it.

Data#3 look pretty dumb here. No employer anywhere is entitled to know everything about one's personal life and history. Sacking them subsequently when they've already asked whether the company needs to know of specific aspects about their personal life is pretty crazy.

They should ask themselves, would they sack someone if they found out they had liked the band Genesis? Many today would consider such a past to be fairly appalling, but it's not a sacking offence. Obviously if they're still a fan, well that's different...

4
0

Airbus flies new plane for the first time

bazza
Silver badge

Re: First Flight Challenges

I know, but the first flight of the first A350 was just as uneventful. And the A330. And pretty much everything else that has been flown in recent decades.

Back in the old days it was definitely more exciting. Bill Parks, Lockheed's legendary test pilot, demanded and got extra (extra! Ordinary danger money was already part of the package) danger money for taking Have Blue (the F117 prototype) up for the first time it was such a ramshackle assemblage of second hand junk. Hugely successful though.

7
3
bazza
Silver badge

First Flight Challenges

There rarely seem to be any challenges these days.

In the old days the test pilots would strap themselves in, light the fires and take the aircraft up for a quick circuit and get it back down ASAP before one of the many items that are clearly wrong / broken / rattling / wobbling / leaking / overheating bring it down in a smoking ruin of bent, shattered and charred aluminium. A lifetime of excitement compressed into 5 minutes of sheer exhilaration, possibly ending in some parachute time.

Nowadays it's normal to be able to take the plane up for hours on the first flight and fully explore the flight envelope. One wonders what the remainder of the flight test campaign is really for these days.

Of course, this is a good thing.

Anyway, congrats to Airbus and the wider aviation community for getting it right so often. It's become so normal that we moan about delays.

42
3

Emulating x86: Microsoft builds granny flat into Windows 10

bazza
Silver badge

They kinda did sort their shit out back in 2008/2009. They showed off win 7 + office recompiled for ARM at a trade show, and everyone though "MS is really getting to grips with ARM". And then instead they did Win RT, Windows 8, and it all turned into a debacle...

Windows has traditionally been reasonably re-targetable, they just failed to spot where things might go with ARM. They could right now do it, but with UWP targeting the non existent mobile platform (Win 10 mobile) they're still missing the point.

3
0

Apple unplugs its home LAN biz, allegedly

bazza
Silver badge

What's Going On?

Apple are dropping their WiFi product line, Google are busily trumpeting their own that's not on sale quite yet?

One's gotta wonder what Google see in it that Apple don't. Slurping opportunities?

8
2

Donald Trump confirms TPP to be dumped, visa program probed

bazza
Silver badge

And so it begins...

America's heading towards recession. That'll do no one any good.

3
5

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

bazza
Silver badge

Be Careful What You Wish For...

Calling for regulated security on IoT devices is, well, likely to have consequences more far reaching than anticipated.

For a start, when is a CPU + memory + NIC + software an IoT device, and when is it just a computer or smartphone? They're all potentially involved in home automation, especially if you consider the app as being part of the IoT system.

To illustrate the difficulties of trying to make a legal differentiation between IoT and non-IoT, consider the Raspberry Pi. IoT device? Yes. Computer? Yes. Router? Yes. Server? Yes.

So you cannot reasonably apply a bunch of regulations to an IoT device that then don't also apply to smartphones, computers, home routers, smart TVs, back end services, the entire Internet, Thus if the law required IoT devices to meet minimum security requirements, receive regular updates, etc they'd have to apply to everything else too, otherwise there'd be no point.

That would be a problem for Android in particular.

2
2

Samsung sets fire to $9m by throwing it at Tizen devs

bazza
Silver badge

Re: Pocket change for Samsung ...

Perhaps they're getting nervous of the direction in which Google are taking Android. The version on the new Pixels seem to be hinting at Google heading in a Google-only direction. If that's true Samsung will need a plan B.

Tizen doesn't seem to me to be a very good plan B.

It's quite interesting to see what the Chinese have done with Android. They've successfully taken it forward and, with a degree of government backing, supplanted Google's own services with their own domestic providers (Baidu). It's a flourishing ecosystem, and not being involved in that makes it very difficult now for both Google and Apple to get market traction there. China succeeded because it's big enough that their own local monopoly could do its own thing and ignore Google.

Doing another "China" would be a better plan B. Could Samsung do the same thing, provide their own replacement services? Probably not. Google's walled garden already encompasses most of the Western World. There needs to be government enforced separation of OS and services and open competition between providers (aka Break Up Google!) before another mobile OS can survive. BlackBerry have tried hard (excellent services, excellent OS, market failure), and it didn't stop the juggernaut. Microsoft too. Even Apple are losing out. BlackBerry may survive because, in their recent adoption of Android, they've decided to climb on board rather than be squashed by the tires again.

4
0

China gets mad at Donald Trump, threatens to ruin Apple

bazza
Silver badge

Re: Perhaps Tim Cook saw the Runes

Musk made (to my astonishment) an interesting point. He noted that if all manufacturing were automated, we'd have to pay a basic wage to everyone just for living. That'd be especially true if all agriculture were automated too.

That'd be either extremely unhealthy, or very far sighted, or both.

6
0
bazza
Silver badge

Re: The Chinese don't lose

A trade war is no different to a military war; you can't win, you just hope to lose less badly than the other guys.

16
0
bazza
Silver badge

Re: Trade War

The move of manufacturing from the USA to China stems from the fact that company chairmen and directors have a fiduciary obligation to maximise shareholder value. This is not a trivial thing, it's deadly serious, especially in the USA. In the USA you can end up in deep personal trouble (e.g. jail, ultimately) if, as a director, you fail to improve value through gross negligence.

One big way to improve value is to make manufacturing cheaper. China was cheaper than the USA.

Now if, 20 years ago, a company chairman, CEO or director had refused to relocate manufacturing to China they'd have been laughed at, probably sacked, or (depending on how they'd 'lied' about the reasons not to) sued / prosecuted / jailed. Saying back then that concerns about long term geopolitical consequences were a reason not to off-shore was simply not a plausible argument, and probably detrimental to one's own future.

Result? China became the world's factory.

Many shareholders all over the world are terrible at taking a long term view - get rich quick or get outta here. They're to blame, they're a scourge on our society.

OK, who are they? Ah, it's our pension schemes. That means practically all of us are ultimately to blame.

The problem with Trump's strategy (let's call it that for the moment) is that imposing trade barriers effectively forces there to be a great reckoning. Just how much money does America have? How well has America invested in the education and training of its own people? How willing are Americans (remember that he's kicking out the illegal immigrants too) to do boring, low paid manufacturing work? Are they prepared to accept that a made-in-America microwave oven of any sort really should cost $400, not $50? None of these questions have good answers...

30
6

Fake election news meltdown vortex sucks in Google

bazza
Silver badge

Someone Wise Once Said...

...That a lie can run round the world before the truth has got its boots on.

The difference today is that the lie gets a helpful push from the likes of Google and Facebook who then glue the truth's boots to the starting blocks.

5
0

CERN boffins see strange ... oh, wait, that's just New Zealand moving 2m north

bazza
Silver badge

CERN's data shows how wobbly the planet is, really. They've previously reported correlation between beam position and waves crashing ashore in the Bay of Biscay. So if nothing else they can give worthwhile surf reports for the Atlantic coast of Europe!

9
0

Your body reveals your password by interfering with Wi-Fi

bazza
Silver badge

Re: I'm not saying this is BS...

Speaking as an RF engineer, it sounds perfectly plausible to me. Though I suspect they need the phone to be relatively still for it to work.

Another way to defeat it is to not use public WiFi.

13
2

Google: If you think we're bad, you should take a look at Apple

bazza
Silver badge

Re: Market Dominance

@David164,

And it doesn't force them to install any of their apps either. As proven by Amazon, hardware makers have the right to default android and avoid installing any of Google apps.

You're forgetting the role of Google Play Services. Android app writers are forced to write their apps to use these services if the want access to things like mapping, messaging, etc on mainstream Android. Google do not open source Google Play Services. So they're not on Amazon's version of Android.

So App developers are limited in what their app can achieve if they want to target both Google's version of Android and Amazon's without having two separate code bases. So guess what; the app developers target their software for Google's version of Android with Play Services, because that had the biggest market share.

And because Apps are reliant on Google Play Services, the phone manufacturers have to succumb to Google's terms and conditions if they want to make a phone that is marketable.

This strategy has worked very well for Google, but it backfired in China. Baidu was big enough and quick enough to be able to displace Google's Play Services with their own equivalent. There's 1billion+ Android users in China, non of whom are paying into Google's coffers by using Google's services. It's backfiring for Apple too - incompatibility with Baidu's services is becoming a market killer in China, no matter how shiny your phone is. In many ways Baidu have outstripped Google's services, for example offering payment systems that work widely long before Google Pay.

0
1

Testing times: Between some IoT code and a hard place

bazza
Silver badge

Some OSes like VxWorks have long had nice facilities for post-mortem debugging. With that you can write your software to log various things in a circular buffer, as well as a ton of OS / task runtime scheduling data. If it ever goes bang you simply connect the debug environment (or extract the buffer content somehow) and see what had happened in the time leading up to the crash. Very nice. And being a nice, tidy, tiny OS makes it well suited to an IoT device.

And you can achieve similar results with Linux these days; stuff like FTRACE and kernelshark spring to mind. Maybe Linux needs more resources to run than VxWorks, and this matters a lot for price conscious consumer products.

These are all nice things to have, but in microcontroller land we don't really get an OS. We know we want that kind of post mortem capability, but it's a pain to have to develop it all oneself.

2
0

Mac administrators brace for big changes to Apple-powered fleets

bazza
Silver badge

Re: Goodbye Hackintosh?

Given that a lot of iOS development seems to be done by people in hackintoshes, it would be bad news for iOS popularity too. Less app development = a reduced iPhone ecosystem.

2
1

Retiring IETF veteran warns: Stop adding so many damn protocols

bazza
Silver badge

Re: He is right

"He's right, up to a point (and I've known him personally since 1993). But he's wrong too: you can't stop people inventing new ideas;"

Well, we kinda do stop people inventing pointless new protocols and stuff, but only through ensuring they don't profit from them. For example, some IoT startup wanabe creates a whole load of proprietary stuff, and they're highly unlikely to develop into the next Apple or Google. In fact the problem we have is that there is Apple and Google, they have created their walled gardens, and no one else can get a piece of the action.

From the article:

"While diversity in approaches is inevitable and valuable, too many options damages interoperability," Callon observed according to a write-up of the talk in the IETF's most recent newsletter. "We have to be a little concerned about creating too many options because some vendors implement some, while some vendors implement others, and suddenly we don't have interoperability."

He's underdone it there; we should be gravely concerned about the decline of inter-operability. We have a lot of low level standards that work (http, ip, etc), but compatibility with those is not enough to ensure level competition between clouds and online service providers. A lot of new stuff has been built in recent years with the deliberate intent of walling in customers. Part of the problem is that no service of a brand new type can be inter-operable; it is inevitably in a class of 1. However as soon as someone else starts up a similar service there is zero value to the original provider to be inter-operable. And government is too lacking in technical understanding to see that these walled gardens are going to cost the consumer a lot of money. It's practically a license to gouge the market. Look at the "Apple Tax" you have to keep paying if you want to retain access to all that music you've bought in iTunes...

The industry has long since learned that bring a new service type to market 1st is key; quality doesn't really matter up to a point, but being first does. Lock those users in.

3
0

Standing out from the crowd with an Android phone? You and 90 per cent of the market

bazza
Silver badge

Re: Blackberry

And of course 'BlackBerry' means two separate things. There's BB10/QNX, and then there's the Android based ones.

BlackBerry must be continually annoyed to be dismissed as irrelevant when they have what is probably the best spin of Android out there.

5
0

Why Apple's adaptive Touch Bar will flop

bazza
Silver badge

Flawed Market Analysis

Say, just for one minute, that the new Macs were fantastic in every way apart from this touch panel, then maybe we'd put up with it and Apple would deem it a commercial success (even though we all hate it).

The risk is that Apple identify it as the sole reason why no one is liking the new Macs, drop it, and then make everything else even worse than it is at the moment. That might be terminal for Mac in general; if Apple cannot identify the reason they're not selling they may falsely conclude that a Mac (of any design) won't sell in the future, and give up.

It's kinda the same in the PC world. MS think Win10 is ace, it isn't, so we're not buying PCs. Our old Win7 boxes are fine, so we buy nothing. Cue lots of talk about the terminal trajectory of the PC market...

Someone somewhere is going to have to make a usable, affordable PC class computer. We're not going to develop and write everything from this point onwards on mobile phones.

25
1

Qualcomm makes China pay

bazza
Silver badge

Now we Know the Intel modems are Rubbish...

...Qualcomm can put the price up on theirs!

0
0

Smart Meter rollout delayed again. Cost us £11bn, eh?

bazza
Silver badge

Re: Smart meters have only ONE purpose

Round our way the installers are taking the opportunity to do a quick survey of your electrics, gas appliances.

1990's houses here, so of course they're finding "lots to be done", and their reports are designed to scare people into getting lots of unnecessary work done. Some people have fallen for it...

5
0

WebAssembly: Finally something everyone agrees on – websites running C/C++ code

bazza
Silver badge

Re: Safe?

@PNGuin,

"Why would you need C/C++ to make a website safe?"

Wrong way round. C/C++ (or indeed anything else that can be compiled down to a WASM) can be run in the browser safely, everywhere, probably. The emphasis is on the "dangerous" language being available to a programmer but being fully constrained by the sandboxed Javascript engine that actually runs the WASM.

"So all the 3rd party malvertising sites can run their malware more quickly in the browser? Yeah, progress at last. Sounds safe enough to me."

Quicker, yes. AFAIK the safety of a WASM is vested in the safety the Javascript engine's sandbox. The C/C++ can't do anything that the sandbox won't let Javascript do. So it's neutral, security wise.

"You'll have Norton running natively in the browser next. Oh well, at least that'll speed things up a bit."

There's already been proof of concept HTML5 viruses that reside solely in the web browser. Web browsers are simply yet another execution environment, and will / are going through the same phases of bug discovery and fixes as, say, an OS. The more features that get added to that execution environment the worse it'll get. The more such features are used, the less relevant the sandboxing becomes; the sandbox merely prevents web code from interacting with the host OS in certain ways, but that's less relevant if the place malware wants to run is actually in the web browser's own execution environment itself, inside the sandbox.

There's plenty of opportunity for the web browser to use different tricks to ensure one website cannot interact with another's data (e.g. encryption of persistent data, which is in fact what they do), and this will make it considerably harder for malware to succeed. However, if it gets out of hand then there may have to be things like Norton inside browsers. Eeek! On the irony scales, that'd be a full set of tens.

Like many others posting, I'm thinking "oh no here we go again". They're talking about supporting garbage collected languages like Java, C#, god knows what else. If this isn't history repeating then I don't know what that phrase is for. If the end result is indistinguishable from a Java browser plug-in done properly (i.e. properly sandboxed), why not just do a Java browser plug-in properly and miss out the nonsense JavaScript part?

28
1

Google drops a zero-day on Microsoft: Web giant goes public with bug exploited by hackers

bazza
Silver badge

Re: Did We Mention Chrome is Unaffected?

Disagree. Google patched it (side question - how does Google always seem to know more about Windows than Microsoft?). They let Adobe and Microsoft know we have a major issue. Adobe said "Shit, thanks for the heads up" and fixed it days before any public announcement. Microsoft sat on their hands and did nothing for 10 days, three days past the Google security standard for their Chrome devs, then released the info to their Chrome developers...

Get real. All Adobe and Google have done is block use of that system call in their sand boxes. They've not fixed anything, they're simply ensuring that it can't be exploited through Flash or Chrome.

Once you have a sandbox, that's a far easier job than actually fixing the bug in the OS itself. For comparison look how long it took Apple to fix their latest (stupid, self inflicted) OS kernel flaw - months. There's probably good reasons why MS cannot fix the bug quickly.

Personally speaking I don't see that Google or Adobe had any real choice. If the bug is being exploited then we have a real problem and they're in a strong position to mitigate against it, fast. But in doing so they're inevitably advertising the existence of the bug. So they may as well just come out with it and give the rest of us a heads up.

In the round it's probably better to mitigate for this flaw in browsers ASAP because that'd always be the primary exploitation route. Gives the rest of us a problem though.

5
0

Uber drivers entitled to UK minimum wage, London tribunal rules

bazza
Silver badge

As others have pointed out if things like VAT became applicable then it'll kill Uber' business model.

Here's a few other things they'd need to pay for. HR, recruitment, third party liability insurance, offices to house those things, staff background checks, car maintenance, car purchase, MoT checks, VAT and all the other taxes and minicab operator licensing to name but a few. And they'd then have to operate like a minicab service, not like the black cab picking up randomly in the street.

After all, if they employ the staff then they're an employer, and are therefore liable for the full business costs of employing them and running the business.

In short, I can't see Uber surviving this in the UK. I can't see their appeal succeeding, given the damning and unequivocal nature of the initial judgement. And with their costs rocketing skywards there's no profit to be made.

So whilst we're in the mood for overturning distasteful USAian business and employment practises that have been found to be riding rough-shod over our own customs and laws, how about someone finally getting round to challenging Apple about their refusal to honour the statutory 2 year warranty on consumer electronics?

6
0

Qualcomm agrees to acquire semiconductor biz NXP for $47bn

bazza
Silver badge

Re: Automotive

Qualcomm may want to close down some of NXP's product lines, but they'll struggle to do that completely. NXP have Freescale, and hence chips like the PowerPC 8641D, etc. These have been widely used in many really quite important military systems in the US, and Uncle Sam won't take kindly to the supply being cut off. Some parts have found a use in the F35 program, and there's no way on earth anyone will consider doing a silicon swap anytime soon.

That happened to Apple when they bought PA Semi all those years ago. Apple bought the company for the staff, not the product line, and promptly announced discontinuation. The US gov told Apple that they had to keep PA Semi's PowerPC SOC chip going, because it had already been incorporated into some fairly significant military systems. To cap it off, the staff (there were a lot of ex-DEC silicon engineers involved who had started up PA Semi in the first place) didn't like being Apple drones and quit, setting themselves up as yet another startup called Agnilux which then got bought by Google.

At the time that SOC was unmatched by anything else on the market, and it would have been impossible to migrate the designs on to alternate silicon. By the standards of the day it was phenomenal - dual core, 2 GHz, 64 bit, dual Eth NICs, fast memory interface, well suited to real time applications, lots of GFLOPS, all in less than 13 Watts.

1
0

Self-driving cars doomed to be bullied by pedestrians

bazza
Silver badge

Re: Wait a minute...

The point is that no one will want a self driving car in town, nor ones that have autonomous anti-collision self braking systems that won't let the car run over a pedestrian. If every vehicle has these things then pedestrians can safely walk out in front of any vehicle and not get run over.

And the problem is that pedestrians will do that, and the car driver won't get anywhere at all. Result - driving a car in town becomes a very slow way to travel.

Then there's kids. They'll be jumping out in front of cars just for the laughs. It will be really annoying for car driver's, but if these systems are mandated by governments that's what will happen.

That would also lead to some unfortunate accidents. During the transition from driven to self driving / self stopping cars there will come a point where kids are used to most cars being automatic. And that means they're at some point going to prank an older car that doesn't have the automation and will get run over...

16
1

Let's praise Surface, not bury it

bazza
Silver badge

Re: They fluffed it ages ago

And it would have put MS at the forefront of ARM servers too. Instead it looks dead certain that they'd miss that too if ARM servers take off in a big way. Linux is already there of course.

To be moderately fair on MS, when they started all this ARMs were pretty feeble compared to x86 and to where they are today. MS's mistake was to think that ARM would always be too small for a full desktop. Oh how wrong they were.

There's also OpenPower that's looking very promising. They should be thinking about that too in my opinion. Superfat binaries anyone?!?!

1
0

Not call, Intel – not call: Chipzilla modems in iPhone 7s fall short

bazza
Silver badge

Re: There's only two reasons Apple is doing this

Well, the leverage isn't going to work if the Intel chips are rubbish. Qualcomm may put their prices up!

Intel are not going to support CDMA (actually you mean CDMA2000. CDMA was the original 2G digital cellular standard in the US that lost out globally to GSM). Or, they'd be mad to do so. It's a yesteryear standard, it's only 3ishG, and it's not used anywhere other than the USA these days. So at best it's a limited market and a declining one at that. It's hard to justify the investment.

The poor sensitivity may be a firmware inadequacy, but it's far more likely to be a poor quality RF front end. To make a modem all Intel have to do is implement the DSP as outlined in the standard and bolt on on a front end. There's not much room to tamper with the DSP, so the inadequacy is more likely to be in low-spec analogue components in the RF front end.

It does raise the question as to whether Apple ever bothered to do any qualification testing on their prototypes. This kind of under performance would stick out like a sore thumb in even the most trivial of bench tests, and you'd like to think that they’d reject it if it. Seems like they've just stuck down the Intel part, done a quick functional test and shipped it. Sloppy. Or just arrogant-don't-care.

11
0

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

bazza
Silver badge

Re: ECC is not a defense

@DougS,

However, LPDDR4 supports an optional capability called target row refresh (TRR) that effectively eliminates the ability to exploit rowhammer. So no need to add ECC, just use LPDDR4 which newer phones have been doing anyway and make sure it supports TRR.

Interesting. Earlier I speculated that the memory industry hadn't done much to mitigate against rowhammer. Seems I wasn't entirely correct.

This 'optional' feature, I wonder if it's an optional part of the LPDDR4 specification, or a compulsory part of the specification that CPUs can optionally exploit if they want to? Either way, 'optional' sounds like someone somewhere wants to make a fast buck and who cares what the consequences for customers end up being. Booo.

Not for the first time I find myself wishing that the tech industry would take a leaf out of other industries' books. For example Rolls Royce, Pratt & Witney and General Electric are deadly serious competitors, yet they will (and have) drop everything to help out a competitor if they run into a serious safety issue. Reason? Everyone benefits from safer engines, and means a bigger market for everyone. The aviation industry is consequently very safe.

[Apart from the mathematically very dubious decision to allow the EC225 Super Puma helicopter to continue flying with a suspect gearbox so long as it was thoroughly inspected after every flight. I say dubious, because whatever calculation was performed to arrive at 1 flight per inspection cannot reasonably have had zero error bars... It took another fatal crash to get it grounded]

In contrast, too often in the tech sector one company's security fails are seen as another's marketing opportunity.

TRR is optional? Great, thanks guys, thanks for not helping out. Whatever caused that to happen should be been resolved in the standard long before it was published, even if that meant company A giving company B money and assistance to bring that about.

5
0
bazza
Silver badge

Re: ASLR

I think there was a recent report about defeating ASLR by looking at the addresses in the branch address cache and matching those with the known structure of the OS, thus figuring out the current OS layout in memory.

On Intel Haswell CPUs, not on ARMs.

0
0
bazza
Silver badge

Re: ASLR

@Dinsdale247,

"Conversely, it doesn't help that this is The Linux Kernel Maintainer's attitude towards kernel level security:"

Whoa, hang on a moment. I'm not a fan of Linus, but he's got a point. If you go and misuse the Linux kernel (as a very large number of people do) that's your problem, not his. It's not his job to decide whether Linux is appropriate for your Web server, router, nuclear power station, etc. Linux is free of cost, you have no contract with him.

If you want something 100% secure, whatever that means, look elsewhere. And good luck.

4
0
bazza
Silver badge

Re: Doesn't work on my Nexus 6P

I did wonder about trying it on my BlackBerry Z30, see if the Linux system call shim present in BB10 is good enough to run it, and have it succeed.

Then I decided that a pint was a far more interesting prospect...

1
0
bazza
Silver badge

Re: In the long run ...

"Parity should be for everyone, not just farmers IMO. :)"

G

R

O

A

N.

5
0
bazza
Silver badge

Re: In the long run ...

There's no need for ECC. Just making memory chips with better operating margins would do it. Trouble is it's be slower, more power hungry, or both. We're only in this situation because memory designers have been shrinking design margins over the years in the quest to be a bit quicker, a bit more economic.

6
0
bazza
Silver badge

There's no need to imagine it. Paper written, app published. It's real. Eeek.

The interesting thing will be to see if any of the memory manufacturers care. The warning signs have been there now for 2 years, not a lot has been done to prevent it I suspect.

We'll all care if someone manages to construct a piece of mega-malware that makes the attackers a ton of cash at our expense (a dialler, or who knows what sort of attacks are possible against Google Pay).

6
0

Ageing GSM crypto cracked on commodity graphics rig

bazza
Silver badge

2G FruiG

Now that's an old fashioned ice cream flavour.

1
2

DNS devastation: Top websites whacked offline as Dyn dies again

bazza
Silver badge

@Streaky,

"The internet was designed very insecurely"

Security wasn't a consideration at all in those days.

Fundamentally everything we have security-wise is a bodge. Ultimately no matter what security mechanism one contrives, it always boils down to the following. Machines are hopeless at identifying people.

4
1

Tesla's big news today:
sudo killall -9 Autopilot

bazza
Silver badge

Re: "...purchasing a vehicle with non-working features?"

@JeffyPoooh,

"Seeing as how it needs to be planned, documented and developed to some process resembling DO-178B or C, DAL perhaps A or B,"

Quite.

The automotive industry has for years been "avoiding" this issue. They use the MISRA rule set for C programming as a means to justify claims that their software is "safe". The problem is that i) MISRA is more like smoke and magic than hard proof of correctness ii) MISRA tool chains that I've used are perfectly capable of compiling correct source code to junk object code that doesn't implement the source code (it was optimisation bugs), iii) there's no guarantee that their C libraries are themselves MISRA compliant. In fact one I've used most definitely was not MISRA compliant in its C library's source code, and the C library was buggy. Yet it had a tick box labelled 'MISRA', was and still is widely and highly regarded throughout the community.

Of course non of that has mattered, because in all cars actual safety has been provided by everything ultimately being mechanical or hydraulic, with software not taking a primary role in car control.

But with things like self-driving? Yep, the applicable standards have indeed got to be things like DO-178B, etc.

"so maybe ten lines of code a day per qualified coder drone, typically. So 250GB of tight code, at 500 bytes per Coder Drone day, it should be ready for beta release just in time to get tangled up in the Y10K problem."

Neat way of providing investment guidance!

An industry rule of thumb I picked up some time ago was more like 1 single line of code per coder per day across an entire software project of this type. After the design and specification is done the PMs would estimate the size of a project and do their cost estimation that way. And that was on systems that had to be correct but were still human supervised. I dread to think how slow a true safety critical piece of software such as a self driving car would be.

Of course the self driving guys know this. So they're spinning up arguments in favour of rapidly developed code being approved as safe from usage statistics to grandfather their systems into autonomous use. Kinda like "it's not gone wrong yet in our trials, so therefore it must be OK for all eternity". Accepting code in this way would be unprecedented in the history of safety critical systems and transportation. There'd also be the potential for a systemic and hitherto unidentified fault causing mass carnage and the world's most expensive law suit.

Personally speaking I find the industry's statistical argument for what a "safe" self driving car would be somewhat distasteful and implausible. Saying that it's as safe as the "average driver" is nuts; it'd mean that many passengers would statistically speaking be worse off. Terrific. The trouble is the people who will decide what's allowed or made compulsory aren't used to thinking 'personal'; they look at nationwide or insurance statistics, and see profit in reduced costs.

Fortunately the State of California has published Google's test results, and they don't make for encouraging reading from Google or any other self driver's point of view. Google's data, if squinted at only slightly, implied an accident every 1500-ish miles had their cars been fully autonomous and unsupervised. Not a very good statistic in favour of approving full autonomy.

9
0
bazza
Silver badge

Re: Seems prudent

Hmmm, judging by some of the opprobrium flying round Tesla forums related to Autopilot's imminent curtailment, it would seem that it (rather than electric, ridiculous acceleration, and Tesla) is the key reason why many owners have bought them.

It would be kinda cool if it does work out; who wouldn't want a car to drive them home from the pub. But,

"All Tesla Cars Being Produced Now Have Full Self-Driving Hardware."

would be false advertising (if used as such). They cannot demonstrate that this is true. It may be something that they can get away with in the US, but in (for example) the UK and a lot of Europe there'd surely be ASA and Trading Standards complaints about such a claim.

If I were an investor in Tesla I'd be worried about this. It's so unlikely that they will ever deliver a self driving car. They're hyping up the idea now, but it is very likely to result in future disappointment amongst hitherto loyal customers who need to be persuaded to by a new replacement. They're also increasing their production costs today with zero guarantee that it'll ever be worthwhile.

But by then there's likely to be other competitors in the market (e.g. BMW, Merc, VW, the Japanese manufacturers, etc), and they will be supremely competitive, and they know how to build a higher quality interior.

They also have the industrial capacity to build an electric car for every market segment, something Tesla are understandably avoiding doing. But that is also dangerous - Toyota have for decades shown that the real money to be made is from well priced, boring, reliable, comfortable and very well made boxes; no-one earns much money from making only rocket ships. You have to go mass market at some point.

Tesla have only a short while to cement their position as the manufacturer of the longest range electric car with the fastest charging time. If they ever fall behind on that then they're toast. Hyping self driving today is a costly distraction from that goal, especially if (as seems likely) everyone else gives up on the idea and public perception of self-driving becomes forever tarnished.

13
5

Apple's car is driving nowhere

bazza
Silver badge

Re: Geckos?

@tiggity,

"What sort of gecko is "a severe threat to the occupants of a car."? Are they carrying grenade launchers?"

Round these parts they do. They're deadly accurate, and those amazing grippy feet mean you have to keep yours eyes peeled in case they're firing from the roof of a tunnel or something. Drive carefully out there...

0
0
bazza
Silver badge

@Charles 9,

"No, because unlike a train, a car can go between two arbitrary points without need of switches or other restricting mechanisms. As long as there's road between A and B, you can almost always reach it."

Hmmm, and there's me wondering what all that tarmac and concrete is for. Oh, you've pointed out that "two arbitrary points" need to be connected by a road for a car to work. Not so very different to a train then.

Automated trains work because a railway is a very artificial and sterile environment. There's nothing in that environment that isn't controlled by the system. And where mother nature can intrude (e.g. a fox on the line) there's little prospect of passengers being hurt, or even delayed... In short, the only thing an automated train has to worry about is another automated train. That's a comparatively easy problem to deal with.

And even the the train may well be driver-less, but that's a long way from saying that it isn't monitored by people. There's a control room. There's a lot of data and video feedback of train position. There's people watching that, or at least poised to glance at a set of screens should an alarm go off.

In comparison a road is far from a car-only environment. Even in America there's things like foxes, moose, potholes, floods, snow, ice, fog, road works, fallen trees, fallen bridges, turnips, rocks and geckos which are all a severe threat to the occupants of a car. And I haven't even started on the other road users; kids, postmen, other drivers, cyclists, protesters, motorcyclists, policemen, estate agents, road menders, binmen, politicians, drunks, grannies, flashers; they have a right to not be run over by anything.

Now, if you excluded all of those (and more) from being able to access the roads then maybe, just maybe, we could have a provably reliable self driving car that isn't just more train track. Though in effect it would be a train without the steel rails.

"That's why many people insist on a personal car: the ability to take it anywhere, anytime whenever the need arises. Unless you can do that, practically door-to-door, trains will never replace cars.

So you've never been stuck in a traffic jam? They're big queues of cars going nowhere, and they mean that your car cannot take you anywhere at all at the time you want no matter how urgent it is. Sometimes they last for days.

7
3

Radio glitch as Schiaparelli lander probe splits from ExoMars mothership

bazza
Silver badge

Radios Again?

They had problems with the radios on Huygens too. First they designed them wrong, they forgot to account for the Doppler shift between Huygens and its mother ship. Then, having adjusted trajectories to minimise that Doppler shift they forgot to turn one of the radios on. Almost a complete disaster.

And now they've got radio problems cropping up again. Wonder if it's the same guys?

2
3

Google: We look forward to running non-Intel processors in our cloud

bazza
Silver badge

@Nate Amsden

IBM doesn't have dividend shareholders?

Oh do have some imagination. Google could make them themselves, either using a contract fab like TSMC or just build their own fab. They've got the money.

2
0

Forums