Feeds

* Posts by bazza

885 posts • joined 23 Apr 2008

Page:

Chrome browser has been DRAINING PC batteries for YEARS

bazza
Bronze badge

Re: It does affect OSX

"Correlation != causation"

Indeed not, though given that the code base is (presumably) quite similar for the OS X variant there's a good chance that it is the same issue.

0
0

LibreSSL RNG bug fix: What's all the forking fuss about, ask devs

bazza
Bronze badge

"Not sure what you're really referring too but I had to make a guess I would think this is about Android and vendors not shipping updates?"

Yep, that's the one.

"OS level updates can't be pushed out via Play."

And that doesn't look like a very clever idea now, does it. Come to think of it, Google must have looked at Linux, OS X and Windows (to name but a few) with their auto updating mechanisms and decided that pushable updates were a bad idea. What on earth made them think they would never have to do the same.

"The Android system partition is read only for a good reason."

And what is that reason? Judging by the amount of malware in the Android ecosystem it's certainly nothing to do with stopping bad things running on a handset.

"I guess what Google needs to do is either get more vendors shipping vanilla builds that Google will manage the over the air updates for or split the system partition up a bit so that vendors can add their junk in there but google can offer partial OTA updates for vital security updates. Kernel updates will be tricky as usually SoC vendors are very lazy. They'll get some old crap version of Linux working, release that as a BSP and forget about it. So if fixes for major issues are pushed to the Linux mainline it may take forever for those fixes to actually appear in the kernels for all of the devices out there."

Or you could do it properly, which is what Microsoft have tried (and mostly succeeded) to do. Which is, define a hardware architecture to which manufacturers must comply, and then MS can push out updates as and when necessary. Just like they do on PCs.

The Internet of Things is going to suffer quite badly too unless some major players take control and set up a reasonable hardware standard to which everyone can comply.

2
0
bazza
Bronze badge

Well, at least we seem to have a code base where bugs can be found, located and fixed fairly quickly. So much better than OpenSSL; the 'fixing' part was not achievable.

The most important feature that anything secure must have is the ability to rapidly update and deploy in the face of bugs. Kudos to the LibreSSL guys for bringing that back. Now, if only Google can learn that lesson too...

17
6

Seventh-gen SPARC silicon will accelerate Oracle databases

bazza
Bronze badge

Re: Can anyone explain? I'm genuinely curious.

"As much as it's clearly to everyone's benefit to have a competitor to x86, I don't understand what the business case is for investing in SPARC equipment. Wouldn't x86 be faster, cheaper and better supported for any sort of workload at this point?"

Power Consumption

As Keith21 said, it depends on your tasks. For some really, really big tasks, 'cheaper' means cutting the power bill and forget everything else. And if your enormous task requires a lot of one sort of operation to be performed it's worth optimising that in silicon because you can slash the power bill. On a really big setup power is lots of $millions a year, so a few expensive boxes that can halve that are worthwhile.

I don't know much about databases, but I know a little about IBM's POWER. They added a decimal maths co-processor, i.e. a core extension that does maths much as you would do it on paper. This is very different the traditional floating point unit in that it has (so I understand) arbitrary precision. What's the point?

Well, when you're doing calculations for international finance you're basically doing currency conversions, which are floating point math. And if you're dealing in $Billions, conventional floating point arithmetic isn't accurate enough; you can be a few cents out. That's unacceptable. So the software has to do the math long hand.

Doing that on x86 takes forever (= a lot of power used), whereas on POWER there's a co-processor that does it far quicker. And if you're building the foreign exchange system for an entire country that's a big enough system for you to be worried primarily about power consumption as your major cost. And having the system scalability as Keith21 explained means that you can do the whole job in one machine at high efficiency.

And guess what; one of IBM's big markets is banking. Oracle's big market is databases. They're both doing elaborate things in their silicon to target very specific markets.

What is Memory?

It's quite interesting to examine what 'memory' is nowadays. Although we talk about 32TB of RAM in some sort of SMP configuration, actually it's synthesised from high speed internal networks (not Ethernet, at least, not yet) between processor nodes and memory controllers. This sort of architecture has percolated down to x86; Intel has QPI and AMD uses Hypertransport. These are similar in concept to current mainframe architectures, it's just that they don't scale up to thousands of cores.

If you ever start hanging round the HPC world you quickly realise that most of it is all about I/O speed, not CPU speed, provided the CPU is basically 'right' (and Oracle's announcement is basically about getting the CPU right; they did the I/O ages ago). Get the I/O right and you can pile up the CPUs until you have the necessary performance. Get the I/O wrong and you cannot do that. This was the reason why AMD briefly had the upperhand over Intel when Opteron first came out; Hypertransport was way better. For a good example of getting the I/O right take a look at the K computer and its six dimension hypertoroidal interconnect, and note how power efficient it is.

2
0
bazza
Bronze badge

Good to see SPARC being updated still; I hope it does well.

Making SPARC good for their database is a natural thing for them to do. IBM do the same for their POWER processors, which have features that are good for international financial applications. For really big systems that sort of thing can make a significant difference to the power bill.

HP aren't able to do the same anymore; Intel must surely be super reluctant to do anything to Itanium. I notice that most of the op codes that gave some sort of benefit to Itanium have now found their way into Xeon, I expect Itanium to go no further, and HP will become just another x86 box shifter with a crummy line in 19" rack rails.

9
0

ALIEN BODY FOUND ON MARS: Curiosity rover snaps extraterrestrial

bazza
Bronze badge

Re: Point of Order

It is extraterrestrial from your average Martian's point of view. 'Extraterrestrial' is merely an incomplete translation resulting from The Register's shameless use of Google Translate in ripping of the Martian Times' article about the rock.

0
0

Whoah! How many Google Play apps want to read your texts?

bazza
Bronze badge

"Yes this sucks but its the app writers fault not google, they request ludicrous permissions for their apps."

It's not ludicrous from their commercial point of view. If they can make more money by doing so then they will. They have to make a living after all, and Android is a crummy platform to try and sell software on given that piracy is appallingly easy.

Google have a slight problem. If they improve the end users control of permissions then the free apps will disappear because the app writers will lose their profit making model. And without major changes to Android it will remain ludicrously trivial to pirate paid-for apps. In short, Google have carelessly pushed out an underdeveloped, badly thought out mobile ecosystem that will one day cause catastrophic damage to their reputation, and it's too well entrenched now for them to make the necessary changes.

1
1

SpaceX FINALLY lobs six sats into orbit (don't mention the landing)

bazza
Bronze badge

In the words of Top Gear's Richard Hammond, "How are we going to use it again?" (@09:30)

Seriously though I hope they learn enough from their telemetry to identify and fix the problem.

5
0
bazza
Bronze badge

Re: "lost hull integrity"

"Why not just say 'it sunk'?"

Or why not just say "it went kaboom"? Oh, wait...

8
0

Linux turns the crank on code for cars

bazza
Bronze badge

Re: Huh? Ransomware?

"Tesla have been doing this for a while now so linux in a car is hardly earth-shattering news.

And I won't mention Apple CarPlay."

There's nothing wrong with Linux as such, just like there's nothing wrong with QNX (which is what Apple Airplay runs on). They're OSes much like any other OS; they're pretty good.

The trouble starts when you put a network connection in and run a bunch of poorly written and oh so very exploitable apps on top. Then you need an automatic update system, staff to look for and fix problems across all versions of the software, and so on. That's a very expensive thing to do.

Plus it's not like the mobile industry where you can get away with dropping support for year old models. People will be expecting the support to last as long as it does for the rest of the car. That's really expensive.

The economic impact is potentially quite high. Say some script kiddie found a way to stop all Fords working and actually did so. In a country like the USA that means half the work force aren't going to work that day. That kind of thing shows up in GDP figures really quickly.

"The beardy types will be spluttering their coffee all over their terminals at the thought of ransomware on linux."

Well, there is already ransomware for Android, and that's Linux isn't it?!

"From what I can make out though, the plan is for linux to control the non-essential stuff like nav, climate control, bluetooth - not the stuff that's critical to making a car move. Unless I read TFA wrong I don't see any mention of a car's ECU running linux?"

Well, if the infotainment system is displaying data like fuel economy that has to come from the ECU. Which means there's a data connection between the two. That may be a path for an attack on the ECU.

0
1
bazza
Bronze badge

Re: Tizen

"Nope. We'll probably just reinstall the code."

Yeah right, like a busy parent is going to be happy doing that instead of taking the kids to school. Plus their paired mobile gets a good going over too.

Regardless of whether or not an infotainment hack could get as far as the engine management doesn't really matter, it's still going to really piss off people.

There's also a worrying clue in its name: INFOtainment. These things display information like fuel economy and so forth which they're getting from the engine management. Which means that there's a data connection from the engine management to the infotainment system. And that too can be hacked (unless it's a one way link). So a hacked infotainment system could easily be a hackers gateway to the engine management.

0
0
bazza
Bronze badge

Tizen

It's basically Samsung's Tizen. And we all know how popular that is...

I can't help but feel that we're sleepwalking into another bunch of unnecessary security woes, just like has happened with the Internet of Things. Nor is that thought aimed solely at automotive grade linux.

The last thing any of us want is a flat battery caused by some bitcoin mining malware that's found its way onto the infotainment system in our cars. It's happening to our thermostats, smartTVs, set top boxes, fridges, etc. Why would our cars be immune?

Also a car system would be a rich target for cryptolocker type malware; "You wanna drive this car then you're gonna have to pay". That kind of threat doesn't work so well for, say, a set top box; we'd just throw it away. But we won't throw away our car just like that.

So if the car industry wants to pick up this then they're going to have to get smart with continual updates, software security expertise, all the expensive things necessary to keep an Internet connected system safe these days. They're not used to providing that level of support for software.

6
9

MIT and CERN's secure webmail plan stumped by PayPal freeze

bazza
Bronze badge

Re: Re no one can pay for anything without Uncle Sam says OK

Er, cash? Cheque? EBanking? Direct Debit?

1
0

SPACE: The FINAL FRONTIER. These are the TEN-YEAR images of star probe Cassini

bazza
Bronze badge

Yet another stunning success for NASA, ESA and ASI. The pictures from the surface of Titan were particularly impressive.

7
0

Google kills its successful social network. Yes, we mean Orkut

bazza
Bronze badge

This doesn't instil a reputation for permanence for anything Google-ish. Why would anyone choose to use their services and apps for business use when there's no guarantee that it will be available in six months time?

At least with software running on your own hardware you're more in control of its demise...

3
1

China's world-beating Tianhe-2 super has brawn, not brains

bazza
Bronze badge

It's all about the software. It doesn't matter if it's a mobile phone, desktop, server, mainframe or supercomputer, the software is always King.

The Japanese K machine, 4th on the list, is the highest placed pure CPU computer. I know it uses a bespoke interconnect but there's probably a ton of software for it, or at least lots of source code that can be easily adapted. That might make it the 'quickest' computer out there because no one is wasting time writing software...

1
0

GAME ON: NVIDIA brings GPUs to 64-bit ARM servers

bazza
Bronze badge

That barrier is now gone and NVIDIA says three vendors have products ready to roll that bring GPU-assisisted co-processing to market. The three are: .....

and

Separately but at the same event, AppliedMicro also announced that its ARM-based X-Gene “Server on a Chip” is now in a state of “readiness” and that “ … development kits [are] available immediately, and production [will be] silicon available imminently.”

Hmm, if that little collection of news doesn't get Intel quaking in their boots then I don't know what will.

Thing is there's not a lot Intel can do. They could buy (for example) AppliedMicro and shut it down, but that would merely encourage all the others. It would mean that an ARM based server is viable in Intel's eyes. Alternatively they could buy them and keep ARM going, but that would say the same thing too about ARM.

And where would their "x86 can do anything including low power" stance be then? Intel aren't going to change their development direction so far as I can see, but it is surely a risky strategy. What if ARM really does turn out to be a better server chip than Intel?

Thing is, if Intel did make ARMs they'd be the best in the world. Intel are very good at silicon manufacturing, and it would give them a tremendous advantage in the ARM market.

9
0

Barack Obama was ALMOST EATEN by a ROBOT GIRAFFE

bazza
Bronze badge

"A British mechanical giraffe evaded American secret services, infiltrated the White House and got close enough to Barack Obama to bite his head off."

Sounds worse than Austin Powers...

4
0

Android to drop Dalvik VM for high-performance ART in next version

bazza
Bronze badge

Polishing a turd?

No doubt that there's room for improvement in the science of running bytecode. However the Wikipedia article on Dalvik reports that ART currently isn't necessarily any faster, and programs take up more storage room.

Ahead-Of-Time compilation is surely an obvious thing to do; isn't that what any 'proper' compiled language like C/C++ does?

Being so obvious one wonders why no one has done it before. Is it because most End User License Agreements generally forbid permanent translation of the software into another form? That means you cannot take a collection of object called 'the software' and convert it into another CPU's op codes. So whilst that still allows you to do interpretation or just in time compilation (there's no permanent storage), such a clause won't let you do ahead of time compilation.

Of course Google is in ultimate control of all things Android and therefore has the ability to make the developers go along with Ahead of Time compilation.

1
6

Tech that we want (but they never seem to give us)

bazza
Bronze badge

New Psion 5

Definitely. There must be a new one of these!

2
0

Fujitsu chief disses Amazon’s ‘threatening’ enterprise attack

bazza
Bronze badge

Re: They do everything this way

One cost problem that I'm sure Amazon has not foreseen is the risk they run by offering virtualised desktops as a service. Basically they want companies to provide their staff with Amazon Web Services desktops instead of a real PC at their desk / server room.

The only trouble for Amazon is that a large part of their costs will be electricity. And consumption will be down to what exactly those desktop users do with the machines. And if the users do what most people do it will involve a lot of web browsing, and quite a lot of Googling, So Google will be in control of quite a lot of the CPU cycles that Amazon's virtualised desktops end up running.

So what would happen if, for example, Google's search page started including some heavy weight processing in Javascript (a really fancy Google Doodle perhaps)? That would result in Amazon's electricity bill going up, and to some extent they would be at Google's mercy (because virtualised desktop users are not going to give a damn and be disciplined about shutting down their unused browser tabs, etc).

There's not a lot Amazon could do about it. They could slow down the VM so that it does less CPU cycles per second. But then it would be less responsive and users would start complaining as they walk away from the service. To address this sort of thing properly would mean peering inside the VM to see if it's high CPU usage is purely down to Google's latest front page doodle before dynamically reducing it's clock rate. But that's very invasive, and I'm not sure users would tolerate that either.

If Google offered virtualised desktops as a service (do they?) then they're in an advantageous position. They could selectively deliver less CPU intensive Google Doodles to their desktop users whilst delivering electricity hungry ones everywhere else.

0
4

Kaspersky warns of IMPOSTER mobile security apps

bazza
Bronze badge

Re: Hmmm

Seems you have attracted a delusional down voter.

Hadn't they seen the stories about how Android AV software is powerless (thanks to Google's design) to actually do anything about any malware it finds?

http://www.theregister.co.uk/2013/12/17/android_anti_malware/

7
2

Users folder vanished after OS X 10.9.3 update? Here's a fix

bazza
Bronze badge

Re: Would someone PLEASE explain to me...

Call me cynical, but I suspect it has more to do with advertising revenue than anything else.

All the major players want you to not have a file system (at least, not one that you see). They want you to use their file system in their cloud. Ideally they would like you to want to use it, so they make it free, they add some crude sync features, etc. But just to make sure they make it harder or impossible to use the file system on your device / PC / Mac / whatever.

The catch is that once your stuff is in their cloud they can (because you accepted the EULA which, at clause 754.1.a.iv, says so) rummage through your stuff and sell the resulting advertising data.

It's not just Apple. The latest versions of Office + Windows save files to SkyDrive (or whatever it's called now) by default.

Paid-for cloud services (Dropbox?) maybe less inclined to rummage through your stuff, though shareholder profit pressure will erode that fairly quickly I should imagine.

In Apple's case I suspect that their original motive to hide the file system from you on iPhone was more to do with DRM control of music on your device. If you can't see the files, it's harder to rip them off. However, I suspect that nowadays their motivation is more to do with advertising than DRM.

1
2

Net neutrality protesters set up camp outside FCC headquarters

bazza
Bronze badge

Anti-competitive? Protocol Changes?

One can argue that no net neutrality is anti-competitive. Imagine if net neutrality hadn't existed back when Google were getting started and their robot Web crawling traffic had been suppressed. Where would they be now? Nowhere.

New stuff needs new protocols and without the ability to push that new data around the net it will be difficult for them to get traction.

Another thought; any protocol can become a transport for any other protocol (e.g. iSCSI, FCoE, etc). So if everything else became layered on top of, say, https (ie, 'normal' and encrypted), how would any ISP or network owner be able to do traffic shaping? They wouldn't be able to distinguish different types of traffic because the data they're carrying wouldn't be readable by them. Hopefully.

1
0

Danger, Will Robinson! Beware the hidden perils of BYOD

bazza
Bronze badge

Yep, it was a neat solution. RIM's problem was that Apple had already trained everyone in what to expect from a tablet. So when RIM came along saying "Actually there's a different way" (and it was a very different way indeed!) no one listened or understood. There loss, but an even bigger loss for RIM.

Nowadays the idea is moot because the PIM / Email client software on the Playbook is perfectly capable of connecting to all sorts of things in its own right (Exchange, IMAP, etc), though arguably with less security for the corporate employer than the Playbook / BB6/7 / Bridge way. And alas the Playbook line isn't going anywhere either, so that's it.

It's much the same with BlackBerry Balance on BB10 phones. It's a really neat idea, it's pretty well bullet proof from the point of view of corporate security and personal privacy, it's a very good BYOD solution, far in advance of what everyone else is doing. Also it's the first actually useful Multi Level Security System I've ever heard of (all the others have been terrible usability kludges). And once again very few people out there have ever heard of it let alone know what it could do for their corporate users. Yet with pretty much every Android app now working just fine in BB10, you really can have a mix of personal fun and properly good (i.e. accredited) corporate security.

1
0

Google's self-driving car breakthrough: Stop sign no longer a problem

bazza
Bronze badge

And other things like the Magic Roundabout in Swindon, the Arc de Triomphe in Paris, or indeed any half busy roundabout or T junction in the UK / anywhere in Europe, and indeed driving anywhere in any Italian city. I don't think it's going to deal with those things very well at all (except by stay perfectly stationary).

3
1

US judge: Our digital search warrants apply ANYWHERE

bazza
Bronze badge

Re: Not just a blow to Microsoft's attempts to assure non-US customers

Perhaps it's time for the Family Cloud. I'll explain...

There's a Linux distro called Zentyal that comes with an open source clone of MS Exchange called OpenChange. There's something else in it too called Sogo that apparently adds ActiveSync, CalDev, CardDev, etc; ideal for mobiles. This plus a light dusting of a domain name and dynamic DNS could form the basis of a small home server that offers cloud like things (storage, mail, contacts, etc), and could connect to and sync with other home servers at your parent's, brother's, etc.

In short, how hard would it be to do a strictly peer to peer small scale cloud that is hosted on small home servers in our own family homes with access restricted to the family + selected friends? Not very, the right ingredients seem to exist though no doubt there'd be a bunch of work to do. But it would mean that you and your whole family know exactly where your data is at any one time.

Oh, and if there were such a thing and it worked well that would be a real alternative to the big US owned services like MS, Google, Apple, Amazon, etc. This court ruling is bad news for those companies because it completely undermines their attempts to portray your data as being safe and sound in their custody. What I've outlined above is a way for an alternative to be provided without the need to build huge data centres all over the world.

19
0

Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS

bazza
Bronze badge

Re: I thought Space-X were supposed to be making space flight cheaper...

Joking apart, it does seem somewhat odd. When SpaceX first got going their aim seemed to be to have a very cheap way of manufacturing rockets, meaning that the rockets themselves could be disposable yet profitable. That was even reflected in their engine design.

Now it seems to be all about re-usability. So does that mean that they've discovered that rocket science isn't that cheap after all?

1
2

Microsoft: We've got HUNDREDS of patents on Android tech

bazza
Bronze badge

Re: Why permit the secrecy

"If, for example 85% of smartphones on the market infringe 200 Microsoft patents & require a licence is it not arguable that these licences should be frand?"

They're not taking anyone to court (like Apple), they're licensing. They're not refusing to license to anyone. If $8 per handset is anything like accurate that's quite reasonable. Sounds like it's fair, reasonable and non-discriminatory already.

2
6
bazza
Bronze badge

Re: I assume ...

There's nothing stopping anyone doing a decent ext4 file system driver for Windows, and it could become something that everyone just knows they have to install.

4
0

Chrome makes new password grab in version 34

bazza
Bronze badge

Chrome...

...deleted

9
13

Facebook swallows Oculus VR goggle-geeks. Did that really happen?

bazza
Bronze badge

Re: NOooooOOoooo

@Vociferous,

"You are seriously thinking too small. If it had NOT been bought by Facebook, I would say that within five years a majority of PC gamers would not have been using normal screens any more."

Oh I quite agree with you, there's no doubt it would all be very attractive for gamers, and from what I've seen so far it would be very good.

I'd go even further that; I have multiple monitors hooked up to my development machine, but there's never enough screen real estate to have all the dozens of debug, code and app windows open all at once. Imagine having several dozen monitors rigged up into a rough hemisphere-like arrangement with oneself sat at the centre. Tricky and expensive to achieve. However a Rift could do you a virtual one of those with ease, and it would be fabulous. I want one of those quite badly.

1
0
bazza
Bronze badge

Re: NOooooOOoooo

"@bazza: You don't know what Oculus Rift is? Check some Youtube videos and contemplate what almost was."

@vociferous, I won't bother following up your recommendation. I've tried one of the pre-production prototypes. Cool, yes. Finished, no. Heading the right way, certainly. Perfectly pitched to reel in the wealthy and compulsive Zuckerberg, yes.

I don't know exactly that that was their game plan, but $2billion now is a handsome return on their efforts. They've probably had a lot if fun doing it, and now they don't even need to go through the depressing process of marketing their product.

For any start up getting bought out is most certainly factored into the business plan as a possibility. With someone like Zuckerberg around its well worth having buy-out as a primary goal.

As for Zuckerberg he's now got to make more than $2billion out of it. That might be quite difficult.

No one is going to use Facebook in 3D from their mobile. Facebook ain't the gaming platform of choice and Sony, Microsoft and Steam aren't going to give him any slack. It would make sense if he bought Steam too, but I suspect that they're not for sale at any price. And Facebook owning Steam sounds like a disaster anyway.

He could just market devices himself, but exactly how does that get more people spending more time in Facebook? It's just an elaborate peripheral. That surely isn't Facebook's primary business; people using Rifts on Steam/XBone/PS4/PC games are not going to be directed towards Facebook by those platforms. The world of CAD, engineering and science might be an additional marketplace but that's not a mass market.

4
0
bazza
Bronze badge

Re: NOooooOOoooo

This is a golden time for start ups. Make up some "cool" idea. Start developing it, make it look possible lay on a demo. Do a bit of corporate twerking in Zuckerberg's direction and collect the $Nbillion that he'll send your way after a casual chat over a mediocre coffee.

Google and Apple aren't far behind I suspect, but Facebook really does throw it's cash around like it's going out of fashion. Are they the biggest corporate suckers, or is that still HP?

4
3

Help a hack: What's in your ultimate Windows XP migration toolkit?

bazza
Bronze badge

WSUS Offline

Upgrade or fresh install, there's going to be a lot of updates to install. WSUS Offline is pretty useful. It allows you to make an ISO full of Microsoft updates that you can then install on a bunch of machines without them all fighting to download the updates several times over. Useful in bandwidth constrained situations.

12
0

Shuttleworth: Firmware is the universal Trojan

bazza
Bronze badge

Er, What?

Given that most of the Internet connected smart devices (SmartTV, fridges, home routers, set top boxes) are running on top of some form of Linux kernel already, what's he on about? These are the things that are getting comprehensively hacked, and mostly it is mistakes in the software stack above that is to blame. Whatever way you look at it, it's poor design, implementation and maintenance of firmware that is the root cause, not the lack of Linux inside.

Even if the firmware was standardised and opened up, how's that going to improve things? The result would be that one single flaw would allow hackers to breach all devices worldwide, not just one family of routers from one company. Sure, one single fix would deal with it, but that's not comforting. Imagine if all home routers got compromised and the attacker disconnected them all from the net. How then would anyone be able to get the fix?

If firmware became a standardised open platform there would be pressure to have things like virus checkers, etc running on them. It's happened with Android, why wouldn't it happen with standardised linux based firmware on other devices? And how would old devices be supported? The consequences are that there would be new firmware versions that won't run on older hardware, so we'd have the "Windows XP" style of obsolescence problem on everything, not just our desktops.

So it comes back to good design, and a commitment from manufacturers to maintain and improve their firmware and hardware. Having a real "Read Only" switch on the device so that a hacker physically cannot alter it or install malware would be a very good start.

11
2

Is Apple about unleash a cheaper 8GB iPhone 5C? O2 'leak' suggests: Yes

bazza
Bronze badge

Millions of unsold 5c's re-badged, storage size firmware frig

Just guessing. But it would be a way to get rid of them...

6
0

Is no browser safe? Security bods poke holes in Chrome, Safari, IE, Firefox and earn $1m

bazza
Bronze badge

Re: We need something more simple than webbrowsers

"The modern web browser is more like an OS than a text rendering application, and so much of the web now depends on that to work. Yes, I know its dumb, but no I don't see it changing."

It is very dumb indeed. Anyone thinking that a browser as an OS is going to be any more secure than a traditional OS is deluded. In fact it's almost certainly worse.

The traditional OSes have been put through the mill and a lot of problems have been fixed. Whereas a brand new execution ecosystem (which we call a web browser) has got all of it's day-one bugs still extant, and they keep adding more features (and more bugs) all the time.

"Probably the best we can hope for is sandboxing becoming robust enough to stop break-outs, and maybe aggressive enough to just kill browsers when something dodgy happens."

Sandboxing is in itself a useful way of guarding the OS underneath the browser, and I'd rather have it than not. I agree - I think it's is indeed the best we can hope for. Alas, if the browser is acting more like an OS within an OS, then the sandbox isn't adequate. What's to stop some nasty code running riot inside the browser stealing / deleting data stored within the browser? The browser would need adequate protections within itself, as well as the sandbox barrier outside.

There's already proof of concept in-browser viruses floating around (El Reg passum), but there's nothing you can do outside the browser to prevent them causing harm inside it. So what's it to be? A special Macafee webpage that's always running inside your browser checking up on other web pages to make sure they're not doing anything nefarious? Sounds less efficient than an ordinary OS + apps + AV to me.

So far as I can tell HTML5 is making a similar mistake to Android. HTML5 is designed to keep different web apps separate, and no web app can influence another. At least, that's the intention. It doesn't work out that way though because the HTML5 implementation is not perfect. It does make it very difficult to add a third party package (an AV product, a 'Macaffee' web page) to protect the whole browser and the apps and data it's storing. So we're totally dependent on the browser writers immediately fixing bugs, etc. Bit like AV in Android can detect nasties, but can't actually do anything about them because the OS won't let it.

2
0

Q. Can your Linux PC run Crysis? OK, it can. But will it run natively? A. Soon, very soon

bazza
Bronze badge

Meanwhile, FreeBSD is already there...

1
5

Ethernet boffins get ready to kick off 400G development

bazza
Bronze badge

Re: What use?

Well, it's not that far off 'Normal'. 400Gbps is going to pan at at less than 50GByte/s, and there's Intel CPUs that have that much memory bandwidth (certainly when inter-leaved across multiple CPU sockets). The second requirement is for a CPU -> peripheral bus that's equally fat, and that's only a matter of bus width ultimately.

So we're not far away from it being "Normal" at all, especially as anything reasonable NIC in this class would offer TCP offload facilities. Give it a few years and it will seem routine.

It does raise an interesting point. If Ethernet is the fastest interconnect we have, people will start using it inside computer architectures instead of PCI or whatever.

0
0

Cisco kicks off $300k Internet of Things security competition

bazza
Bronze badge

Fundamental Problem

Making the Internet Of Things secure / better is going to be very difficult. To address bugs in a worldwide deployed software installation you need a worldwide update capability, and a whole team of devs whose only job is fixing the software. That's a very difficult thing to achieve. Not even Google have achieved it in any meaningful way with Android.

When you look at what platforms are there out there which can realistically and universally receive updates there's not many. Windows is quite good, though I don't know about embedded Windows. iOS and OS X aren't bad either (though you have to depend on Apple giving a damn). Linux distributions (notAndroid) aren't bad either, but again it depends on someone actively taking a long term view (i.e. you don't want old distros being cut off from updates simply because a new one has been published). I guess that QNX could be self updating; BB10 sorta does, though the user has to actively kick-off the installation; it won't happen autonomously.

The manufacturers of Internet Connected Things aren't motivated to take all that on board because it will cost them money. Sling some Linux based firmware together, get it to version 0.0.2, sling it in the fridge (or whatever) and sack the dev team / move onto the next one. They don't want to have to be spending money updating fridges they shipped years beforehand when there's no revenue stream to fund it.

The flip side of that is that if Internet Connected Things start getting hacked, and being actively broken by the hackers, you might start seeing a flood of warranty returns on fridges, Smart TV's. That'll put the manufacturers off the whole idea very rapidly, especially as it's likely that hardly anyone is seriously using the internet connection features on these devices anyway.

0
0

Energy firms' security so POOR, insurers REFUSE to take their cash

bazza
Bronze badge

Re: "Self-insured"

"The cute technical term for the uninsurable."

It's also code for telling investors "The insurance people thing that you're definitely going to lose all your money".

0
0
bazza
Bronze badge

Re: Typically ignorant management response

"So you see, another unintended consequence of the Greenpeace energy policy that has been foisted on the happy bill payers of Europe. Who would have thought that some fool mistaking correlation for causation on a chart would eventually lead to a chance of you and I being plunged into darkness by state sponsored hackers from the other side of the world?"

Well you say that, but not that long ago none of this was connected to the internet at all; the internet didn't exist! Yet we were able to generate quite a lot of electricity back then no problems at all.

So how and why did hooking it all up to the internet become a business imperative? There's clearly no particular benefit (because we managed perfectly well without it being netted). Whatever business improvements that have been brought about it could almost certainly have been achieved another way (e.g. point to point dial up? Seriously, just how much datacomms bandwidth does an oversized kettle or a big switch actually need just to say whether it's on or off?).

Using the Internet as a default choice seems to have been a lazy and 'cheap' solution to needs easily satisfied by other cheap alternatives that are inherently far hard to abuse from the other side of the world.

4
2

Fukushima radioactivity a complete non-issue on West Coast: Also for Fukushima locals, in fact

bazza
Bronze badge

Given that coal is somewhere in the region of one part per million uranium, and that a big coal station will get through 35million tons per year, that's a lot of uranium going up the chimney every year. The guide didn't appreciate me pointing that out when as a school kid aged 9 I went on a tour of Didcot coal fired power station, at the high point in CND's popularity. I must have been a horrible kid. I asked about CFC leakage at Oldbury Nuclear power station under similar circumstances (it was used in the chiller that quickened the cooling of the core following shut down for maintenance).

I imagine that the introduction of electrostatic precipitators has reduced the output somewhat, and concentrated it into thermalite building bricks instead.

There's some controversy over the matter. Scientific American have this article:

http://www.scientificamerican.com/article/coal-ash-is-more-radioactive-than-nuclear-waste/

Given that you have to get pretty close to your average nuclear accident before the count becomes worse than what you get from, say, granite I don't think anyone on the other side of the Pacific need worry. Anyone living in a granite built house, or anywhere with a faint whiff of natural radon in the air? No one worries about those, so its not rational to worry about something far off whose effect is much diminished by distance.

5
0

Ford to dump Microsoft's 'aggravating' in-car tech for ... BlackBerry?

bazza
Bronze badge

Re: QNX is Blackberry by name only

"As a consultant, I still have some customers using WinCE but many of those are worried and are looking for exit strategies to Linux. They have little confidence that MS will support WinCE into the future and most of them want out."

Sounds like the typical WinCE experience. MS really had zero imagination when it came to anything other than desktop and server software. That's why they missed out on the mobile revolution.

As for an exit strategy from WinCE, that sounds awkward. If they'd picked a POSIX-ish OS in the first place then their code base would be much more portable than it is. No doubt there was some engineer on the staff at the time WinCE was picked who said "This ain't a good idea" for that very reason!

3
0
bazza
Bronze badge

Re: QNX is Blackberry by name only

"QNX has also benefited a lot from being bought out by BlackBerry. Their new Car platform is essentially BB10 re-purposed."

Ah, I was wondering about that. I use a Z10, and a PlayBook for that matter, and whatever else one might think about it the BB10 UI framework certainly allows a dev to produce a well polished result.

I wonder how important the Android runtime is going to be in the automotive sector. There's currently no app-store type market place for in car infotainment systems, so I'm guessing that most of the applications are bespoke to or customised by each manufacturer. So if they're being written specifically for each manufacturer, why write it in Android when one might just as well write it for BB10? And, any sign of TomTom doing a BB10 version of their Satnavs?

0
0
bazza
Bronze badge

"Each time my car infotainment system crashes; each time I see yet another airport flight display with a DOS prompt on it; each time I see a cashier at a checkout rebooting their Windows system just so I can check out;"

Yet underneath all that crap there lies what is essentially the NT kernel and the bones of MS's desktop operating system (unless it really is DOS, but surely that's not been used on anything recent...). Windows in it's various (supported) guises doesn't have a huge reputation for conking out randomly, at least not these days.

So it's more likely that buggy bespoke device drivers and software written by hired then fired devs are to blame. A lot of manufacturers just don't get it; smarter systems absolutely require continual and substantial development, otherwise someone else will come along and steal your business.

It happened in mobile phones. Smart phones were great, then Apple showed everyone that actually they weren't and perhaps this iPhone thing is a better way, and everyone else has been playing catchup / going extinct ever since.

Cars are going to be increasingly sold because of their tech and the manufacturers have to get deadly serious about Doing Software Properly. Otherwise the likes of Google or Apple will come along and start controlling the market place. Hiring a few programmers for a few months to hack an infotainment system together before sacking them and shipping it isn't going to work against Apple and Google. They'll practically have to turn themselves into software companies with a sideline in car manufacturing.

[Having said that the prospect of a car running Apple Maps for a navigation system really won't sell at all well...]

6
4
bazza
Bronze badge

Re: QNX is Blackberry by name only

"QNX is Blackberry by name only"

Indeed but BlackBerry, despite whatever their faults might be, knew a good thing when they saw it and bought QNX for use by themselves. BB10 has certainly benefited from being based on QNX.

I don't really understand why MS's automotive offering has gone so badly wrong. Did they plug it as a finished solution for the car makers who had only to burn it to ROM, but then spoiled it by not polishing it, fixing the bugs, etc?

3
0

SpaceX set to try HOVER LANDING for re-usable rockets on March ISS mission

bazza
Bronze badge

I don't think they've solved the fuel issue, but I reckon they've spun the economics a different way.

Yes, their booster has to carry more fuel and weighs more / carries less payload in order to soft land, which costs. But then they won't have to build a whole new rocket, which might just cost less.

It's a bit if a gamble; a disposable rocket designed to the same engineering limitations would always be able to lift more payload to orbit. And if there's one thing satellite builders like it's having a bigger payload budget to work within. Just being able to put a year's extra maneuvering fuel on a big satellite might pay for the costs of a slightly more expensive but beefier launcher. These big TV and comms satellites are not cheap, yet cost no more to launch than their weight in concrete.

0
0

Page: