* Posts by Charlie Clark

4172 posts • joined 16 Apr 2007

Google splats more bad Android security bugs with patches your mobe will probably never see

Charlie Clark
Silver badge

In the EU it's still within the period (two years) of statutory guarantee so you are within your rights to sue Samsung. Contact you local consumer rights body for more information.

In general, most handset manufacturers have a shocking record when it comes to providing updates. We need more legal cases like that launched recently in the Netherlands.

We'll only find our rights are respected if we are prepared to assert them.

0
0

First working Apple Mac ransomware infects Transmission BitTorrent app downloads

Charlie Clark
Silver badge

Re: Checksums anyone?

The problem is where is your reference source for a download from a web page?

Most software distribution systems, including Transmission's update procedure, use hashes to make sure that what's downloaded is what it should be. And many websites/ftp sites provide the hashes in various forms so you can check. However, how many of us bother to do us with everything we install? Developer credentials are supposed to work around this so the user has to okay the unverifiable install.

Sounds like a well-planned and well-executed scam:

1) hack the website so that a different file is offered

2) hack the credentials so that the download can bypass OS protection mechanisms

1
0

BBC telly tax drops onto telly-free households. Cough up, iPlayer fans

Charlie Clark
Silver badge
FAIL

Sorry, but the guy is an idiot

The BBC works on the basis that all who watch it pay for it

Nope, that is very wrong.

It works on providing a universal service that is universally funded. The service gets its independence from the universal funding but is explicitly not quid pro quo.

It also should not be involved in collecting the licence fee. The licence fee is decided by parliament and this is what gives it its heft. If the BBC becomes involved then it becomes just another private debt that is easy to avoid. This would mean the BBC would have to devote significant resources to collecting the fee.

The alternative to a difficult to administer fee for IPlayer would be to extend the licence to cover computers. etc. as happened in Germany a few years ago.

As for a paid-for version of iPlayer: I'm sure the BBC could sell loads of those outside the UK.

5
2

Turkish hacker pleads guilty to $55m maniac global ATM heist

Charlie Clark
Silver badge
Coat

Re: um!

Nah, keep him on expensive life support until the sentence is served.

Mine's the one with the Jasper Fforde in the pocket, ta.

0
0
Charlie Clark
Silver badge
Headmaster

Spellchecking budget cut again?

Turkish hacker pleds guilty

6
0

Windows 10 claimed another point of desktop share in February

Charlie Clark
Silver badge

Re: Microsoft's real fail…

IE11 may be part of the reason. There's an awful lot of forums that IE11 won't work with.

Interesting. That sounds to me like poor programming of the forums presumably using IE specific workarounds for all versions of the browser rather than feature detection. However, as you note users no longer blame the website owner as they know they can just switch browsers and website developers know that they no longer need to worry.

IE 11 really is okay as a browser: it does a lot of things correctly and has a fast JS runtime. It's just not enough and it's not going to any updates.

0
0
Charlie Clark
Silver badge
Stop

Microsoft's real fail…

…is the continued ignominious demise of Internet Explorer as a browser. Looking at the Top10 of browsers on non-cellular networks we see that IE (13%) is now behind Safari mobile (14%) all the time and may soon fall behind Chrome mobile during the week as well as at weekends. And this desktop and desktop replacement traffic.

Edge is stuck around 2% and unlikely to gain relevance because: people are sticking with Windows 7; and Microsoft refused to backport Edge to Windows 7.

IE 11 is a reasonable browser but is going to fall behind the competition in increasingly important areas as things like Flexbox (supported by IE 11) become the "new normal". It means that, while corporates are keeping IE around for legacy, they must provide alternatives for every day use of the interwebs. Whether it's Firefox ESR or special Google builds or simply I-Pads, it's all not Microsoft. Once everyone has moved all their bookmarks to browser X, it's going to be very hard to get them back.

And Microsoft is betting the farm on the best HTML/JS/CSS runtime.

4
0
Charlie Clark
Silver badge

Re: Whaaatt?

If there an equivalent covering more of the world I'm sure the vulture want to know.

What? You mean like Akamai's Internet Observatory?

Mentioned it several times to no effect. Probably because you can't just cut & paste the data into a spreadsheet.

3
0

Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

Charlie Clark
Silver badge

Re: bravo

And Benjamin Franklin said "He who would trade liberty for some temporary security, deserves neither liberty nor security".

I'm sure Cicero and Socrates said something similar. And yet…

4
0
Charlie Clark
Silver badge
FAIL

Re: @AC - Hmmm...

I'm not sure how much of a 'geddon it is yet, but I think we'd all prefer there to be less of that kind of thing going on.

This is straight from the major! Where's the Monty Python icon?

10 points to your team for demonstrating an appropriate response to engineered panic! Have a copy of the Brass Eye Paedophilia Special for your troubles. Better order some filing cabinets for your kids!

4
0

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

Charlie Clark
Silver badge

Re: C-as-assembler

Needs to be viewed in a monospace font to truly appreciate it.

Wrap in a code (pre for double linespacing) block to do that.

unsigned char i2c_rd(void) // read an 8b streaming

{ unsigned char bit_count = 0 ; // bit counter the 8b streaming

SDA=1 ; P1M2=0x05 ; // prepare SDA as input (=1)

while(bit_count<8)

{ eep_buf=eep_buf<<1 ; // shift left 1b eeprom data buffer

dly_usec(4) ; SCL=1 ; // rise-up SCL

shift0=SDA ; dly_usec(4) ; // read bit_n from eeprom

SCL=0 ; dly_usec(2) ; // pulse SCL

bit_count++ ; dly_usec(2) ; } // increment bit counter(repeat for 8b)

P1M2=0x0d ; return eep_buf ; // SDA open drain(return data buf)

1
0
Charlie Clark
Silver badge

Re: C is a glorified assembler

"Personal idiosyncratic use of such features is the problem"

As long as it can be understood why is it a problem?

It's in the definition of "idiosyncratic" – similar only to itself.

For example, I could always redefine my booleans. Would you like to work with my code?

1
0
Charlie Clark
Silver badge

... I honestly cannot figure out why anyone would do this.

It seems pretty obvious to me. For the guy each project was completely separate from the rest so he felt justified in starting from scratch but with the same approach and files as before. By repurposing the library he was able to write his application code the way he liked to.

I don't agree with this approach but I can understand it and I know that I've done similar things in the past, though usually copying something like utils from A to B. The real problem seems more systemic: why no VCS? And why were other developers charged with recompiling his stuff?

1
0
Charlie Clark
Silver badge

Re: Well, this article'll cause some arguments, eh?

Anyway, it looks LibreSSL is just borrowing heavily from a fork of OpenSSL and probably just removing some little used stuff - but it's not a clean room rewrite...

It's always been a fork. A lot of stuff has been removed or rewritten, but one of the reasons for the fork was maintaining API compatibility.

Nevertheless, I find it interesting that this bit of code was kept around.

0
0

Greybeard monobrow baldies rejoice! Boffins comb out hairy genes

Charlie Clark
Silver badge
Coat

That's weird: I've always thought of them as a pair of dicks! Then there's that hairy twat, Robbie Savage.

I don't mind a bit of banter along with the football but the BBC is doing a great job of imitating the tabloids.

4
0

One-third of all HTTPS websites open to DROWN attack

Charlie Clark
Silver badge
FAIL

Re: Meanwhile on OS X

Try http://brew.sh, it's a much cleaner approach.

No, it isn't.

MacPorts allows you to override bits of the subsystem that Apple never gets round to patching.

0
0
Charlie Clark
Silver badge

Meanwhile on OS X

MacPorts contained updates this morning.

Inspecting the system more closely:

/usr/bin/openssl version

OpenSSL 0.9.8zg 14 July 2015

and

/usr/local/bin/openssl version

LibreSSL 2.2.0

Better, especially as /usr/local/bin gets precedence in the path bug 2.2.6 was released back in January.

C'mon Apple: release those upstream updates to your customers!

0
0

More and more Brits are using ad-blockers, says survey

Charlie Clark
Silver badge

Re: Ad free please

Well, you could easily anonymise the payment stuff through a clearing house. I'm just thinking of the integration of paywalls in the browser as a way of lowering the barrier to entry.

Visit The Register initially for free then after a while it's used up and you get offered conditional access: single article, monthly sub, yearly, etc. Or ad-supported access with ad-blockers disabled for that site.

To be honest I'd be more worried about abuse of the service by unscrupulous websites than by the data slurping stuff.

1
0
Charlie Clark
Silver badge

Re: Ad free please

So, what do you think of the idea I had for a "PayPal" browser that would allow you to do just that?

1
0
Charlie Clark
Silver badge

54 per cent of those surveyed (and more 18-24s) said they’d turn the blocker off to reach a particular site or service

Sounds like "do what I say, not what I do".

Polls like this remind me of those that regularly demand more spending and lower taxes: people know that they are not accountable for such opinions.

4
1

Learn things? DROWN HTTPS flaw proves we don't even test things

Charlie Clark
Silver badge

Sorry, what?

test your configuration to make sure it's what you expected

What is this supposed to mean? I take it to mean "configuration was correctly distributed and applied". Cf. the recent Google router misconfiguration.

What are "post-configuration tests"?

The only thing I can think of is: do you regularly run penetration testing on your equipment? The whole point of penetration testing is that it is external and ignorant of configuration. Run it and expect the unexpected.

Are enough people running enough penetration tests? Certainly not. This isn't helped by the legal situation: in some countries penetration testing may involve technically illegal activities.

1
0

Safe Harbour v2.0 greenlights six bulk data collection excuses

Charlie Clark
Silver badge

The responsibility of courts

Given that the CJEU failed to define what is and isn’t acceptable the first time around, the Shield is sure to end up back in Luxembourg once again.

Is it the responsibility of the court to do so? That would make the court a lawmaker. The main point of the judgement was that EU citizens have little or no rights over their privacy in the US, ergo Safe Harbour is null and void. Politicians around the world have, for reasons of political expediency ("look at what we're doing to fight terrorism/child pornography/halitosis, etc."), increasingly effectively delegated lawmaking to the courts. Think of the DRIP fiasco.

The onus is now on lawmakers to come up with the definitions both of what's acceptable and of adequate legal recourse. Mass snooping is unlikely to suffice and, so, if it's included then the agreement then there is every chance that the law does end up before the courts. However, this would be a poor strategy to follow: the ECJ has already invalidated the existing agreements so new ones are likely to be overturned by lower courts, citing the existing judgement.

2
0

Microsoft sneaks onto Android while Android sneaks onto Windows

Charlie Clark
Silver badge

Re: Kind of obvious

It doesn't need to. If MS doesn't want to be held to the licence, it doesn't need to accept it.

Nope. This is a standard area of contract law and underpins discussions of licensing such as FRAND patents. Clauses like this are routinely struck out by courts as too onerous and here possibly even irrelevant to the implicit contract of the licence.

As an extreme example: a licence for my code might include a requirement for a particular religious affiliation. It's unlikely that such a clause would withstand judicial scrutiny. This is why so many real contracts have clauses at the end that prevent nullification in case that any individual clause is held to be invalid.

Add to this the way the dual-licensing that Google already applies to Android: there's AOSP and then there's the stuff for manufacturers and it's fairly clear that Android is not Linux.

Whatever, with Microsoft apparently exiting the handset business, it's unlikely for them to start becoming an Android distributor. Providing an alternative to Google Play services is probably sufficient.

0
0
Charlie Clark
Silver badge

Atom-powered phones? Yawn

And the battle will really heat up once Atom-powered phones arrive later this year.

Intel has been successfully losing market share by pouring money into x86 phones for the past few years. And things are getting worse as more and more developers go native. How does Intel expect to compete with Mediatek, et al. in the budget segment? Intel has lost so much money that it's resorted to hiding the mobile division in with the PCs.

The RPi3 today handily provides a comparison as to what to the improvements power at a constant price with ARM: 2012 weedy single-core v6; last-year reasonable quad-core; now 64-bit. And that's nowhere near high-end or SoC prices.

1
0
Charlie Clark
Silver badge

Re: Kind of obvious

But as soon as they become an Android distributor, they are of necessity a Linux distributor

I reckon that's up for debate and I'm not sure whether the clause would stand up in court.

Google certainly doesn't seem view the patent stuff in that way.

1
0

Google cloud wobbles as workers patch wrong routers

Charlie Clark
Silver badge
Stop

It could well be that rival clouds aren't as forthcoming with reports of messes like this, and that the stream of SNAFUs Google reports is a sign of commendable openness and transparency.

Or they could be signs of immature processes.

This whole article oozes snide but only really has insinuation to back it up. I'm not a Google fan but it seems to me that they have pretty mature processes, particularly when it comes to disaster recovery, where it really counts. Being prepared to go public with the procedural details without pointing the finger: "we fucked up and this is why…" is one of the best ways to underline to employees how important their work is.

Status feeds are one thing but how many complete fallouts of Google have there been this year? And of Azure and Amazon?

3
2

Google Project Zero reverse-engineers Windows path hacks for better security

Charlie Clark
Silver badge
Facepalm

Re: win32? in 2016? really???

Also, it has sillyness like case sensitive file names (for lack of proper collations, and an English-centric mindset) and horror of spaces

Sigh.

Case-sensitivity is the default for computers because chars map to hex values, or didn't you watch The Martian?. Case-insensitivity is slower and requires more memory. But, of course, speed and memory have never mattered, particularly not in the early days of unix.

Whitespace can be a real problem on terminals and printouts. Much better to make it explicit.

9
2

Raspberry Pi celebrates fourth birthday with fruity version 3

Charlie Clark
Silver badge

Networking

Anyone know if 5Ghz is supported? That's been my biggest problem so far.

0
1

Raspberry Pi 3 to sport Wi-Fi, Bluetooth LE – first photos emerge

Charlie Clark
Silver badge

Re: At the risk of 'banging on' again and again...

I dunno, me and t'missus have been using one quite merrily as our desktop for a year now.

The single core of RPi 1's make is unsuitable to run as a desktop but the RPi 2 is good enough for many things. I have CPU performance of about half that of my desktop for stuff that can make use of the four cores, though I/O is noticeably slow.

0
0
Charlie Clark
Silver badge

Re: Still sucks for i/o performance

The RPi was initially supposed to improve IT in schools. I don't know if anyone seriously expected it to have a major impact there, if so I suspect they're likely to have been disappointed but not because the device was underpowered.

Instead the RPi shipped in sufficient volumes to create a viable software and hardware ecosystem for hobbyists and developers. It makes a great media centre that you can just pug into any modern TV but is also the basis of many small projects that might otherwise never have happened because specialist hardware is required. For example, I've got a 3" touchscreen that sits nicely on the RPi's geek port. Not sure what I'm going to use it for but I can imaging all kinds of industrial machines using something like this for the next control panel. And I hope they do because the software stacks available for the RPi are light years ahead of most embedded devices, and are still likely to be supported for the life on any particular device.

Hence, the RPi has succeeded in establishing a hardware and software platform where none previously existed. Maybe it took a while to go from the RPi1 to RPi2 but it looks like things are picking up in which case we could soon be looking at some pretty beefy devices that still only cost around $ 35, but the market may focus on those with the lowest power draw: SATA in an embedded device isn't going to make much sense.

Now, if they'd include FreeBSD as part of NOOBS!

1
0
Charlie Clark
Silver badge

Re: Missing the point

Prepared for the downvotes here

I gave you one just so you wouldn't be disappointed! :-)

Actually, your post is pretty much spot on.

2
0
Charlie Clark
Silver badge

Re: Shame

Can you name another SoC vendor that could compete at this level?

Mediatek, can I have my five pounds, ta?

2
0

Europe is spaffing €20bn on handouts for tech

Charlie Clark
Silver badge

Auditors haven't signed off the EU accounts for almost 20 years. It's a very wasteful way of spending a pound. Or Mark. Or a Frank.

Facts, eh? Who needs them.

Remember the budget spent by the body of the EU is tiny compared to the money, mainly pork, handed out to member states.

As this is about the EIB it should be further noted that this is run by the member states and not the Commission. I'm not a fan of monetary policy being used for stimulus but it was Juncker's declared aim to use the EIB to finance projects in the absence of stimulus from member states. There was a fanciful plan of using EU money to encourage investment from private investors. I'm sure it will all end in tears. But this is more to do with the abrogation of responsibility by politicians in the hope that handouts from the ECB will mean they can continue to sit on their hands (France and Italy are particularly guilty here).

3
2
Charlie Clark
Silver badge
Thumb Down

So the Commission is doing what the EU usually does when it doesn't get the answer it wants: it keeps asking the question, until EU citizens roll over and give in.

This is a gross misrepresentation and does the argument no good. Yes, there is the odd potty project but the audits always show that the Commission is much less wasteful than national governments who love to use the EU to distribute subsidies (set aside premiums for farmland in Bavaria springs to mind),

Its main job is ensuring the single market so this means keeping an eye on state aid, open skies, etc.

As for the money € 20 bn is less than a third of what the ECB is currently giving to the banks every month!

4
7

BOFH: This laptop has ceased to be. And it's pub o'clock soon

Charlie Clark
Silver badge
Pint

So, what you're saying is that jobsworths security guards don't need maiming? I think we know who's buying the next round…

Pint of Sammy Smiths for me, please.

1
0
Charlie Clark
Silver badge
Pint

Re: Quibblage

Well, they're both quantum phenomena but this is closer to Schrödinger: the bomb will go off but the time cannot be known, ergo two quantum states until observed.

Heisinger's principle is that knowledge of some aspects is mutually exclusive. So you can know the laptop's speed but not where it is. You'll come across this in BOFH's labyrinth game…

9
1

Canonical accused of violating GPL with ZFS-in-Ubuntu 16.04 plan

Charlie Clark
Silver badge

Duh, can we finally stop getting Oracle involved into OpenZFS?

No, because everyone wants to vent their frustration on Larry's evil empire. Even, or perhaps, especially when they've got nothing to do with something.

1
0
Charlie Clark
Silver badge
Headmaster

It's Oracle we're talking about: they created a private fork rather than try and get everyone to agree to changes.

0
1
Charlie Clark
Silver badge
Pint

Few points to clear the confusion

You're ruining it for everyone with all those facts!

5
0
Charlie Clark
Silver badge

IANAL either, but I don't think that statement is correct.

It is with the following proviso: any subsequent changes in the licence require the agreement of all contributors. Otherwise a fork is required. Oracle has wisely chosen to fork OracleZFS.

1
2
Charlie Clark
Silver badge
Mushroom

GPL is make work for lawyers

Kids - just say no!

2
9
Charlie Clark
Silver badge

Re: Let Oracle sue

Not Oracle's beef. Fuckwit GPL zealots.

7
14
Charlie Clark
Silver badge

Re: Well!

Just use FreeBSD.

9
2

Awoogah – brown alert: OpenSSL preps 'high severity' security fixes

Charlie Clark
Silver badge

Will Libressl also be affected

Be interesting to see if LibreSSL also releases a patch at the same time and, if so, what it contains: whether this is related to preserving the API or having a similar vulnerability.

0
0
Charlie Clark
Silver badge
Thumb Down

Re: Pisses me off...

... all these tards coming here moaning about how shit it is when it was written by a bunch of guys in their spare time as a hobby thing.

Be that as it may – yes, it was a dismal state of affairs – the project has now had money thrown at it and it still sucks. Version names like 0.9.8zg FFS

Still poor design is poor design. LibreSSL wasn't forked for fun but after a thorough code review which determined that a new start of a less ambitious project would be better.

2
1

JavaScript daddy's Brave ad-blocker hits Android, Apple stores

Charlie Clark
Silver badge

Good luck with Bitcoin stuff

Very hip and all that but will exclude about 99.9% of the world. Blockchains are interesting, crypto-currencies aren't.

hm, maybe a browser from PayPal would work for micropayments… Must rush off to get funding.

In any case the days of the ad networks are limited. They're annoying for users and inefficient for advertisers. Much better to sign up for a vertically integrated network with detailed information about the users. We're seeing this with Facebook and Apple's content offerings. No doubt Google, with all that YouTube experience, also has something in the works. And, if the ads are provided the OS then ad-blockers are going to have their work cut out for them.

0
0

Yelp minimum wage row shines spotlight on … broke, fired employee

Charlie Clark
Silver badge

Re: Funny, when I was her age. . . .

"income inequality" is a chimera.

Sure, but things are not helped by the different (mainly but not just tax) treatment of income and assets which is driving asset bubbles while restraining incomes.

The arguments against a wage floor are now empirically validated: it doesn't destroy jobs and can actually create them because of the increase in disposable income. If you can't afford to charge customers enough to pay it then the job (and presumably business) should go. Otherwise welfare payments start subsidising low wages. Not good.

We're starting to automate people out of jobs permanently, with the rise of industrial robots and follow-on technologies.

Just wait till this starts to hit non-menial jobs. The fear of this maybe one of the reasons behind people flocking to Trump or Sanders. Not that economic policy has ever really mattered in US elections.

0
0
Charlie Clark
Silver badge

Re: Funny, when I was her age. . . .

The article made it pretty clear, to me at least, that Talia James isn't deserving of a lot of sympathy. However, the details of her case are symptomatic of real problems in San Francisco and Silicon Valley because of the recent boom and its attendant increase in income inequality.

To focus on one person is to fall into a trap that it's a unique situation. I might have little sympathy for the person named but, as detailed above, I do think that there is a problem.

4
0

Ker-ching! IBM paid 10 times Cleversafe’s funding for the startup

Charlie Clark
Silver badge

Re: Silly money

It's ten times funding. That excludes assets and whether it has any revenue or not.

You want to see silly money: WhatsApp, OculusVR, et al.

4
1

The other one. No, not WhatsApp. Telegram. It hit 100 million users

Charlie Clark
Silver badge

Messaging apps that offer end-to-end encryption such as WhatsApp

Really? I thought WhatsApp was only using encryption between devices and its servers. You can't do interoperability between platforms unless they all support end-to-end encryption.

0
0

Forums