* Posts by Charlie Clark

2949 posts • joined 16 Apr 2007

Drupal SQL injection nasty leaves sites 'wide open' to attack

Charlie Clark
Silver badge
WTF?

So wrong

From the report this is the actually executed code:

db_query("SELECT * FROM {users} where name IN (:name)",

array(':name'=>array('user1','user2')));

Why the fuck is the query still not running by preparing the statement first and letting the DB worry about the parameters?

God, PHP is so fucking awful!

PS. sorry for the whitespace but El Reg won't wrap the lines for me.

0
0

Man bites dog: HTTPS-menacing POODLE is 'hard to exploit' – unless you're on public Wi-Fi

Charlie Clark
Silver badge

Yes, but…

Even if the threat in this instance is perhaps not so great, the almost universal reaction as "it's time to dump SSL v3.0" is welcome. Maybe we'll move onto removing some more long deprecated stuff before they cause problems.

0
0

Aboard the GOOD SHIP LOLLIPOP, there's a Mobe and a Slab and a TELLYBOX

Charlie Clark
Silver badge

Re: Urgh - I was really hoping they would pull an "Apple"

I may have missed it but when did Apple release a smaller phone?

In any case, Google isn't competing directly with Apple. It uses the Nexus models to showcase Android and its online services but leaves the choice of form factor to the market. This is what led to the oversized phones in the first place, which the market loves.

Now that Android L is out, the next Nexus is presumably going to be a wearable.

1
0
Charlie Clark
Silver badge

I quite like the idea of using it to stream directly from any Android device, which presumably does have local storage or a DNLA client. If that is how it works then it's added simplicity at the cost of running down the battery of the "remote" faster.

0
0
Charlie Clark
Silver badge

One survey suggested that 3/4s of iPads rarely leave the owner's house. It seems reasonable to apply this finding to other tablets of a similar size, and surmise that the tablet can call upon media over the local network.

While it's true that most pads never leave to home, wifi in the home is often pretty patchy so local storage is a good idea for many. Can't help thinking Google has missed a trick not going head to head with Apple on storage but with significantly lower pricing. For watching films an 8.9" screen is better than an I-Pad – it's just as wide but doesn't need to letterbox the film.

2
1

Intel, Asus charge sneak into US mobe market with ATOM-powered PadFone X mini

Charlie Clark
Silver badge

Re: If only they made the phone part...

Certainly think that docking stations / combinations have a place but I do wonder about only having a 7" screen on a phone dock, I'd have thought 10" would be minimum for something that's going to be in the house almost all the time.

4
0
Charlie Clark
Silver badge

Price plans

GoPhone plans start at $40 per month for 500 minutes of talk time and 500MB of data.

Are they taking the piss? I think you get gold-plated bytes for that price in Europe!

3
0

Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE

Charlie Clark
Silver badge

Re: Misleading Language

The internet is supposed to "degrade gracefully" by providing support for older protocols so that you don't wake up one day and find the internet no longer works for you. That said there are cases (and security is certainly one) where a less forgiving approach is warranted and Google is right to remove support for SSL v3 from its browser.

We now have much better tools and resources for identifying potential weak spots than we did even five years ago.

5
2

LOHAN crash lands on CNN

Charlie Clark
Silver badge
Coat

KARDASHIAN

That's got to be some kind of stocking filler!

1
0

Don't wait for that big iPad, order a NEXUS 9 instead, industry little bird says

Charlie Clark
Silver badge

Rumours about rumours

Journalism at its best!

2
0
Charlie Clark
Silver badge

Re: @AC I suspect Google will fail

but you still need to shift units

Only as many as you build, which is why Apple makes the profits it does. It may trip up at some point (I think the IPhone 5c's may have gone for some early recycling) but its control of the supply chain is an example for others.

0
2

Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'

Charlie Clark
Silver badge

Re: Complexity to the point of no return

Do you know that OLE is COM, and COM is "Component" Object Model?

Yes, I know what both the acronyms are and despise them both. I won't dispute that they have utility (in the absence of a proper component model) but this should really be API calls and not executable embedding which is the security risk. OpenOffice for one has a much cleaner implementation of the underlying principles.

0
0
Charlie Clark
Silver badge

Re: Complexity to the point of no return

Yep, ActiveX are legitimate payloads for Office OpenXML files (as are other files…)

Powerpoint is particularly weird as it relies on Excel for charting functionality. Nothing wrong with this per se (delegation avoids code duplication) but the way it does it is far from ideal as rather than using a component it uses OLE…

4
1

How's that big mobile push going, Intel? Oh a million dollars. In 3 months? Wow (sarcasm)

Charlie Clark
Silver badge

Mobile and Communications posted an operating loss of $1.04bn in the third quarter

And the company as a whole still managed better results than a year ago! At this rate Intel can easily afford to spunk 1 bn a quarter subsidising this but it might worry whether the kind of competition, and the associated lower prices, are a taste of things to come in the data centre, if/when a 64-bit ARM ecosystem becomes available.

0
0

Son of Hudl: Tesco flogs new Atom-powered 8.3-inch Android tablet

Charlie Clark
Silver badge

Re: Intel Atom?

Unfortunately, they're usually bootlocked.

0
0
Charlie Clark
Silver badge

Re: How much is this costing Intel?

@Ledswinger I don't remember ARM chip being priced anything like that high. And devices around the £100 mark they certainly can't be so the implied loss will presumably be even higher. There's an Intel inside notice on the device which means there's also a marketing subsidy.

Let's hope for Intel's sake there are no deal-breaking apps that won't run on the device.

1
0
Charlie Clark
Silver badge

How much is this costing Intel?

I assume someone will do a teardown soon but I wonder just how much Intel is bankrolling this (and presumably similar devices via similar channels in other countries) just so they wave some tablet sales numbers at the next earnings reports even if the section still continues to lose money.

The performance numbers are interesting. I would expect a quadcore x86 to cream ARM, that it isn't is testimony to how much emulation is going on. Still very respectable battery life an 8" - 9" is the soft spot for tablets in my opinion, though video should run on the GPU so in this case, you might want to compare games performance. My guess is that won't be that good but might get pretty be hot!

It's about 150g heavier than the similar sized Samsung 8.4 but a fuck of a lot cheaper and these things aren't supposed to be used one-handed (ooerr).

So, a winner all round? Possibly, except for Microsoft who really need to own the cheap x86 tablet space.

3
0
Charlie Clark
Silver badge

Re: Rootable

The Intel ones generally can't be rooted.

1
0

Mobile coverage on trains really is pants

Charlie Clark
Silver badge

Offload to Wifi

Bandwidth is always going to be limited so some for of throttling to reduce contention is inevitable. The smart thing, of course, is to use pico or femto cells to offload the traffic to a fat pipe, though I suspect video is generally out of the question.

The Dutch rail companies now provide some form of free throttled wifi on all their trains but public wifi spots carry an inherent security risk that cells can avoid.

0
0

Web Devs: Learn to build high performance websites to banish autumn blues

Charlie Clark
Silver badge
Trollface

ha ha ha

Want to build a fast website? Don't use .NET

13
3

EE TV brings French broadband price war to the UK

Charlie Clark
Silver badge

Re: They just don't get it ?

Your list is a bit too all encompassing and mixed loyalty bonuses (Orange Wednesdays) with service bundles, of which I suspect bundled sport is likely to be pretty popular. But in general I'd agree with you that most people are pretty meh about 3-play, though many will sign almost any contract to get a "free" new phone.

Things get more interesting when they get free wifi roaming on the back of, which is appealing to VMNOs as it allows them to offload data from expensive rented 3G and LTE capacity to the internet.

0
0
Charlie Clark
Silver badge
FAIL

Atrocious copy

As you look around Europe, Orange or T-Mobile have been successful in most smaller markets with the exception of Italy, Spain and the UK.

The UK and Italy, and to a lesser degree, Spain are considered large markets in Europe. Add France and Germany (the home markets of Orange and T-Mobile) and you've go the largest markets in the EU.

The comparison with Sky is laughable: it's not about the number of households watching stuff they can get on DVB-T anyway but the number of them who sign up for added-value channels, which is Sky's main business.

Using BT wholesale service is an easy (and cheap) way to offer service consolidation. Fifteen years ago Deutsche Telekom and France Télécom were cooperating significantly then came the UMTS auctions. EE is simply the result of one not being prepared to buy out the other. Given that in other European markets the number of providers has been allowed to drop to 3 (merger of E-Plus and O2 in Germany is going ahead), there's no reason why that wouldn't happen in the UK, though there would then have to be some reallocation of spectrum. Presumably nobody's made the right kind of offer yet. Orange UK was large enough to be profitable so I EE probably is as well, meaning there is no urgency to sell.

Orange's DSL boxes are also woeful.

0
0
Charlie Clark
Silver badge

Re: Price war in France?

It's a Faultline piece – factual accuracy is optional.

3
0

Microsoft confirms Surface NOT DEAD YET, next-gen version coming

Charlie Clark
Silver badge

I think the problem is that there simply aren't enough companies interested in it to make it a viable proposition. It's not more for me but there's not doubt that the Surface Pro has some clever technology and solves some people's problems brilliantly. And it's probably much better as notebook replacement than an I-Pad is. But the PC market is about massive scale with significant penalties if that can't be achieved.

Microsoft has the cash to continue with the Surface Pros, after all what's 1 billion compared to amount spunked on Nokia, Skype and Minecraft? But it's not doing them any favours with the dwindling number of OEM partners that make its market. At some point Microsoft will have to choose whether it wants to do an Apple and be the sole supplier or return to doing just the software.

1
0

Was Nokia's Elop history's worst CEO?

Charlie Clark
Silver badge

Re: Too slow

Nokia went off the rails LONG before iPhone, probably about 2002.

Definitely agree with that, apart from the Communicator Nokia's Symbian phones were shittier in every aspect than Ericsson's. Problems with Symbian and some woeful TI chips encouraged Ericsson to jump ship to Android and then get out of the handset business. With a unified and focussed Symbian and better chips things might well have ended up differently. At least ARM chips came out of the debacle as the standard architecture.

4
1
Charlie Clark
Silver badge

Re: Um, no...

@Krisitan Walsh, thanks for the detail on the way you experienced things.

0
0
Charlie Clark
Silver badge

Re: Um, no...

Any conspiracy must be Nokia's not MS's

You can be certain that some shareholders profited very handsomely from the deal, which was in cash. Microsoft was able to use some of the tons of non-US cash for the deal that would have otherwise been subject to tax if it had been repatriated and paid to shareholders as dividends. An even more egregious example of an elaborate tax avoidance scheme was the Skype purchase where Microsoft bid against itself to spunk $ 8 bn on a loss-making business with little or no IP. At least with Nokia it got some tangible assets that it could dispose of.

In these deals it's almost always customers and employees who lose out.

2
0

Google hauls Java-on-Android spat into US Supreme Court

Charlie Clark
Silver badge

Re: Intel vs AMD?

IAMNAL but I think the Cyrix stuff demonstrated compatibility without a licence. Sometimes companies pay to play to get more information on the specification or to be able to brand their equipment as compatible but I'm not aware of any legal impediments.

1
0
Charlie Clark
Silver badge

I see APIs as similar to specifications. Copyright is relevant and important in terms of the specification itself: ie. who may duplicate and amend the specification but it says nothing about implementation which are authorised by the spec.

Patents are all about implementation and not relevant to the discussion here.

1
0
Charlie Clark
Silver badge
Thumb Up

Good for Google

Get this clarified in the US once (and hopefully) for all.

10
1

Apple KILLS SUPER MARIO. And Zelda. And Sonic

Charlie Clark
Silver badge

Re: Nintendo

I wonder if the bean counters at nintendo have any idea how much money they could rake in if they ported a load of games iOS

Why bother porting? They can make money simply selling ROMs for the emulators.

3
0

Windows 10 feedback: 'Microsoft, please do a deal with Google to use its browser'

Charlie Clark
Silver badge

Re: It would actually be a smart business move for Ms

@Frankee I think it would be cheaper, too. All they'd have to do is stop the Mozilla people from working on pet projects instead.

But I can't see anything like that happening until they start losing share in their corporate customers, many of whom still depend upon IE 6 compatibility. :-(

5
0

LTE's backers vow to KILL OFF WI-FI and BLUETOOTH

Charlie Clark
Silver badge

Going nowhere fast

I think Bluetooth has been successful by not being all things to all men, eg. working cooperatively with WiFi. Like WiFi it's become so ubiquitous that it's going to be difficult to shift. There are also advantages in having different radios in a device: the Bluetooth one is owned by the device, not the network.

But the more I think about the suggestions the more I think this is a glorified spectrum grab: get LTE in the unlicensed spectrum areas.

PS. Welcome back, Bill

11
1

How much is Microsoft earning from its Android taxes again?

Charlie Clark
Silver badge

I'm not convinced by the sums as it seems to ignore Samsung's other businesses which might be affected. If it's the FAT32 then their TVs are also likely to be listed then there's the PC market which, while ever decreasing in size, has usually much higher unit payments.

0
0
Charlie Clark
Silver badge

Personally I think there's still quite a lot that Android vendors can differentiate with including: screens (I go for AMOLED, some prefer LCD), speakers, built-in memory, removable battery, SD-card support, customisation (worked great for Nokia when it was selling commodified GSM phones), waterproof, size (compact, standard, oversized), battery life, use in bright light, camera button, screen resolution, wireless charger, NFC, etc.

If you think this is trivial just look at any other commodified market and see what works there.

0
0
Charlie Clark
Silver badge

The agreements aren't public so we can't be sure. What is known is that Microsoft has for several years been asserting its FAT32 patent on storage media. It's coming to the end of its life, not just in terms of when the patent expires but also due to the restriction in file size: once people routinely start faffing around with HD video the 4GB file limit will be a problem.

The solution will be to use an unencumbered file system and possibly rely on something like MTP to handle this for read/write access when the device is plugged into another.

1
0

Linux systemd dev says open source is 'SICK', kernel community 'awful'

Charlie Clark
Silver badge

Re: Blaming Thorvalds is easy...

Linus' discussions with Tenenbaum were indicative of how he behaves. That said, I don't think his occasional outbursts are a real problem. Sometimes you have to tell someone what they're doing is no just wrong but total shit.

I prefer the BSD development model over the release early, release often chaos of Linux, but that hasn't excluded the odd high-profile tantrum.

1
0
Charlie Clark
Silver badge

In other news

It was announced that the earth revolves around the sun.

Peer review can get nasty (it did in Newton's time). Just as some people need to develop thicker skins, others can also learn to be slightly less of dick.

3
0

HEVC patent prices are out. Look who's NOT at the codec party: Microsoft and Google

Charlie Clark
Silver badge

Re: VP9 has no chance

What reason would any streaming site have for using VP9, which would only work on Android phones (and even then it would take several years before the majority of them are on a recent enough software version to support it)

Neither VP9 nor HEVC have any chance as a software only solution: they currently bring even high-end x86 chips to their knees.

This will be a time-to-market race for hardware and content. If either solution has significant technical (faster encode or uses less power) or financial advantages (total cost to encode and distribute) then that could be decisive.

1
0
Charlie Clark
Silver badge

Neither HEVC nor VP9 are finalised yet. This is a big difference to h264 and VP8: h264 was finalised and in lots of silicon before Google bought OnVideo.

The Android market is now what of the biggest for video so only fools are going to ignore it.. Google gives anything running on VP9, including its own services a headstart. We'll have to see which chipmakers cough up for HEVC but I suspect Mediatek might not.

1
0
Charlie Clark
Silver badge

Dear Faultline

Please at least have someone proofread your stuff.

You seem completely to ignore that Google has mandated hardware support for VP9 for future Android releases. That means VP9 will definitely be in devices and Google will have content for them.

0
1

So long Lotus 1-2-3: IBM ceases support after over 30 years of code

Charlie Clark
Silver badge

Re: Mistakes?

OS/2 had two big problems.

IBM's biggest mistake was letting Microsoft work on OS/2.

OS/2 was built for companies which is why it had all kinds of network and terminal emulation support that Windows never got. By making, and marketing, OS/2 as "a better DOS than DOS, a better Windows than Windows", IBM provided little incentive for users (and therefore software companies) to port to OS/2. If 1-2-3 and Wordperfect on OS/2 had significant advantages over their Windows versions then things might have been different.

You couldn't crash it but programs could quite easily cause Presentation Manager to hang, which was pretty much the same to many.

0
0
Charlie Clark
Silver badge

Re: Source code and licensing

Wrong thread?

0
0

Microsoft's nightmare DEEPENS: Windows 8 market share falling fast

Charlie Clark
Silver badge

Re: I don't get it

It's quite simple: people aren't buying new PCs; companies, in general, are using Windows 7; this article ignores mobile.

2
0
Charlie Clark
Silver badge

What's missing from this article?

Apart from the usual attempt to corroborate the reports with El Reg's own numbers?

Any attempt to take the rise in mobile devices into account. We're seeing + 20% YoY mobile traffic (Android now growing faster and larger in absolute numbers than IOS but elsewhere IOS is still the biggest). This means all other OSs must be losing market share. See Akamai's numbers (not broken down by OS

The XP to 7 migration is still going on in companies but consumers are going Windows to Android or IOS.

1
0

Etsy security rule #1: Don't be a jerk to devs

Charlie Clark
Silver badge

Re: Easily pleased?

The critical thing is: the author of the item under review is not to be castigated or dimished for any failures, improvements etc found or he will just become defensive and uncooperative.

I think that's the key thing. I've not yet come across a one-size-fits-all methodology that actually works but I much prefer automatic static code analysis and tests (including test coverage) over code walkthrough.

Security bugs are often not picked up in code review but pen testing can be included in a CI setup.

0
0
Charlie Clark
Silver badge

Re: Easily pleased?

While it was nice to get the recognition it made absolutely no difference to how an individual performed.

Just being polite enough to recognise the contribution is a start. Sure, these things are often trite and immediately devalued by corporate culture but encouraging employees in their jobs is part of the service that managers need to provide.

9
0

Oracle will 'kill MySQL' and steal its users? Ha ha, haha, ha. Seriously, we won't – Oracle exec

Charlie Clark
Silver badge

Re: Thank you GPL

It's impossible to kill any open source project. The GPL is just food for lawyers.

0
0

Internet of Things? Hold my beer, I got this: ARM crafts OS to rule them all

Charlie Clark
Silver badge

Re: Too many cooks

It's the usual marketing blurb. I'm sure most are happy that ARM is taking the lead but they get source code when then need it. More important will be reliable documentation and knowledgable support.

1
0
Charlie Clark
Silver badge
WTF?

The idea here is so that people who are handy with C++, JavaScript, HTML, Swift and other languages for phones, tablets and desktops can prototype and build applications for fiddly hardware ultimately hidden away under the mbed stack.

What? Both of them?

I'm not sure where this idea came from but it will take some work to convince me that the async patterns of the web-twiddlers will work well in the embedded world. But Erlang might see a renaissance!

0
0

Forums