2778 posts • joined 26 Jul 2008
>>"Bit unfair if you think that's a troll's comments."
Okay, on reflection my comment was a bit mean-spirited and troll was not the right word to use. However, I find the comment ridiculously sweeping and it's also typical of the kind of view someone without any knowledge of a subject holds. In other words, very uninformed. All I was really doing was observing that some inaccurate comment on a thread had spawned an entire two page article rebuttal. It just amused me as a response. (Not that I didn't enjoy reading it).
When Tim Worstall feeds the trolls, he gives them a full burger and fries, doesn't he?
I thought *my* responses to stupid comments were lengthy. I've never got a full article on El Reg for one, though.
I got from their comment that the poster thinks there are no female economists.
Re: I do wonder
>>"Samsung has probably reached a point where it can actually bring up the fight against Microsoft. It would be interesting to see those patents either invalidated or proven not to be infringed at all"
This case has nothing to do with the validity of the patents. Samsung are trying to exploit what they see as a loophole resulting from the Microsoft acquisition of Nokia's devices and services division. It's almost entirely irrelevant to what the patents actually are.
>>"The patents can't be that solid and defensible. Note that when challenged on the Nook (which runs Android), Barnes and Noble came up with 20 pages of prior art, which led to them getting a nice deal from MS to shut them up."
This "nice deal" involved Barnes and Noble selling a very sizeable chunk (about a fifth) of their ebook / Nook business to Microsoft who was very keen to get an In to the sector at the time. It's also odd that you think a company B&N could easily come up with ways to shoot down the patents and get MS to back off but a company thirty times their size in total assets and over a hundred times the annual NET income of B&N (Samsung) would just roll over and comply. You haven't thought this through at all.
We don't even know that all of the same patents were involved! And the costs between the two companies are not at all comparable. "Twenty pages" that were never tested in court? A lawyer I saw produced more than that for a minor action I was involved with. It's meaningless without specifics. That could have been twenty pages of worthless drawings for all that we know. All that we do know is that B&N sold a large slice of a valuable and growing business to MS in response to the licence request.
Re: Remove the patent issue?
>>"The sooner that its known perhaps those bits can be "fixed" :)"
All the licencing phone manufacturers obviously know what they're licencing by necessity. And Google certainly know. If it were cheaper to work around the patents than to licence them, that would definitely have happened by now.
>>"Sure there is a load of patients, but how many were thrown in to make it seem more palatable in the horse trading?"
Throwing in weak patents would be counter-productive. You'd just delay payments whilst targeted companies got them thrown out and generally undermine your own case on the strong ones by association. You don't intimidate companies that are substantially larger than you (such as Samsung is to Microsoft) by throwing in a few extra items in the list that the larger company will immediately recognize as an exploitable point for tangling you up in court.
Re: I do wonder
>>"1. The lag between R&D spending and Patent granting is HUGE - it probably takes 10 years to realise the R&D spend in a granted payment."
Microsoft is rather more than ten years old. Founded in 1975 as it happens. And they've historically put a lot of resource into R&D. Not to mention they have a history of buying up competitors along with any IP that goes with that. I can't comment on Samsung's R&D budget as I don't know much about it, but the above counter-argument is wrong.
>>"2. Most of that $3.29 payment probably comes from 5, 10 or 20 year old Windows and Dos patents, and is no guide to what M$ is doing now."
Speculation. All we can reasonably say is that FAT is probably one of the patents. But we don't know about the rest of them.
>>"Its probably already been published, but how did Microsoft come to own patents on android?"
They wont be patents on Android per se. That's not really how patents work. They'll be things that were developed that Android infringed on. FAT filesystem is the popular suggestion but there's obviously more. It's been kept between the companies and MS so far.
And this whole story isn't about the validity of the patents. If it were, Samsung would have challenged on those grounds long ago. It's Samsung attempting to exploit a possible loophole in the Nokia acquisition. Patent validity is nothing to do with this.
>>"Maybe they are afraid that they would be laughed out of court if they did disclose what they were because there is fare too much prior art."
Yes, because if the patents were weak or easily invalidated, Samsung which is much larger than Microsoft and legendary for its litigiousness and cavalier attitude to other people's IP would certainly not have challenged them.
Re: Separation of handset and OS
>>"I wonder how long it will be before we see a separation between handset and operating system?"
It's already happened. I had a Nokia phone some years ago that I pulled the existing OS off and put Maemo on there. It still works. Unfortunately never achieved mass-market. It could have been Android before Android was. And it wouldn't have been tied to a particular corporation.
>>"It's a kids programme. Why the hell are adults getting so up tight about it?"
I can live with the sex and violence in all the shows kids watch and games they play. But object very strongly to them being subjected to bad science. That's harmful!
Re: It's Dr Who
>>"Sorry, that rebuttal doesn't work. What part of "basic, secondary school level physics" allows for - well, any of the points in the post you replied to?"
It does work, actually. There's this recurrent and flawed attack on anyone who criticizes science flaws in a show like Doctor Who which goes something like: "It contains Time Travel and a box that's larger on the inside, so why criticize something like a solid gold arrow being shot hundreds of metres..." or so forth (drawing my example from the last episode I watched). Essentially the position is that it's already demonstrated it's not realistic so what does it matter?
It matters because Suspension of Belief is not a binary thing that you invest in utterly or turn off completely. Time travel is something that we've never encountered and doesn't contradict "basic secondary school physics". It may contradict very advanced physics but even Stephen Hawking didn't think so for a time so we can state that its presence is not going to clash with most people's understanding of science. It's a conceit that is allowable. But moons multiplying rapidly in mass, creatures laying eggs bigger than themselves a few minutes after being born... These things DO clash with our everyday knowledge. And thus more greatly damage our suspension of disbelief.
Generally in Science Fiction you're able to have one or two "impossible" things in your "what if", and get away with it. So Arthur C. Clarke can throw in Faster Than Light travel, or Peter Watts can have his alternate strain of hominids that passed undiscovered, and you can otherwise get away with it as "hard" sci-fi. But when the "What If" becomes "Why not?" it begins to pile up to levels that turn off ever more people.
And that's what's happening to Doctor Who. The writers aren't having the moon multiply rapidly in mass because they have a good grasp of science and an idea or conceit as to why it's not applying in this case. They're doing so because either they have such poor understanding of science that they don't know better or because they have simply ceased caring in their rush to produce whatever character moment pops into their head. Whether it's ignorance or laziness, neither is a positive quality.
Re: looks like no more Who for me...
I'm British and I can't be bothered with it anymore. I watched most of the Tennant and Smith era and whilst there was some rubbish in there, it also had some gems. And it was nice to have a pacifist, intellectual hero in amongst all those solve with their fist types. And after all that, the new series has managed to pretty much kill my interest in about three episodes. Didn't watch this one, didn't watch the last one. A pretty repugnant character in badly plotted nonsensical episodes. Even Clara is barely holding together as a believable character because the actress is so good,
The tragedy is, Peter Capaldi is a really good actor and I like him a lot.
Re: Class action law suit
>>"NO WAY am I willing to 'try out' a known keylogger."
I am. They've just provided me a way to Google-bomb Windows. I'm going to open Word and type Tony Blair and delete it in favour of "lying scum" a few thousand times. Heck, I think I can probably script that simulating keyboard events.
I'm picturing Cherie Blair typing a letter about her husband and the autocorrect just unexpectedly replaces his name. It makes me feel happy just picturing it.
Re: ZUCKING COPYCATS
Orson Wells did it by accident. He fell victim to the same flaw other intelligent people routinely suffer from - assuming other people are intelligent as well.
I doubt Facebook management even assumes their users are people. Just statistics by that point. They're probably as confused as you would be if a graph started complaining to you from the paper you'd drawn it on when you changed a line. Users == Money to them, Users =/= People.
>>"The modern calc (or a note taking app) could actually be useful if they let it dock to the side, and use the width afforded by wide-screen monitors"
I do that in Windows 8 currently - dock a Metro app on one quarter of the screen and have the Desktop in the rest. It works really nicely for Skype or other programs. I don't know if I'll still be able to do that in the new version. It sounds like MS are giving in to complaints and backtracking on most of the things I like about the UI in Windows 8.
Re: It would save time if ...
Honestly, I almost wish Scotland HAD voted 'Yes'. Then the Conservatives wouldn't feel so under pressure to adopt the policies of UKIP in a pathetic attempt to claw back some of those votes (a tactic that almost never works as the vote shift is more based on image and flag-waving than rationality). Also, we'd be significantly less likely to get a Labour government anytime soon. I would rather evils of the Tory Party than the reactionary, ideological idiocy of New Labour.
Oh, and on topic? I'd actually agree with this person on an open discussion about where to draw the line between protecting society and individual rights, except for the fact the last decade is a year by year lesson in the fact that the government will use any unethical or illegal means it can get away with to spy on us and needs to be beaten back with a stick repeatedly and forever.
Re: There are enough arguments against "net neutrality" proposals...
>><"They may have different versions how it should be implemented. But they all boil down to one core thing, all data should be treated equally. Not hard to define is it?"
Actually, that's not a good definition. A better one is that all PROVIDERS of data should be treated equally. There are good reasons why you might want to prioritize packets of streaming video or voice calls over an email or a torrent of a GNU/Linux distro. It's okay for different TYPES of data to be treated differently. What's not okay is if Google's streaming video gets treated as a priority over some other video sharing website.
Yes. And all <fnord> parts of the catapult are being specially manufactured in Barvaria by Weishaupt Industries.
Re: How to check?
>>"Don't Windows Servers use BASH? Not feeling so smug now, eh?"
Not sure if you're just really bad at over-elaborate sarcasm, or thick as a pig. I'm leaning toward the latter.
Re: A bad decision works out well
>>"It's the external company's problem now."
You're not by any chance a government employee in charge of hiring third party contractors, are you?
>>"Simple task: how can I test my apache server for vulnerability, how can I switch off CGI altogether?"
To test it, you'd have to write something that passed the exploit into an environment variable. Simple enough, but application specific so I can't answer. Maybe someone else can suggest something. To turn off SSI and CGI on Apache, use the following options:
Or if it were on a directory by directory basis:
Options -Includes -ExecCGI
Hope that helps. I'm not an Apache expert.
>>"Code on Unix like systems can not run with any more permissions then the program at the interface ie the web server"
This again? Same thing was posted in the last article on this and it was just as foolish then. The above is true and yet does not make such a compromise less of a disaster. If I can execute arbitrary scripts with the privileges of the web server I can scarf all the data from whatever database is running your site, read all the application code for your site and look for other vulnerabilities, subvert your site to distribute malware or capture your users' credentials... And a lot more. The above is a very big thing.
Well with a lot of sunshine your menstrual cycle can shorten (ovulate more) so maybe with the Midnight Sun phenomenon and reeeeaalllly long days, your "fecundity" could technically go up?
Best I can come up with.
Re: It's not about the ads
Until someone flags it as happened to hundreds of people recently who Facebook now insists they provide a real name and birth certificate:
Personally I'm fine with paying a little money for a service. The thing about ads is that it's all about volume (as they have a really low return rate) and it doesn't take much actual direct payment from your users to match or exceed what you get for shovelling ads in their face all day long.
I used to be a Premium Spotify subscriber way back - perfectly happy to pay the modest fees for the ad free service. I only left because these days they insist on Facebook integration and are all about tracking you.
Re: @beep54 So What?
>>"I wonder how many people would pay $175 a year for a social network"
I imagine it would weed out the trolls beautifully.
El Reg really have outdone themselves with this headline. Very nice!
Re: It's not about service to customers (dhuh) it's all about profits
>>"8K HiDef TV's are not, and will never be mainstream, so there's no need to worry about"
Indeed. 1080p should be enough for anyone.
Re: Linux novice question.
>>"Interesting you should say that. This suggests you are looking at design patterns rather than coding errors."
Actually, though I've never put it in those terms, the older I get the more that is my first approach to reviewing code. Reviewing other people's work is one of the things I do professionally these days (I consider myself very lucky, btw) and I do start with this if I'm beginning at a high enough level and it's not just "is this okay to push live?"
I would be very, very interested in any automated tools or approach to testing design patterns. I suspect like many problems, once we can formally define it, automating it will be straight-forward. And that would be a very big deal. (I got modded down furiously the other day, btw, for suggesting that within my lifetime computers would one day be better programmers than humans).
Re: That was quick! In comparison to Windows, for example...
Well technically speaking, it took 22 years to fix. So let's not use this bug as a reason to attack others... ;)
Re: I can connect to whatever database powers your site
>>"You might be able to connect but you cant scarf any data from it. Any sensible web admin will have configured it to not to allow random sql to be run over the connection between the web server and the DB."
The number of web applications that assemble their own SQL: very high. Even if they don't assemble it dynamically they read it from a file of SQL statements on...guess where: the web server.
Number of web-applications that retrieve data ONLY by pre-created stored statements in the database: far, far fewer.
Number of web-applications where even pre-created stored statements couldn't be abused to extract tonnes of confidential data: vanishingly small.
In short, being able to execute arbitrary code with the privileges of the web server is a massive security flaw and don't pretend otherwise.
Re: And they said I was crazy
>>"My impression is that it inherits the bad qualities of standard *NIX shells and adds a bunch of its own"
Your impression is very wrong. It's fundamentally different to Bash. They're very dissimilar. For example, Powershell is entirely object orientated. This isn't really the place for it, however. I'll link back to an old discussion on it if you're interested. Link. It started off just asking what was the best Powershell terminal but then some people turned up and started ranting about how inferior Powershell was to Bash and it became a very informative discussion (albeit some people got pretty upset). If the above is your genuine impression - that Powershell is Bash with worse bits grafted on, then seriously - read the above and see what you think.
Well, unless your Windows computer connects to a webserver running GNU/Linux which has been compromised using this exploit and serves you malware / steals your credit card info / exposes your real identity / etc. A security problem like this is a problem for everyone regardless of favoured OS. One reason I hate all the football team mentality - it's such an attitude of "I'm alright so that's all that matters". No islands on the Internet.
Re: oh yes?
>>"using whose login credentials? You dont think that a readonly access to limited data is te same as full access to everything and to get that password anyway"
No password, no login credentials. Post I replied to talked about "only" having privileges as the webserver. I'm quite right to point out that webserver privileges allow a huge amount of dangerous activity. If I can execute arbitrary scripts as the apache process I can do all of the things I described as more.
>>"and apache does nit have access to the scripts necessarily."
You're creating your own scripts with this exploit over CGI.
Re: Wow that was quick.
Well it's not exactly an involved fix. Someone has basically just added code a patch which scans environment variables for the beginning and end of a function definition and then spits out the text "error importing function definition for Foo'" if there's anything still trailing after the definition. The patch is probably about six lines long. ;)
It's not even what you could call a good long-term solution (though it will probably end up the long term solution due to lack of other easy options), it's just an "OMG!PATCHTHISNOW" bit of coding.
The real joy is tracking down and fixing all the vulnerable systems and worrying about whether you've been compromised by this exploit, not that it's been patched today.
Re: Wow, just wow
Yeah, I think you can spot the difference here between the professionals and those with a football team mentality. Someone further up was dismissive of the problem because it "only let you execute with the privileges of the web server". That's actually only talking about the HTTP vector but anyway, who think's that's not a security disaster?
But six people have modded that post up so far I'm presuming because it sounds wise or supports their belief in an OS's invulnerability. It's a quite alarming degree of smugness.
Re: Linu novice question.
There isn't a completely solidly centralized process of testing with Linux but testing of it is done. You have things like the Linux Test Project and there's Autotest. There are a variety of tools for testing.
The problem with something like this is that it's a design error. The reason you can pass function definitions into environment variables is so that when a Bash process creates a child shell, it can inherit the parent's defined functions. So a child shell is created, environment variables are inherited and when that happens the child shell notices something has a () in it and executes it thinking it's a function definition.
It's almost stereotypically old school UNIX. Someone needed something to happen, saw a quick and simple way to achieve it, implemented it. It's what I call the 'Stallman Approach'. Need something - build something.
With a more modern design, more OO-based, this probably would never have happened. But UNIX/Linux is very big on passing around text (the basis of all its pipelining and things such as this). We didn't have all this new-fangled OO stuff back then. Seriously - I remember when OO was the new thing. We had Bash and Vi and we MADE THEM WORK!
Anyway, I've gone on a slight side-track. The point is, that yes there are automated test tools and some automated testing is done (though lots of room for improvement tbh). But that something like this is really hard to pick up with automated testing. There's NOTHING wrong with the implementation of the code. No out by one errors, no buffer overflows, it doesn't access memory it's not supposed to. It's just excellently written to do something it shouldn't.
TL;DR: Design problems are tricky.
Re: Linux = Making Windows look Great
You're an idiot troll looking for attention by attacking people far more talented than yourself. You couldn't do better and you've clearly never even tried or you'd know how hard developing ANY modern OS is. Hint: "beyond you."
Re: Always been there or new?
>>"No, the article says The vulnerability is present in Bash through version 4.3, which is somewhat ambiguous, but means basically up to 4.3. The article also says the bug is 22 years old."
Oh shit. Thank you for correcting me. That means we've had a major vulnerability for a really long time. I find it really unlikely there aren't people out there who haven't know about this.
Note, the vulnerability notice I've read says problem since 3.0 which would mean at least since 2005. I'm not sure where the 22 years comes from. But I'm nit saying you're wrong.
>>"You can only do things within the privileges of the web server"
I don't think that word "only" means what you think it means. Give me arbitrary execution on a server with Apache's privileges and I can do quite a lot with that. At the very least I can connect to whatever database powers your site and scarf all your data, read all the code of your site (looking for other vulnerabilities) and we haven't even got to subverting your site to serve malware, yet.
Fortunately I don't think so many webservers these days run CGI, do they? But still, there is a reason experts have classed this as a '10 out of 10' for seriousness and it's not because they know less about it than you do.
Also note that you're only talking about the HTTP vector. There are others, though that is the most likely.
Re: Always been there or new?
>>"If the former it's scary to think just how many holes there must be out there"
Article says it's been present since 4.3. IF that is correct then that means since around February this year. Obviously distributions will vary according to precisely when they became variable, but we're looking at that sort of time span of vulnerability where it wasn't known. Patching everything may take some time.
Re: No ugly feminists
>>"If there is a hint of truth to what you've said, think about it, a world in which men judge and treat women based on their looks, and the group that end up trying to fight that aren't as good looking as the group that accept it. Is that really too hard for you to work out?"
Possibly, but the real reason for the "ugly feminist" attack is pretty much always just an attempt to dismiss feminist arguments on the supposition that their only motivation is that of a bitter loser vengeful because a man doesn't want her. It's a peculiarly sexist attack which supposes a woman's beliefs are determined by male desire. And like all ad hominems, is a way of avoiding an argument in favour or discrediting its proponent.
I think that may be the best comment on the topic here. Thank you.
>>"really wonder what would happen if a local pool held a 'male only' swim session.... there would be uproar"
I highly doubt that. It would probably just raise the odd eyebrow because some would assume it was a Gay event. Fact of the matter is that there is little demand for a "male only" swimming session because few men feel sufficiently uncomfortable being stared at by women that they'd require it. But for some women of muslim background, it's the only way they'll feel comfortable to swim. Most such women would probably be happy for there to be a male-only session because then people such as yourself would have less justification for criticising them for wanting a private female only session.
TL;DR: There wouldn't be a big "uproar" and there's no devastating double-standard for you to exploit here. If you think otherwise, feel free to try and organize a men only session and see if the response is outrage or apathy.
Re: "Positive" decrimination and feminist conditioned men are oppressing men.
>>"If you want equality of opportunity you are an MRA, not a feminist. Try for yourself and see what responses you get when you talk to feminists about equality rather than special privileges for women!"
I've been a feminist since I was at school - which is quite some time ago, and I'm fairly well-read in feminist theory. I've been an active feminist on many an occasion. What you say is not true. We, on the overwhelming whole, believe in equality, not female privilege. Nearly all popular feminist writers have this position and it matches the popular definitions of feminism (and I have linked to sources elsewhere showing this). I don't need to "talk to feminists", I am one and have been active in actions that can be legitimately called feminist (and those actions had plenty of men in them also). Quite simply, stop assuming authority and pronouncing on what feminism is. You wont find anything close to a majority of feminists agreeing with your description of us which, by definition, makes you wrong.
Re: No ugly feminists
>>"So why do women flaunt their beauty"
Quite right - women are to blame for men finding them attractive and must take responsibility for it. More veils are needed so that women can be more modest, clearly.
Re: Preserving modesty
Just because something doesn't bother you, doesn't mean it doesn't distress other people. And this is something that is shared by most of the human race. That you claim to be different to the majority of people (who would be distressed if private activity was shared and pawed over by the whole world), doesn't mean you should dismiss everyone else's feelings.
Re: "Positive" decrimination and feminist conditioned men are oppressing men.
I don't believe you have read what Emma Watson wrote at all. You write multiple paragraphs about what's wrong with doctrines of women being superior, of 'denying that men and women are different', etc. And yet her speech is all about men and women being treated with equal courtesy and respect and coming together. Find anything in her speech which supports your rant, please! You've just used this as an opportunity for your own axe-grinding.
As to "recognizing that men and women are different", you clearly haven't thought through what the meaning of "equal opportunity" actually is.
Even if there are different tendencies between men and women (and the fact that gender ratios in science differ markedly between nations and cultures despite the same genetics indicates there's a long way to go before we've eliminated cultural bias), those tendencies were have to be staggeringly high to make it more efficient to discriminate on gender than individual assessment. Like on the order of 50% average difference in ability level.
It takes only a basic grasp of statistics to realise that a slight difference in average ability in an area does not support discrimination on an individual level. That is why I know you are arguing from a political / personal viewpoint, rather than on a scientific basis. And that you suppose these "differences" are primarily inherent rather than cultural / sociological is shot down rather badly by the fact that, e.g., the sexes are far more equally represented in computer programming in say India, than they are in the USA. And many similar examples.
Re: Libertarians turn to civil authorities again for redress
I don't see anything in the article about "Libertarians", just customers who have been ripped off.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Human spaceships dodge ALIEN BODY skimming Mars
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops
- Origins of SEXUAL INTERCOURSE fished out of SCOTTISH LAKE