Feeds

* Posts by the spectacularly refined chap

441 posts • joined 27 Dec 2008

Page:

Buying memory in the iPhone 6: Like wiping your bottom with dollar bills

the spectacularly refined chap
Bronze badge

Re: If I may interject...

You're not buying memory. You're buying storage.

It's still memory - it seems these days there's a tendency to assume that typical usage in relation to conventional modern computers must be some kind of universal truth, so you end up with that kind of false distinction being made or even claims along the lines of "by definition, secondary storage is non-volatile..."

I recall at one employer they retained a machine from the 70s, mostly as a curiosity, which completely dispelled that myth. Main memory was non-volatile (plated wire memory) but the secondary store was an electrostatic drum store and yes, it was volatile. Showing that machine to some people was enough to make their heads spin.

2
0

JINGS! Microsoft Bing called Scots indyref RIGHT!

the spectacularly refined chap
Bronze badge

but since the spineless raving conliblab party started promising to take an even more disproportionate amount money from the rest of the uk and give it to salmond's whiners (promises that were in no manifesto at the last election and were never approved by parliament) i'm thinking 'yes'

The current proposals explicitly main the Barnett formula, the only change is giving the Scottish Parliament greater leeway in setting taxes. This was indeed mentioned at the last general election. I'll quote the Conservative's 2010 manifesto since they're the senior party in government:

The Scottish Parliament should have more responsibility for raising the money it spends.

It's not their problem if you didn't read it.

2
0

OECD lashes out at tax avoiding globocorps' location-flipping antics

the spectacularly refined chap
Bronze badge

Re: probably not enough

You don't think the super rich shove their millions under the mattress do you? If they buy shares or bonds the money is in circulation. If they stick it in the bank it gets lent out again, putting it into circulation.

7
6

Smart meters in UK homes will only save folks a lousy £26 a year

the spectacularly refined chap
Bronze badge

Well, the non-smart meters last 20, 30 years or more.

They have to be replaced after 30 years - the leccy board came round my house earlier this year to replace ours telling us it was a mandatory legal requirement. With another old-style meter that will no doubt be replaced again in the next five years. So much for thinking ahead.

4
1

Rack-mount 24TB RAID 5 disk array for $5,000. Let's just check the label here. Uh, it's TiVo

the spectacularly refined chap
Bronze badge

Re: What a waste of money

TV tuners are useless for cable TV

That cuts both ways - the Tivi has to have compatible tuners as well. However I think you're out of date. The last couple of DVB-T (Freeview) TVs I've had have also supported DVB-C (cable) out of the box, albeit needing a CAM module for the scrambled channels. They're probably technically capable of DVB-S as well but that isn't enabled on British sets where Sky refuse to allow you to use anything other than their Sky box.

0
0
the spectacularly refined chap
Bronze badge

Re: needs more tuners

Might be nice if you a, er, "community based facility."

Let's calculate, $120/month foxtel x 5 users x 12 months and its more than paid for itself in one year. You'd need to add some fibre links and switches of course.

In which case the price is an irrelevance - you could probably buy ten of these before you've matched the cost of copyright licensing, yes, even for a non-profit. This is a high end unit but it's still firmly a domestic unit. Six tuners ought to be more than enough in that context, complaining it is insufficient is like those 8 year olds looking at the latest Ferrari or whatever and dismissing it "Oh, it's only 600 horses, that's not enough".

Think about it in a domestic setting - say four people. Each of them can watch what they like live. They can also record something whenever they like. Two of them can be watching something live and recording two something elses. They all have to be watching or recording different things before they hit that limit yet alone exceed it. Just how often is that going to happen?

The spec has to be put somewhere. They've clearly though about this and put it somewhere that it is simply not an issue for the intended user.

4
0

OpenSSL promises devs advance notice of future bugs, slaps if they blab

the spectacularly refined chap
Bronze badge

Just hope it doesn't end up as lowest common denomiantor

I suspect most of the main Linux distros will apply any simple fixes - small patches that don't require e.g. any new APIs - within a 24-48 hour time span. Ditto the principal BSD forks - Free, Net, and Open. On the other hand I can see minority or niche Linux distros and the minor BSD sub-forks taking weeks or months to get around to pushing out a fix. I suspect it will be quite similar for many commercial platforms who will simply roll it into the monthly patches.

Co-ordinated roll out has its merits but not at any cost. Even if a fix is applied to the software I am using before the end of the embargo I'd be reluctant to apply it without at least some indication of what it addresses. It's difficult to evaluate its necessity or desirability without at least some background.

2
0

Moto 360 wristputer batt boob, elderly internals revealed in teardown

the spectacularly refined chap
Bronze badge

Re: Is it just me?

Slap-dash PCB production much?

No, it's par for the course with SMD production - components can move around a little during soldering since they are briefly floating on liquid metal. The extent to which it is noticeable depends on the component and the geometry of both the pin and the pad. It's a feature of SMD manufacture generally, it just gets more noticeable when magnified several times.

9
0

Mouse-slinger Logitech: Gloves are off, number probe over

the spectacularly refined chap
Bronze badge

if I was an investor I would worry more about the quite obvious drop in quality of Logitech products the last few years

You have to be fair though - they've moved downmarket. 18 months ago I finally had to replace my old Logitech Mouseman bought in January 96 and used continuously since then. That cost just under £40 at the time - if it had kept track with inflation that'd be at least £70 now, which by modern standards is a hell of a lot of money for a basic mouse, albeit one of very good quality. The cheapest Logitech mouse back then would have been the Pilot which went for around £25 if memory serves. Now you can get a perfectly serviceable Logitech mouse for under a fiver. Sure it doesn't feel as solid as the mice of old, but on the other hand it isn't some flimsy thing that will fall apart in twelve months either.

My point is that they've had to move with the market. Back when I bought that mouse the average cost of a new desktop PC was around £1000 so you can justify £50-80 on top quality input devices as part of that expenditure. These days it seems the average PC is around £400 - even neglecting inflation that doesn't allow the same sort of budget for your keyboard and mouse so no, you don't get that sort of top-quality design and manufacture.

1
0

'I think photographers get TOO MUCH copyright for their work'

the spectacularly refined chap
Bronze badge

Re: I'm already in range

Can you point me to any evidence that patents/copyright promotes invention/artistic achievement rather than stifling it.

Are you willing to invest £2 billion in the development of the next wonder drug when you won't get anything in return for that expenditure? Or $200 million on next summer's blockbuster film with no hope of ever even recouping that? Of course not: the various forms of IP protection make those kind of ventures viable. Even at the smaller scale end of things copyright is vital: it's even critical for open source to work.

I'm a commercial programmer (in part at least) and my livelihood depends of the results of my labours having commercial value. If they don't ultimately I don't get paid. I also have a smallish open source project I developed a few years back - perhaps 150K source code but still at least a thousand hours work. That's BSD licensed so it can be widely copied, put into commercial products etc and of course I don't get any money from it.

Copyright is still key - it is ultimately copyright that prevents my author attribution being removed, which is my real payback for the time I invested. That copyright notice bearing my name has real value when seeking new employment - it is an example of my work that is easy to cite to a prospective employer, and indeed has itself led to a couple of approaches regarding job opportunities. I don't get that without the protection copyright gives me.

Yes, you can argue about the details such as whether terms are too long and so on, but to seriously argue that the ability to profit from your work does not encourage that work to be done is economically incoherent.

13
0

Alienware injects EVEN MORE ALIEN into redesigned Area-51 gaming PC

the spectacularly refined chap
Bronze badge

Re: Slanted hard disk bays???

It would seem that Alienware is sacrificing durability in exchange for prettiness.

That isn't unusual at all - it's been going on for years. Consider two examples that are endemic in the gaming market - clear side windows and polished chrome heatsinks. Perspex is not effective EMI/RFI screening and it's impossible to imagine a worse finish for something whose whole point is to radiate heat.

0
0

Linux turns 23 and Linus Torvalds celebrates as only he can

the spectacularly refined chap
Bronze badge

Re: 23 Years

It's getting pretty hard to find a home without a Linux device _somewhere_. If not your phone, it's your router or access point, if not there it's your TV (even my old Pioneer plasma TV runs Linux). Hell, even many Windows based laptops has a quickboot that runs Linux... Not that I ever used mine, and they are probably disappearing now that SSDs made any OS boot quickly.

There's certainly some truth in that but it's also true that Linux isn't as frequently used as is often made out. I know at a previous employer we'd get occasional demands from customers along the lines "I see you're using Linux in your firmware so I want the source code." Those turned into tremendous times sinks since the response was simply a) you're not getting any code and b) you are wrong in any event because it isn't running Linux.

They'd then inevitably come back with the "evidence" which was usually along the lines that they'd found a Unix filesystem and a pared down set of files on it - in some cases simply the presence of /dev and /etc/init was all that the claim it ran Linux was based on. Most of our fully hosted stuff was NetBSD although some older products were Mach based. Neither gives source rights but for most of our appliance-style products we weren't really predisposed to talk about the internals of our firmware or what they were based on. We were far from alone - I looked at an old console server a few months back to see if it could be hacked for SSH and IPv6 support. That had a Unix filesystem on it too but a proper investigation showed it to be QNX based.

My point is that if even legal demands are being made on such sketchy and easily dismissed reasoning then more casual studies and/or assertions that "so and so is Linux based" are even less likely to be reliable.

5
1

Cracking copyright law: How a simian selfie stunt could make a monkey out of Wikipedia

the spectacularly refined chap
Bronze badge

Re: Recent news on Page 2

So the rules have been set based on things that are easier to measure. Which ape pressed the button? Them's the rules.

Cite me this mystical rule.

If you had bothered to read the article you are commenting on you would have seen references to established case law showing that your interpretation is wrong.

Once again another Reg commentard who is completely unable to distinguish between what he wants to be the case and what really is the case.

1
0

Yes, but what are your plans if a DRAGON attacks?

the spectacularly refined chap
Bronze badge

And, to be fair, the asteroid one (meteorite) possibly wasn't the most stupid question...

There's a difference between asking about legitimate contingency planning, the public interest of where taxpayers' money is being spent (i.e. the exorcisms etc) and the plain ridiculous. The problem is that they always get lumped together into one "crazy" category regardless of whether the individual questions belong there or not.

As for the asteroids, I see a direct correlation with a question I asked informally at a BBC local radio open day a few years back. I asked if the station and transmitter were EMP hardened against nuclear strike. It always used to be a cornerstone of civil defence planning during the cold war, but the response I got was simply a look of utter bewilderment, "as if that's going to happen".

2
0

Top Gun display for your CAR: Heads-up fighter pilot tech

the spectacularly refined chap
Bronze badge

Re: Why?

My Mini Cooper S has neither the 12volt adaptor mentioned in the article nor any visible connection to the car's electronics.

It's under the dash in the driver's footwell. Any new car sold in Europe for the last ten years is required to have one.

1
0

Five Totally Believable Things Car Makers Must Do To Thwart Hackers

the spectacularly refined chap
Bronze badge

Re: God luck hacking my wagon...

Bravery has nothing to do with it: It's instant revenge if some idiot is dumb enough to crash into it - they'll ALWAYS come off worse ;-)

Yup. Thin aluminium bodywork is renowned for its structural strength. Coupled with the high CofG, soft suspension and general propensity to roll over I'd feel safer in a Reliant Robin - that has the same basic characteristics but at least it is light enough that a passing pedestrian can upright the ruins and get you out.

7
2

Digital dongle transforms European XBOXen into tellies

the spectacularly refined chap
Bronze badge

Awwww - did you miss this bit? 'It will also be possible to split your screen so that a big window will be devoted to games and a small one to television programs.'

No-one missed that bit. You apparently missed basic comprehension at school though. He did state that he was referring to the TV's built in Freeview decoder. Just like the poster before him he wasn't talking directly about this device.

0
0

Ad biz now has one less excuse to sponsor freetards and filth

the spectacularly refined chap
Bronze badge

Re: (Potentially) Interesting Morals

Try reading the article and engaging your brain cell. They're working with the advertisers and brokers, not short-changing them. If the ads in question were simply being substituted the whole exercise would be pointless since the illegal sites would still get their advertising money. This is cutting off their revenue stream and replacing the ad with one they won't get paid for. The advertisers need to be fully on board to pull their ad from "disreputable" sites - hence the point at the end about what the gambling sites are willing to advertise on.

5
3

Hey, big spender. Are you as secure as a whitebox vendor?

the spectacularly refined chap
Bronze badge

Re: random opinions

There are a handful of SuperMicro boards with integrated IPMI that share the first NIC port. I had to throw ours behind some transparent mode firewalls to block their IPMI special sharing.

Sounds like you aren't using the capabilities supplied. Where there isn't a dedicated port the option is present to place the BMC on a separate VLAN for segregation purposes. That's expected to the point that VLAN selection is usually in the initial set up as opposed to buried away somewhere.

0
0
the spectacularly refined chap
Bronze badge

Re: random opinions

What we have done on our remote sites is to put all the BMCs regardless of make on a dedicated network that can only be accessed from a jump-host that has a second internet-facing NIC.

That's common sense for most of these kind of devices - at work they're on the same subnet as the switches and console servers, no external routing to the internet and only selective access even from within. Other devices such as WAPs and printers are better on the subnet where they belong logically, so we always block all external connectivity to the uppermost addresses of each subnet at the router to provide room for them. In short if things don't need the Internet they don't get it - as you point out you can always take a stepping stone approach from a properly secured system if you must get in remotely for maintenance.

3
0

BOFH: The Great Backup BACKDOWN

the spectacularly refined chap
Bronze badge

Re: Welcome to Urfscked. Population: you

5TB for 700 people? wtf?

Some businesses are really tight with the wrong budgets obviously.

No, it's probably sizing storage to meet needs. How many business letters fit in 5TB? How many records in a typical blob-free database? Remember that child benefit data loss a few years back - the entire database that's the core business of 3,000 people fitted on a couple of CD-ROMs.

That's par for the course these days - simple business records take next to no space by modern standards. It's media, video especially, that's driving storage growth now and the typical business has no need for a few thousand movies on their network.

1
0

What's that? A PHP SPECIFICATION? Surely you're joking, Facebook

the spectacularly refined chap
Bronze badge

Re: PHP is like democracy

So people live with PHP because despite it's quirks and inconsistencies it is fundamentally a relatively sane OO language with syntax which is familiar to anyone with a background in a c-like language.

PHP may have support for objects but it's a long way from being object oriented. The standard library would have to actually make use of those facilities for a start. As it is it seems a lot of my code begins by placing OO wrappers around the standard library to compensate for that not having been done in the first place.

2
3
the spectacularly refined chap
Bronze badge

Re: Specless master of the web

I doubt it'll make any difference. My observation of the evolution of PHP is that's it's driven by a bunch of ego-driven prima donnas and I can't see a spec devised by somebody else ever being to their satisfaction. Like you I've had the joys of re-working previously reliable code for the sake of point one version bump, and being admonished in the error log for neglecting to use a feature that didn't even exist twelve months previously.

PHP could be a great language, if it wasn't for the people making it up as they go along.

12
1

Call off the firing squad: HP grants stay of execution to OpenVMS

the spectacularly refined chap
Bronze badge

Re: hmm

Their POSIX compliance was actually fairly good: the problems arise when people don't bother to read the standard - it's a fairly bare bones standard that omits many things you'd take for granted. These days it seems many projects have simply ditched cross-platform awareness without even realising it - there's an awful lot of absolute shit out there that works on Linux but may have difficulties elsewhere. Blind assumptions such as the compiler is called "gcc", make is gmake, or that curses is ncurses come to mind when you are not even using the specifics of those tools.

3
0

14 antivirus apps found to have security problems

the spectacularly refined chap
Bronze badge

Re: Point of Issue

C/C++ for having some inherently dangerous constructs and doing very little to discourage their use "for legacy reasons"

I can do dangerous things with a knife or chainsaw - that doesn't make them bad or dangerous when used in a responsible manner.

This reports reads to me more as advocacy of certain approaches rather than anything substantial and completely ignores some key parameters. A/V is low level software and needs low level control - you are not going to write an A/V in VB after all. The second point conveniently ignored is the size of the runtime system. For C it's pretty minimal and interactions with the OS occur at defined points in the execution - easy to analyze, relatively easy to defend. With higher level languages you never really know - when anything at all could trigger e.g. IPC or a memory allocation.

That's without even considering external library issues: I see the inclusion of large external libraries has already indirectly been advocated below with the crap UI point - creating a fancy UI with e.g bare win32 API calls is a lot of work. The lack of those support libs is key to being able to validate code - for example any MFC based app leaks memory, as does any.NET app - it is unavoidable because the support libraries themselves do. If they can't even get that right who knows what security issues are lurking in them?

A keep it lean, keep it mean approach is the best approach and that is what really limits the exposure surface of the app, not following the whims of someone who has never written security software and has fallen for the marketing bullshit of the latest buzzword technologies.

2
0

Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro

the spectacularly refined chap
Bronze badge

Re: What child needs a macbook pro?

Square root of 254715884574445885.57415854 * 156941 / 3.2554455

No machines allowed., after all, your schooling taught you to do this didn't it?

Actually, yes, unless "machine" is all encompassing enough to include a pencil or even a stick writing in the ground. It isn't even difficult - long multiplication, long division, a simple decimal search for the root - none of that is difficult. It might take a little time but it's an unrealistic problem - how many real world problems run to 26 significant digits? Working to five figures would be less than 10 minutes work for 99.999% accuracy.

0
1

Thirteen Astonishing True Facts You Never Knew About SCREWS

the spectacularly refined chap
Bronze badge

Re: No. 2

You'd expect a set screw to have a machined end to the thread and usually a blind head (i.e. a grub screw). It would also not be used with a nut. You could have said machine screw and I wouldn't have disagreed with you - the distinction that one particular style of head makes it a bolt rather than a screw always seemed very artificial to me.

7
0

4K video on terrestrial TV? Not if the WRC shares frequencies to mobiles

the spectacularly refined chap
Bronze badge

Re: I'm curious...

what's wrong with an el cheapo set top box and a similarly priced Panel...rather than TV?

Nothings wrong with it per se but it isn't really appropriate in a lot of situations. It isn't just a panel ans set top box but potentially a panel, STB, amp, speakers and multiple remotes. If you're a home cinema buff and this is the main set then fine. A lot of people want a single device they can shove in the corner or on the wall, that has one remote and that you can turn off and on in one place. That's especially true for secondary sets such as those in bedrooms.

There's frequently a tendency to suggest a panel and STB as if in some way it magically future-proofs you but it brings its own issues and in many contexts it's a pig ugly solution over a simple understanding that yes you might need to replace the set in ten years if the government screw you over.

1
0

Stick a 4K in them: Super high-res TVs are DONE

the spectacularly refined chap
Bronze badge

Re: aware of the benefits of 4K

If one pixel has 256 levels of intensity (8 bits), and you have a cluster of 4 pixels that you can control individually, doesn't that only gives you 1024 levels of intensity (= 10 bits)?

10 bits per channel. Multiply by three for red, green and blue channels.

0
0

MARS NEEDS OCEANS to support life - and so do exoplanets

the spectacularly refined chap
Bronze badge

Re: Bleeding obvious ?

Venus is in our Goldilocks zone too. So that's only a 33% hit rate in our Solar System.

Over geological time it isn't - if it formed in a similar manner to the Earth it certainly had water at one point but has lost it: it's close enough to the Sun that water vapour could boil off and completely escape the atmosphere, unlike Earth where it is firmly trapped. Venus is dry as bone as a consequence, and it is that that has caused such an extreme climate - no water means no rain to wash CO₂ out of the atmosphere, which shuts down the long term carbon cycle resulting in a dense CO₂ atmosphere and generally unpleasant climate.

0
0

Will the next US-EU trade pact prevent Brussels acting against US tech giants?

the spectacularly refined chap
Bronze badge

Re: Formerly, your gov. sucked - you moved to the US. Today, there is no recourse.

AFAIK things work just fine, apart from the potentially annoying requirement of multinationals to actually follow the laws as they exist locally.

But they don't always. Consider one of the most basic examples - nationalisation of corporate assets without compensation. If you think this can't happen just look as far as Zimbabwe and Venezuela. Tin pot governments to be sure, but is it just that a national government can simply swipe the assets of a foreign investor who has invested in good faith and has developed the economy of that country? Legal safeguards on the powers of governments are nothing new (take the ECHR for example) and provide greater certainty and protections against the whims of a corrupt or overly populist government.

If you accept that then yes, it becomes an issue of extent. I personally wouldn't trust whatever the US is proposing as far as I could throw it - the political system has been dominated by corporate shills for far too long. The EU does have a better track record of balancing this kind of issues where the interests of governments, corporations and individuals conflict. Personally I'm willing to wait and see what is actually proposed as opposed to a knee jerk "the government can do what it wants, no matter how corrupt or how desperately it is attempting to hold on to power".

2
0

Don't put that duffel bag full of cash in the hotel room safe

the spectacularly refined chap
Bronze badge

Rather like our planes are safe from the hijack danger of the metal cutlery that 1st class passengers are given onboard. This is because Al Qaeda HR policy is that people have to fly economy, on pain of a disciplinary interview...

Nope, plastic cutlery even in first. It was one of the things people commented on when Concorde scheduled services resumed following its crash - 9/11 happened while it was out. It had been solid silver stuff prior to that.

0
0

Redmond may buy security company it says is wrong about AD flaw

the spectacularly refined chap
Bronze badge

Re: Well-understood limitation of Microsoft Kerberos?

That would be Microsoft Kerberos, the one that's incompatible with MIT Kerberos.

Fair's fair... that isn't really true. There's a difference between vendor-specific extensions and breaking compatibility. We have Windows machines authenticating against MIT Kerberos and indeed vice versa. Windows does need a little fettling since it regards that as an inter-realm relationship (because of the lack of those extensions) but they will interoperate. It's pretty much essential if you want Windows and Unix systems to interoperate in anything like a seamless manner with common user accounts on each.

2
0
the spectacularly refined chap
Bronze badge

Re: Um

It's more of a feature - essentially it is a negotiation "I can't do Kerberos", "OK, use this instead", where the alternative is known not to be bullet proof. As another poster has already commented you're given choices about the default security level as pat of the installation and it is explained that the backwards-compatible alternative is less secure. Really the only substance I can see is the lack of proper logging.

1
0

July 14, 2015. Tuesday. No more support for Windows Server 2003. Good luck

the spectacularly refined chap
Bronze badge

The reason is that they bought a server and software when server 2003 was the windows Server OS of choice. They bought that hardware and OS because the software they had just bought needed the latest version of the OS to run. 10 years on and the software hasn't changed so neither have the hardware or OS requirements.

There's no technical reason I can think of for wanting server 2003 over 2012 providing the hardware is up to the job of running the new OS.

Neither assertion is really true. Most of our servers are Unix based but we have precisely two 2003 VMs running those odd jobs that absolutely must run on Windows. 2003 was chosen for a reason - it seems that the WGA stuff in 2008 onwards has a tendency to false positives on Xen. The documented way around that is a licensing server which means special agreements and basically a lot of infrastructure to support only two VMs.

As for "no technical reason I can think of" I pity your lack of imagination. One that immediately comes to mind is that it is 64 bit only so if you still have any legacy 16 bit code you are plain out of luck. That isn't as easily dismissed as you might imagine outside the mainstream - for example we have a few pieces of test equipment that are still dependent on 16 bit control apps. It's a difficult business case arguing that £30,000+ of plant needs to be replaced halfway through its natural operating life simply because of a change in Microsoft's supported platforms.

7
0

Qualcomm fires DMCA shotgun at alleged code thieves on GitHub – including itself

the spectacularly refined chap
Bronze badge

These are getting too much

This is hardly the first time perfectly legitimate content has had false claims made against it. Assuming that many of these files are indeed completely innocent and there has simply been some dumb or careless pattern match there needs to be some comeback on spurious requests such as these.

I know the DMCA is loaded in favour of the supposed rights holder but there should be some method of seeking true redress over and above getting the files restored in three weeks or so. Slander? Business disruption or loss of income? IANAL but perhaps someone more familiar with the law can point out possible avenues to pursue so these trolls get their comeuppance.

6
0

Oh SNAP! Old-school '80s Unix hack to smack OSX, iOS, Red Hat?

the spectacularly refined chap
Bronze badge

Re: -- anyone?

most UNIX systems do not support --, but on linux (and most probably, BSD) this should do the trick.

That goes back a long way - it probably predates Linux. It's guideline 10 of the utility syntax guidelines (POSIX.1 section 12.2, at least in the 2008 revision which is what immediately comes to hand here). Can't say definitively whether that term was included but I recognise the precise wording of many of those terms as far back as the SCO OpenServer docs, circa 1994 or so.

3
0
the spectacularly refined chap
Bronze badge

Re: which is why...

Indeed. I've gone right through this "paper" and there is nothing new. It's enough to make you smile in places.

1) It isn't that "even many security-related people" are not well aware of these kinds of issue and how to guard against them. The problem is noobs presenting themselves as self-styled security gurus. I've been using Unix systems as my primary OS since the early 90s and this was well documented then. It was well known enough that some even advocated using it to your advantage - placing a file "-i" in key directories such as root as a protection against fat finger syndrome. In this case this lack of real experience and expertise on the part of the author is further evidenced by the next point.

2) A lot of these examples are in reality duff. At several points in the paper assertions are made along the lines of "command accepts a particular --long-option" without any further clarification, to which my immediate response was "No it doesn't". The author confuses GNU extensions with POSIX options or other options widely supported outside a GNU userland. The POSIX standard committee do scrutinise the semantics of tools with a view to vulnerabilities such as these.

If you use a system that extends those tools in a way that could potentially be "exploited" then that is a flaw in the particular revised version. It doesn't affect other implementations and so can't be extended to all variants. I'm not going to get involved in a debate as to whether those extensions are useful or desirable, but the fact that the author is unable to distinguish between the two itself speaks volumes.

What's the follow up? Let me guess: Brand new discovery! Re-setting $IFS can expose vulnerabilities in poorly written scripts! No-one has ever noticed this before!

14
0

Cambridge Assessment exams CHAOS: Computing students' work may be BINNED

the spectacularly refined chap
Bronze badge

Of course, because closed book memory tests are sooooo representative of useful skills in the real world. In practice these work strongly in favour of people with good memories for arcane detail who can write quickly. Those two skills are fairly unimportant in my business.

Yes, they are. Computing is not a purely interpretive sector but has substantial creative aspect - deciding exactly how something is supposed to work or indeed what it is supposed to do at a level of detail beyond the headline "make an X..." Those aren't things that lend themselves to being looked up, or at least if they are you need to know that there is something to look up in the first place.

Far too many times I've seen new programmers a year or so out of Uni make the most basic errors. Like spending an entire afternoon writing a 100 line block of code that (if you eventually got it working) exactly replicates a standard library function. Or the one with a first class degree from one of the better red bricks who had somehow missed layer 2 switching and was expecting to get meaningful data from packet sniffing.

In both cases you could have avoided the issue in the first place by passing them an appropriate document or link at the outset and telling them "read that first". However, that didn't happen and they didn't go and find those references themselves: they didn't know enough to know that there was something they didn't know, and therefore they didn't know that there was something to look up. "Everything is on the Internet" is an excuse, not a justification for lack of study.

Of course, there are always going to be details that you have to look up - the field is far too big to be able to carry around everything in your head. However there has to be a solid core of actual knowledge rather than Googling skills to put everything into context, suggest an initial approach to a given problem, and to spot any potential pitfalls along the way. GCSE level is pretty basic stuff, pretty much all of it is going to go into that foundational core. I've little problem with formula books or command summaries, but the idea they can bring in any explanatory material they like or look anything up on the Internet is doing them a massive disservice in the long run.

3
0

USB charger is prime suspect in death of Australian woman

the spectacularly refined chap
Bronze badge

Re: More official advice completely divorced from reality

Be prepared to be amazed…. then understand that it only takes a single capacitor or resistor to be out of spec for the available current to rise, or in the case of some really SHITTY usb chargers for the way you plug the charger into the wall adaptor to be reversed!!!!!

You accuse me of ignorance but it is you that has missed the point there. Redo the same experiment only with an analog meter in place of the DMM. You'll read nothing: class II appliances operate from a floating supply - no connection between the low voltage side and earth or indeed any other mains terminal. The voltage is therefore indeterminate and can easily drift to a silly value under even static or chemical influences. There's no current maintaining that voltage though, so it can easily be shifted back again. In the case of the DMM the input impedance is a fair approximation of infinite so you read the silly value. An analog meter has much lower but still fairly high impedance (tens of K) - even that loose tying of the supplies together is enough to shift the voltage back to equilibrium.

This is a safety feature, not a hazard: it ensures that any single part of the low voltage side can be accidentally connected to any voltage without a short occurring. The appliance potentially becomes live but it isn't going to catch fire or anything like that.

4
0
the spectacularly refined chap
Bronze badge

More official advice completely divorced from reality

That last bit of advice is a bit hard to swallow: your correspondent, as do millions of others every day, works on a laptop with a mains connection.

Too true. Does any government official ever consider whether people's bullshit detectors will fire when spouting crap like that? The issue here is dangerous chargers, not using devices while connected. Logically there is no real difference between using a mains-powered device while it is attached to the mains and using a portable device while attached to the mains. If anything the later is probably safer.

But no, admitting that you can't enforce the law properly and keep unsafe kit off the market wouldn't look well, so you get crap like that instead. Keep it simple and aligned with reality - i.e. "Buy from reputable sources, make sure the device has these markings" - and you stand a chance of people paying attention. Load it with bull and the end result is the entire message gets disregarded.

15
0

US Supremes just blew Aereo out of the water

the spectacularly refined chap
Bronze badge

Re: Sad? probably. Surprising? no.

Of course they matter.

This is a discussion forum attached to a news site.

If people didn't post what they "think" it wouldn't be here.

That's fine when it is restricted to matters of opinion. I've no problem at all with people stating "I think this went the wrong way" or "I predict unintended consequences" but it becomes problematic when opinion and fact are confused, for example as the OP stated "I would agree that they were violating copyright". Really, it doesn't matter one jot what you think: if your thoughts are not in alignment with those of the courts then it is you that is in error: that is what has been determined here. If there is an established, incontrovertible fact then that is not open to debate or opinion simply because you find it unpalatable.

3
2
the spectacularly refined chap
Bronze badge

Re: Sad? probably. Surprising? no.

IF Aereo were rebroadcasting "closed" content such as ESPN or other cable/satellite-only content, then I would agree that they were violating copyright.

You don't seem to understand - they ARE violating copyright simply because the supremes have decided that they are, and that court is the definitive arbiter of whether they are or are not. That's a simple matter of fact - if you choose not to agree with that simple truth you are a fool.

I've no strong views on this and couldn't care less either way, but I really don't see how you can place your own uniformed, amateurish interpretations of legislation above what is now established case law. The people qualified to judge have done so. Get over it.

7
18

AMD details aggressive power-efficiency goal: 25X boost by 2020

the spectacularly refined chap
Bronze badge

Re: Maybe answering the wrong question

crappily written software typically using hideous O(n >> 1) algorithms

Go away and learn what that actually means, it's clear that you don't. When you know what you are talking about you may be worth paying some attention to. Depending on the exact intent of (n >> 1) (much larger or left shift) you end up with either constant or linear time behaviour. Both are generally considered "fast", and well under even the theoretical minimum complexity of many tasks.

1
0

Apple SOLDERS memory into new 'budget' iMac

the spectacularly refined chap
Bronze badge

Interesting - this used to happen quite a bit and the solution was to look at the circuit and piggy back some more RAM on top of the existing RAM chips with a couple of trace cuts and added wires. Done it myself several times with both discrete and SMT components.

You can forget it these days. Physical access to the connections is not an issue - what memory doesn't use TSSOP packages after all - rather it's the sheer speed of modern memory. Signals are now firmly into transmission line territory, timing is critical and you need to avoid any impedance humps along the way. Even back in the PC100 days this kind of manual hacking would be enough to push things out of spec although there was usually enough slack to accommodate anything that was not grossly wrong, but with the latest revisions of DDR3 etc you can dismiss any idea of attempting this straight away.

Look at the kind of things high speed board designers factor into consideration as a matter of course - track lengths and widths, characteristic impedances, thickness of the substrate and even the precise grade of fibreglass used for that substrate - they are not doing that kind of analysis to pass the time. What chance do you have of even approximating the same results with a manually hacked board with patch wires routed completely at random?

9
0

We'll PROBE Pluto's MOON CRACKS for mystery ocean – NASA

the spectacularly refined chap
Bronze badge

Re: "the one-time planet (now characterised as an a "dwarf planet")"

While we are getting all bothered about classification, can we please stop calling Charon a moon? The barycenter is outside Pluto, so Charon isn't Pluto's moon. They are a binary system.

That isn't a requirement to be a moon - there is no formal definition of a moon. However, the fact remains that Charon has been officially designated as a moon of Pluto. The barycentric argument doesn't really stack up when you think about it - logically that would mean that Jupiter is not a planet since the Sun-Jupiter barycenter is outside the Sun.

0
0
the spectacularly refined chap
Bronze badge

Re: "the one-time planet (now characterised as an a "dwarf planet")"

A Dwarf Planet is still a Planet...

The IAU disagree with you, and it is they that defined both terms.

0
0

BOFH: On the contrary, we LOVE rebranding here at the IT dept

the spectacularly refined chap
Bronze badge

Re: Signs on the reserved parking spaces:

Business Unit Timesheet Operations Controller (I really instigated that one)

In one public sector place I worked at what would normally be called "fire wardens" were in fact Deputy Incident Control Officers. They were referred to as DICO's even in the official procedure manual, and the uniform donned whenever the alarms went off was a yellow hi-vis waistcoat with DICO on the back...

0
0

Microsoft promises no snooping in new fine print for web services

the spectacularly refined chap
Bronze badge

Bullshit

To a first approximation, any contract entered into by a minor is invalid, so the small print is moot - if the contract is invalid so are the terms mandating that a legal guardian must sign on the minor's behalf. It's Microsoft's job to ensure that the second party is legally able to assent, not the other way around.

That's without even considering the legal black hole those terms create: if I don't know if I am still a minor but on finding out that no, I am not, I must still find my legal guardian that I don't actually have.

The more I read these boilerplate contracts the more I am convinced that illegal terms should invalidate the entire contract as opposed to the specific section: i.e. "that clause is unenforceable so you don't have a contract", not "you tried to breach their rights that way but you can't, we'll still allow you to rip them off this other way".

If that was the default position we might start seeing some more reasonable terms in these contracts that everybody reads before clicking through.

8
1

Page: