* Posts by the spectacularly refined chap

644 posts • joined 27 Dec 2008

Page:

When asked 'What's a .CNT file?' there's a polite way to answer

the spectacularly refined chap
Silver badge

Re: Christ

Right-click - New - Shortcut - IEXPLORE.EXE - Next - Finish

"You're welcome. Have a nice day."

You really do work in technical support, don't you? Because clearly it wouldn't have fixed the problem: we already know the executable is missing. But you don't give a shit about that, fob the customer off with any old shit to get them off the line as fast as possible.

19
2

FTDI boss hits out at 'Chinese criminal gang' pumping knock-off chips

the spectacularly refined chap
Silver badge

It isn't garbage: the bricking scheme has well-defined semantics (a no-op) on the device that the chip claims to be. You can argue about the legitimacy, motivation and intent till the cows come home, but it is carefully crafted rather than random nonsense.

3
1

This is why copy'n'paste should be banned from developers' IDEs

the spectacularly refined chap
Silver badge

Re: Shorter true and true that returns false

The OS sees the file is not empty, so clearly it has to do something, but has no idea what it is. As the OS cannot execute AT&T's true, it returns failure!

It knew exactly what to do - early Unix would always pass an executable in an unrecognised format to the shell for interpretation so it was a well-defined semantic. Problems only arose when csh was introduced and that was covered by a magic value: if the first byte matched (may have been % but don't hold me to that - it's along time ago) it went to csh, otherwise sh. #! is a surprisingly late addition to Unix. ISTR It first appeared perhaps 1988 or 89 but it wasn't universal until the mid nineties.

1
0
the spectacularly refined chap
Silver badge

Re: Size doesn't matter

No, it would be:

main(){}

No need for an explicit successful return, it's implied. It's also (theoretically) more portable if you ever encounter some system where success is indicated by something other than 0.

2
1

Are Indians too stupid to be trusted with free Internet?

the spectacularly refined chap
Silver badge

Careful with the allegations of imperialist attitudes

Now, even if you find Facebook the company a self-serving, sanctimonious and creepy organisation – as I do – the decision is troubling, as it suggests that colonial thinking is alive and well, particularly amongst the Whole Earth-shopping chattering classes.

The campaign against free internet implies that the poor are too stupid to be allowed a choice, and must be saved from making that choice.

India is the world's largest democracy. They can cope with a few lobbyists and come to their own decisions. It is the assumption that those former colonials are somehow unable to sort through the arguments and come to their own decision that shows contempt to the people and government of India. If the allegation that the ban removes the decision from India's hands then why do they protest so loudly when India makes that decision for itself. The US foreign policy version of democracy ("Do whatever you like provided we agree with you") is a sham, not people coming to their own decisions about issues that affect heir own communities. No, they have looked at the issue and made a decision. That is their right and their right alone.

I can't even say I disagree with them, although I don't have strong feelings either way. Some of the technical restrictions are arbitrary at best - for example a blanket cap on the size of images regardless of whether it is a small icon or a company logo on one hand or a photo of a painting for arts education or a highly complex technical illustration on the other. Far from allowing Indians to trade with each other, the restrictions on encryption and requiring content to be cacheable effectively make that impossible. Oh, you'll be able to get around that, just give give Facebook their 15%. No you don't have any choice in that, because you can't afford to forget those 300 million users on the platform in your home market. Nor can they switch to an alternative platform, since those are now premium services and the cost of them has risen out of reach.

Take off the rose tinted spectacles and it is not a no brainer, as Orlowski admits this is not being done out of altruism. It shows nothing but those very imperialist attitudes if you believe that India is somehow unable to weigh the pros and cons and come to an informed decision.

17
2

Chip company FTDI accused of bricking counterfeits again

the spectacularly refined chap
Silver badge

Re: "That's not recommended for performance-intensive drivers"

Its RS-232, I'd hardly call 192 kbps 'high-performance'.

Bandwidth != performance. The other half of the measure is latency and RS-232 wins hands down.

1
0

'Unikernels will send us back to the DOS era' – DTrace guru Bryan Cantrill speaks out

the spectacularly refined chap
Silver badge

Re: Hard and fast

Oh, did you want your single-purpose unikernel app to write to your production database?

Where is your hypervisor now?

Precisely where it should be: staying out of the way.

If you build access control into your clients come back when you have something meaningful to all.

The more software you have involved the greater the vulnerable surface. How many 0 days are in your operating system? How many affect you if there is no OS?

1
3
the spectacularly refined chap
Silver badge

Re: Hard and fast

So you go from the real-OS situation where it takes a flaw in something like a device driver, to a DOS world where it takes a flaw LITERALLY ANYWHERE. I take it you're one of those "what good are static types? I'm clever!" guys.

No, it has to be a flaw in the app that breaks through the built-in protection provided by the hypervisor. That needs to target some vulnerability in the hypervisor... so no different to running on a conventional OS then.

Only of course if your app runs on a bare hypervisor rather than a conventional hypervisor/OS/app stack you only have a single layer of vulnerability rather than two. You also have only a single e.g. layer of memory management running rather than two, and that running mostly in silicon rather than needing another emulated software support on top - yes, even with the assistance of hardware virtualisation.

No, it's not for everyone but for a VM that is only running a single app I can't see the issue.

1
3

Blighty's Parliament prescribed tablets to cope with future votes

the spectacularly refined chap
Silver badge

Re: Secret

Given that everything is recorded in Hansard, I don't think secrecy is an issue

Not everything, any MP can put forward a motion to hold the session in camera at any time and if passed then proceedings are indeed secret. It isn't even a rarely used power, although it tends to be for obstruction the main business of the day than because of any sensitivity about what is being debated.

4
1

Learn you Func Prog on five minute quick!

the spectacularly refined chap
Silver badge

Rule 3: Functions should be curried.

Rationale: This makes it easier to reason about the code.

I've never seen that used as a justification, curried and tuple forms are essentially equivalent in terms of analysis, indeed it's easy enough to convert between them. Rather curried functions are one of the bits of scaffolding at the heart of true functional programming, i.e. functions as first class objects. Partial application of curried functions is one of the key methods of advancing code re-use by making a general function specific in a given context.

e.g. to add four to each of a list of numbers on SML:

fun curry f a b = f(a,b)

val input = [3, 6, 9, 12, 15]

val input_plus_4 = map (curry (op +) 4) input;

For the uninitiated:

"op +" converts the built in + operator into tuple form, i.e. a + b becomes +(a,b).

curry (op +) uses the curry function we supply to convert that into curried form: + a b.

(curry (op +) 4) creates a function which supplies an implied first parameter: + 4 b.

map (curry (op +) 4) supplies that new function as a parameter to the map function, which returns a function which applies it to each item in a list.

map (curry (op +) 4) input then applies that final function to the input and returns a new list.

I wouldn't have said that's any easier to analyse, but it certainly allows for complex ideas to be expressed quickly and succinctly.

6
1

Intel aims for PC-style position in drones, robots and wearables

the spectacularly refined chap
Silver badge

Re: they've lost already

Intel have missed the boat apart from small places where their ability to integrate stuff at the silicon level might come in handy.

I don't really see that. If anything Intel are constrained by their sheer size, they can't chase down every little niche. If you look at their SoCs they are generally focussed on minimising the BoM on a PC-style system: If you need a few GB of DDR3, SATA, PCIe etc they're good to go. Something that looks less like a PC they don't have much to offer.

ARM and to a lesser extent MIPS win on their diversified supply chain with each vendor tailoring their offering with a much tighter focus. You get a rough idea what you want, say a 32 bitter with this much RAM, this much GPIO and these interfaces. You then go out shopping. Can't do that for Intel.

As Flocke Kroes suggests the price point for Intel is all wrong for the smallest systems: ARM may have a e.g. a $3 offering that pus everything on chip. The Intel offering costs $15 and needs external memory and storage on a high-speed circuit board on top.

0
0

Anyone using M-DISC to archive snaps?

the spectacularly refined chap
Silver badge

Still a bit early to say...

...given I've only been using them a couple of years. Even good quality DVD+R will last that long. So far no complaints but I do have a few observations:

Firstly, they're not universally compatible. Some regular drives will read M-DISC, some won't. Personally I don't see this a a show stopper - potentially having to jump through a few hoops for long archived data is to be expected - but if you're expecting the data can be retrieved with just any drive then you can't be assured of that.

Secondly until fairly recently media distribution here in the UK was poor, and you were gouged as a consequence. Things have improved noticeably over the last quarter or so but pricing still seems significantly higher than it should be compared to the US or Japan even by the usual IT industry standard. Hopefully that will continue to improve if the format gains traction.

Finally the drives run warm when burning. Most consumer level optical drives have problems if you try to burn 20-30 discs in quick succession but that is amplified for M-DISC. If you're planning on burning a lot of discs in one go it is something to bear in mind, the media is pricey enough that a bad burn is annoying. This mini-ITX workstation has a laptop style M-DISC Bluray fitted and I tend to keep that to one disc at a time to be on the safe side (5.25" form factor drives aren't quite as fussy). The drive in question (LG BT-30N) has actually been taken off the market. I wonder why when there doesn't appear to be a direct replacement in the range?

To be honest I'm using it as just another option now. The early signs are encouraging enough but the important stuff is still going on both M-DISC and DVD-RAM. I've been using DVD-RAM for well over 10 years now and even the oldest stuff is still perfectly readable. I do check my archives over the Christmas break every year and didn't find any cause for concern a couple of weeks ago. Those are supposedly rated for 30 years rather than 1000, but that's more than long enough to extend to the next format shift. I take it you're no longer storing data on Travan tapes or SyQuest disks?

2
0

Got a pricey gaming desktop from PC World for Xmas? Check the graphics specs

the spectacularly refined chap
Silver badge

Re: Maybe have a word with HP?

But the Curry's site does state it has the Ti variant. It isn't beyond the realms of possibility there's a custom spin made for a large retailer.

However, like many others here I really don't see the issue. An HP specced PSU is going to have a relatively honest power rating, 500W will mean 500W or thereabouts as opposed to 600W meaning 450W or so for many far eastern no-name supplies.

But even that isn't the issue: to give some idea, just before Christmas I was looking at the OEM integrator's guide for a hard drive. It was over 100 pages long - that's a level of detail the typical end user doesn't have access to and probably wouldn't know what to do with even if they did. It also means you can go through the requirements and tick them off one by one. Against the real requirements, not a headline summary for end users to get their heads around in a world of inflated specs.

If there's a requirement in the equivalent guide for the GPU that isn't being met then that is grounds for criticism. Taking a gross simplification of those specs aimed at end users and applying them to one of the biggest computer manufacturers in the world is simply complaining about something you know nothing about.

7
0

Supermicro's ability to enable should worry IBM and Lenovo

the spectacularly refined chap
Silver badge

Re: Supermicro rocks...

They don't shaft you like HP does with an ILOM that shuts off the GUI once the OS boots unless you pay a bunch of money. I hate them. HP makes good gear, but they try to nickle and dime you to death for stuff that's just a bit flip away.

No one runs their server from the ILOM unless they have to, but when you do it's critical. And when it costs another $300/host to add that feature, it's just crazy.

Yes, I bought an HP MicroServer a few months back, great little system but they seem to go out of their way to gouge you. The ILO was a key selling point but to unlock it to the point it was genuinely useful they wanted as much as the server cost in license fees. Found a key generator on the torrent sites, ran in in a sandboxed VM, job's a good'un. Similarly the optical drive - it's a standard extra-slimline drive but with non-standard cable and a proprietary bracket. HP wanted £100, but a drive from Amazon, solder up a cable and half an hour's metal bashing to form a bracket and the job was done for £20 - you can work around them but why should you have to?

Even then it's still an appliance because of it's integration. If Supermicro did something similar it'd be based around an ITX mobo so if in three years you need more umph you swap it out for something newer. Can't do that on the HP.

OTOH that server cost me £120 plus drives after cash back. From memory that's around the starting price for Supermicro's IPMI equipped mobos, not servers. As the old adage goes, you pay your money and you make your choice.

0
0

EE recalls all 'Power Bar' USB batteries due to 'fire safety risk'

the spectacularly refined chap
Silver badge

Re: Money back?

Zero? It wasn't clear from the article: I assume you mean that EE had given them away, not sold them?

It was a service, and a free one at that. Customers never owned their equipment, it was merely on loan while that service was in use. If e.g. British Gas cut you off for safety reasons would you expect them to "refund" you £x billion to build your own network in its place?

1
0

Red Hat launches dedicated enterprise cloud platform

the spectacularly refined chap
Silver badge

Alternatively, for $48,000 a year you could buy a lot of PCs.

You could also buy even more postage stamps, or yet more penny chews. Your point is what exactly?

Yes, Red Hat support is bloody expensive. It's also top notch stuff. If you don't want to pay for that go elsewhere, if you do why shouldn't you be able to buy it? $48,000 is real money but it amounts to around the cost of a single dev. For that you get a "This doesn't work, fix it" service. From well trained sysadmins rather than devs moonlighting. If a patch is needed, well you'll get that too. It's going to be difficult to justify for a one man operation but if you have a dozen devs working on your project I can see the attraction of keeping them in the job they were actually hired for.

4
1

Enraged Brits demand Donald Trump UK ban

the spectacularly refined chap
Silver badge

Re: All you treehuggers need to look at the numbers.

This study ... found that 7% of all muslims already in the US say that suicide bombings are sometimes justified and 1% say they are often justified.

Which means absolutely nothing, 1% is the sort of figure you'll get for any position in any survey. As for the 7%, is "sometimes" really an outrageous position?

Consider the Black Buck missions in the Falklands War: these are often portrayed as a heroic story of British derring-do, certainly not dishonourable in any way. One of the bombers only got a fraction of the fuel it needed in the final air-to-air refuelling before the strike. Radio silence was in play so clarifying the situation was out. The crew's decision? Proceed with the strike and ditch in the South Atlantic. From that point on it was a suicide bombing mission.

You can argue about whether the strikes were justified, that is the realm of politics. However, it's difficult to argue the strikes were not justifiable. You only need to show it once for "sometimes" to be valid.

For completion, yes the crew got home safely. The tanker crew were aware of the situation and another tanker sent further forward than originally planned to pick them up before they had to ditch. The bomber crew didn't know that when carrying out the strike.

7
0

Whisper this, but Java deserialisation vulnerability affects more libraries

the spectacularly refined chap
Silver badge

Misses the point of serialisation...

...namely, a convenient and efficient method of dumping objects. Once you spend too much time and effort validating what you read back it loses that advantage. It's probably much safer to derive a traditional file format instead: the constraints of such a format naturally restrict what you can do compared to a serialised object.

Not that this really strikes me as an issue with serialisation per se but inappropriate usage. In the context of a trusted store there is no issue, it is only when external data is introduced this becomes a risk. Not doing the checks on import is the real vulnerability, not with deserialisation itself.

12
0

If a picture tells a 1000 words about latency, Google won't load it

the spectacularly refined chap
Silver badge

Déjà vu

So, they want brownie points for reintroducing a feature that was standard across the board in 1995?

25
0

Tesla recalls every single Model S car in seatbelt safety probe

the spectacularly refined chap
Silver badge

You can only drive with no MOT if your car is pre-booked into the garage for an MOT.

If you are taking it purely for repairs then it needs to go on a recovery truck.

The only way you would be allowed to drive for repairs is if the car is also booked into the same garage for an MOT at the same time.

If it has failed an MOT you are still permitted a single trip to a point where it can be repaired. If memory serves that is actually more lenient than it is for testing case: that requires you to take it to the nearest test point for the class of vehicle. You can take it to any point of repair after the failure.

0
1

NoSQL: Injection vaccination for a new generation

the spectacularly refined chap
Silver badge

Re: It's not about the product

The correct way to access data is through stored procedures and views so that the user has no direct access to anything in the database other than the procedures/views they need to perform the task.

No, that is one correct way and like all silver bullets it isn't always appropriate. Pretending otherwise ignores a wide range of legitimate end user requirements.

Two particular cases come to mind right away. The first is the "any and all" requirement for management reporting. Usually that boils down to "I can't be bothered to think about what I actually need in advance" but if it is there in an agreed spec there's not much that can be done about it.

The second is tracing a particular record. If you can guarantee that any access is always from a limited set of possibilities, for example account number, invoice number, phone number or a limited set of alternatives such as surname and date of birth then no problem. If on the other hand you need to be able to use anything you have available to find what you need the possibilities quickly exceed anything remotely manageable.

So yes, stored procedures are a powerful defence and have their place, but for many tasks there is no real substitute for dynamically composed SQL.

6
1

GCHQ director blasts free market, says UK must be 'sovereign cryptographic nation'

the spectacularly refined chap
Silver badge

Re: Surprised about not giving away all the 0 day vulnerabilities

GCHQ is not a funded by my taxes to be the backstop security auditor of all the products and services I use. I refuse to subsidise that, they are there for my protection as well as their more targetted activities but that should not underpin corporate security laziness.

But that is the very essence of government in a capitalist society: to monitor and to regulate to ensure no one takes the piss. Should the government not ensure that the bank you use does not disappear overnight? That the food you buy is safe to eat? That the field next door is not used as a fly tip for nuclear waste?

These all control commercial activity. What makes encryption and security different other than an instinctive paranoia that fails to appreciate the very role of any government, namely the protection of the people?

2
0

TPP: 'Scary' US-Pacific trade deal published – you're going to freak out when you read it

the spectacularly refined chap
Silver badge

Re: Source code

The term basically means that you as a (powerful, e.g. state) customer cannot demand to see the source code for an executable as a precondition of importing/purchasing the product. This is aimed at protecting valuable know-how etc in code.

No, the obligation is to each Party, i.e. each country that signs up. Nothing prevents a customer demanding source as a condition of sale, even if the potential customer is the state itself - sale is covered but not purchase. The net effect is that signatory countries can't simply say "OK if you want to sell that in our market you need to give us the source.

3
0

Yay, more 'STEM' grads! You're using your maths degree to do ... what?

the spectacularly refined chap
Silver badge

Re: "Before Current Era arithmetic is useless"

Do please show me someone who knows his total-to-pay (beyond a rather vague range) before being told at the supermarket checkout, so I can show you a bloody liar...

Hardly difficult, I've done it myself in ASDA. I bought around a dozen items and noticed at the self check out that the total was a penny higher than it should've been. Looked at the receipt and went to customer services: yes it's petty but the shelf edge price on that bottle of Coke is wrong.

They looked at it and yes I was right. I shouldn't have bothered, I only wanted the shelf correcting but they wanted way too much personal information to process a penny refund they insisted that I took.

1
0

Oracle's Larry Ellison claims his Sparc M7 chip is hacker-proof – Errr...

the spectacularly refined chap
Silver badge

Re: Any chance of a SPARC lappie running Linux?

I was issued with a Tadpole lappie with a SPARC chip at work around a decade ago. Nice enough machines but they were lacking in grunt for most laptop stuff compared to commodity hardware at a fraction of the price.

In other words they were like SPARC generally, if you need it you need it, otherwise don't bother. I've lost track of what became of Tadpole with corporate shenanigans over the years but last time I checked the line was still available and being updated.

0
0

Temperature of Hell drops a few degrees – Microsoft emits SSH-for-Windows source code

the spectacularly refined chap
Silver badge

Re: POSIX

Using SUA (an optional component) you can have a POSIX environment on Window, but IMHO, any first class application in Windows has to work as a "native" one, not pretending to be still in its *nix environment, and should not require any optional compatibility layer.

OK then, using this definition name a single native Windows application: I certainly can't. The lowest system call layer of Windows is not publicly documented - the lowest level access you can get is the interface exposed by NTDLL.DLL. Above that for what is usually regarded a "native" Windows application you have the Win32/Win64 API as implemented by WIN32.DLL. Most of the "native" facilities you are keen to emphasise are facilities in those compatibility layers that implement the public APIs rather than features of the underlying OS kernel itself.

1
1

TRANSISTOR-GATE-GATE: Apple admits some iPhone 6Ses crappier than others

the spectacularly refined chap
Silver badge

Re: Biased and a little bit clueless

The physics of gates is irrelevant if you don't change the clock speed to utilise faster gates.

And someone modded you up on a tech site. Jesus H.

Not by definition nor even universally in practice. Plenty of architectures have used 'early out' instructions that essentially stall the processor until the result is known: for example multiply on the 386 - how long it took was a complex formula depending on the exact values being multiplied.

A faster logic could potentially shave a few cycles of such variable-duration instructions.

4
1

LTO-7 has it taped, but when will 'bigger/faster' thinking hit the buffers?

the spectacularly refined chap
Silver badge

Re: Cost

LOL AC your understanding would be spot on if you hadn't missed the recovery points available in that disk system. In reality if you delete everything on one of my solutions, you create a snapshot which is empty (but the changes require no new space) which I could then roll back on either primary or recovery SAN. You, sir, are one of the people I need to explain this stuff to on a daily basis.

The precise issue doesn't really matter though: it is still a single system vulnerable to a single upset. It is all too easy to get carried away reading a paper on e.g. ZFS and thinking that it answers all your problems at a stroke. Such solutions don't exist - look at how many reports you see online about entire ZFS pools getting bricked. Sure, you've got 1,000 snapshots in that pool. It is completely meaningless when they are all lost.

Funnily enough, I have to warn against the fools advocating magic wand solutions on a daily basis...

4
1

'Major' outage at Plusnet borks Brits' browsing, irate folk finger DNS

the spectacularly refined chap
Silver badge

Re: not DNS, but routing issues

Why did just chsnging my DNS provider work when an nslookup on the beeb got

** server can't find www.bbc.co.uk: NXDOMAIN

If it is a routing to the DNS then great but for most of us this equates to a DNS failure.

Because you probably rebooted the router making the change, either explicitly or automatically. I noticed my Internet was down this morning, rebooted the router and it was back up again. Can't be anything to do with DNS since I run that internally referencing the root servers.

0
2

Au oh, there's gold in them thar server farms, so lead the way

the spectacularly refined chap
Silver badge

Re: Gold FTW ! (when soldering)

That's something of a mixed bag. Gold wets very well when soldering and yes that allows great looking joints to be made easily. The flip side is that the resulting joints tend to be very brittle. I've had instances of gold soldered joints failing with much less force than you'd expect. Often the actual joint is perfectly intact, it has simply lost all adhesion to what it was attached to.

1
0

Raspberry Pi gains new FreeBSD distribution

the spectacularly refined chap
Silver badge

Re: For those interested in servery type projects

FreeBSD has ZFS

But the Pi simply hasn't got the memory for it to make sense. IME ZFS on FreeBSD is tempremental even in 4GB, it really wants 8GB+ even for small filesystems.

2
0

Boffins nail 2FA with 'ambient sound' login for the lazy

the spectacularly refined chap
Silver badge

Please don't send the audio from the browser to the phone for processing and verification. This just leaves a hole attackers can look to use. The server should receive both audio streams and check. Even if it is a simple hash of the stream to save bandwidth but don't leave it to the phone to confirm.

That strikes me as a very deliberate decision and one that I would agree with - done correctly (i.e. public key encryption that can only be decrypted by the phone) it means the service provider never has access to the audio. That gives the user a good assurance of confidentiality and eliminates the attraction of a single server being able to access everyone's audio. Of course, it does depend on the phone not being compromised but in that eventuality all bets are off anyway.

As for hashing, forget it straight away. This kind of DSP work always needs proper samples to work with, put simply too much processing is needed to match the samples up. The two recording are never going to be exactly synchronised for example, levels are going to need adjusting, and a certain amount of tolerance needs to be built in to allow for different locations or the characteristics of the microphones used.

The one potential showstopper I see is where security is actually a real concern where you may think something like this would be attractive. At my employer for example possession of a mobile phone on an operations floor is an instant sacking offence - they are that concerned about any recording devices, whether audio or visual.

7
0

Windows Server 2003 support has gone. Here's how to survive

the spectacularly refined chap
Silver badge

Re: Replace Windows Server2003

Much as I'm a fan of Unix generally this is just bollocks. The chances are that if a server hasn't already been migrated to something else it is doing something rather more than file and print. There simply isn't a point-to-point feature equivalence for anything but the most basic of functionality, yet alone drop in replacement.

Two that come to mind right away - Ubuntu lacks AD integration in any reasonable meaning of the term beyond basic user management and of course it doesn't natively run Windows applications. Those are not niche features only of interest to tiny niche audiences but instant showstoppers for a large proportion of installations.

2
1

A close shave: How to destroy your hard drives without burning down the data centre

the spectacularly refined chap
Silver badge

Re: Remove platters

Shouldn't degaussing be sufficient? Or maybe that was too boring.

Probably. The problem with things like this is that there's generally too much "knowledge" around that is of purely historical value. A lot of the stories that get cited refer to e.g. floppies or low density hard drives - you can forget about them entirely for modern drives.

As the density goes up what it takes to make the data completely irretrievable goes through the floor: e.g. if you physically overwrite a sector once what was on it before is lost forever - those algorithms you have read about involving multiple passes and random data belong to a different age. Significant damage anywhere on a platter essentially makes the entirety unreadable - it doesn't matter if most of the data is still perfectly intact if there is no way it can be subsequently read out.

The fact some of the methods tested are not very exciting does not mean they are not completely effective. Hell, I wouldn't want to could on it but I'd imagine simply taking the top cover off outside of a clean room environment would counter even the most sophisticated attacks a good proportion of the time.

6
1

Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin

the spectacularly refined chap
Silver badge

Re: GnuPG

The Ken Thompson compiler hack ... means that the only code you can REALLY trust is that which you have compiled yourself, by hand, into assembly language, and then laid down byte-by-byte into memory.

It is altogether too easy to overestimate the impact of that particular demonstration: it wasn't really a practical hack or even a real proof of concept but more an illustration of a possibility.

Thompson's code worked against a specific login source tree and a specific compiler source. Generalising it to be resilient to continued development of either is hard and increases the scope for detection, after all if you want the hack to be cross architecture it needs to be inserted at the parse tree or possibly token stream level. Anyone working on those or later stages of the compiler would soon notice unexplainable entries in the internal data structures in their debugger.

That's without even considering the level of semantic analysis required to hack a tool that has not yet been written. That's decades ahead of the state of the art: we can say with confidence such technology simply doesn't exist.

2
0

'Fix these Windows 10 Horrors': Readers turn their guns on Redmond

the spectacularly refined chap
Silver badge

Who cares? It works and behaves (to me, the user) pretty much exactly as it did years ago. So for all intents and purposes, my desktop has "not changed" in so far as it looks pretty much identical, acts identical (from the user perspective) and behaves the way I want.

Who cares? You do. It was you that advanced the proposed advantage that any old WM from twenty years ago works fine on current system. They don't. Now it supposedly doesn't matter because you have found a modern WM that happens to keep you happy.

That is a massive volte-face, not a justification of your position. If your preferred WM was twm, mwm, olwm or any of countless others you are shit out of luck.

3
0
the spectacularly refined chap
Silver badge

Many apps simply don't work correctly on a strictly ICCCM-compliant WM.

Let's see… I'm typing this in Firefox 37 running within FVWM 2.6.5 on X.org server 1.16.4 and Linux kernel 4.0.2. I also use Gnumeric or LibreOffice for the office suite just fine and numerous other applications such as The Gimp, Inkscape, and of course gVim.

So, version 2.6.5. It adopted EWMH from version 2.5 onwards, and thus no longer pure ICCCM. Now ask yourself why they had to deviate from the prior and well established conventions.

5
0
the spectacularly refined chap
Silver badge

Want an early 90s desktop with modern applications? No problems: install one of dozens of window managers, set up .xinitrc and it's just like the old days.

Have you actually tried it recently? A lot of classic Unix apps have been royally shat on by the Linux community who seemingly show blatant disregard for anyone using anything else. Many apps simply don't work correctly on a strictly ICCCM-compliant WM. Examples that come to mind - both Open- and LibreOffice will tend to dump core (and keep open documents locked) if you have the temerity to close the app via such a window manager. Firefox can't even maximise properly on some systems - it gets bigger all right, it just ends up four times the size of the screen.

Oh, and you still have most of KDE or GNOME running (and probably both), the needlessly chunky and redundant libraries anyway, if not the small veneer on top. Yes, I just love pissing away 200MB memory so that some anonymous dev can express his opinion on what an OK button should look like, even though it matches nothing else on the system.

That's without even getting me started on the desktop-oriented random distribution of detritus that such apps bring. Personally it appears to me that if I write a document on project Example then sticking it in ~/example would be eminently sensible. If I download e.g. a datasheet in support of it then equally I may want it in ~/example/data. It's good to know that I'm utterly mistaken in that and I should naturally follow the Windows 3.x practice where a document's location is based on where it came from rather than what it is - the "correct" locations are obviously ~/Documents and ~/Downloads respectively.

To drive the point home, bonus points for re-creating those directories each and every time the program runs even if nothing ever gets saved there. "Something shiny" that looks pretty is obviously much more important than the elimination of pointless distractions when actually trying to do some work...

12
16

Post-pub nosh neckfiller: Southern biscuits and gravy

the spectacularly refined chap
Silver badge

Informative article

Before reading it I had absolutely no idea what plain white flour, lard, sour cream, salt and baking power looked like. Now I know.

6
1

Google: Maps editing is back – but, please, no more p*ss-taking robots!

the spectacularly refined chap
Silver badge

In other words...

...co-opt users as a free workforce.

I wonder what completely pointless and utterly worthless metric they're going to come up with to persuade the suckers users that their contributions are really highly valued?

9
0

Huawei: in the world of 5G, we're all Europeans now

the spectacularly refined chap
Silver badge

Re: Grasshopper velly wise

Huawei seem to take that sort of issue much more seriously than their Western competition, possibly because of similar concerns in their home market. I bought a cheap Huawei phone a couple of months back and the privacy shrinkwrap was a breath of fresh air compared to what tends to get shoved down our throats these days.

The scariest terms were of the extent of "If you go to our website and buy something then we'll hold your card details for as long as needed to process your payment". Nothing about tracking what ever you do or finding new ways to profile and monetize you: terms that appear in the terms of seemingly everyone else these days - the whole thing was actually quite reassuring in comparison.

As for their commercial gear - well don't forget it been through and passed GCHQ code audits. Far from being untrustworthy they give every indication of doing this how you would want them to, and in a way that is far more respectful of your privacy than most companies.

5
0

Google makes new hires ONE pay offer. 'Negotiation'? What's that?

the spectacularly refined chap
Silver badge

Re: So....

When did anybody say that, ever?

Plenty of times - remember the quid pro quo - "things in the overall package that could be negociated and perhaps resulting in a lower salary." You may be willing to trade 2% of salary for another week's annual leave or even as in my case a few years ago 40% of salary for only working three days a week. When they asked why I explained I wanted to do my doctorate. They jumped at the chance.

0
0

Natural geothermal heat under Antarctic ice: 'Surprisingly HIGH'

the spectacularly refined chap
Silver badge

Re: Heat balance

Wikipedia sub-title sums it up: "Earth's internal heat and other small effects"

The figures don't really matter - this situation can be reasoned about without even needing any quantifiable data. The long term trend has to be either to a dynamic equilibrium or for net ice build up. We know this by the simple fact that the ice sheets are there and haven't already melted away and indeed have built up over time - they weren't always there after all. Therefore natural ice loss must on average be at least matched by new ice formation.

However we can see a long term trend to less ice so something has changed. The amount of geothermal heating certainly does but that is a slow steady decline, not an increase.

12
0

Dodgy mobe dealer jumps on VAT carousel, gets 13-year ban

the spectacularly refined chap
Silver badge

Re: No jail?

Unless of course you're talking about benefit fraud in which case current thinking is hanging's too good for them.

This time it isn't really the case of one rule for one group and another rule for others: the punishment for benefits cheats is similarly lenient. Time and again people receive tens of thousands as a result of a false claim and get punished with less than a hundred hours community service.

They have to repay the money of course but because in many cases the fraudster is legitimately on some form of benefit the courts won't order repayment at a rate of more than £5 a week. It's not unheard of that people would need to live to over 200 to repay the debt.

1
0

PLUTO: The FINAL FRONTIER – best image yet of remote, icy dwarf planet REVEALED

the spectacularly refined chap
Silver badge

Re: For anyone who's tried to "shoot the Moon"...

I'm impressed - From New Horizons' vantage point, Pluto would have appeared to be around 1/30th the diameter of our Moon (as seen from Earth) at the time that snap was taken.

I wouldn't get too carried away - it's still over twice the apparent size of Mars even at the most favourable opposition. To put it into context I've seen more impressive pictures of Mars taken by amateurs - advanced amateurs with perhaps £4000 of equipment, but still amateurs - even with all the atmospheric distortion involved in observation from Earth.

0
1

What's black, sticky, and has just 8GB of storage?

the spectacularly refined chap
Silver badge

Re: Thin clients on wifi

* 100Mbit and 600-800MHz 32bit in-order CPU (Crusoe, early Via Eden): barely usable. User experience is awful, you can see it redrawing, it stalls, etc.

I've used similar spec terminals and come to precisely the opposite conclusion - for most business apps - for most business apps you can't tell the difference if everything is properly configured and you are using high level protocols (X11, RDP) rather than the bitmap kludges such as VNC. Hell, I remember a few years back I tried full screen movie playback to see how well it fared, software rendering on the remote machine rather than locally. In fact it coped surprisingly well - no, I'm not going to claim it was silky smooth because the frame rate was well down and became distinctly cine-filmish in panning shots - but it was watchable.

The only issue I ever observed in real use was with Firefox on X11 and then only fairly rarely - it seems the rendering code does pass large images directly over to the X server for it to scale before display. If you have a particularly graphically intensive page or a single large bitmap things would slow to the a crawl - displaying e.g. an 80MP image was not fun. However, how frequent is that for most of the target market? The fact it isn't much good for viewing high res porn is probably a plus.

I can only assume that this is either completely groundless FUD or you are not capable of configuring this kind of thing correctly. Either way your comments are completely divorced from reality.

4
0

Get READY: Scientists set to make TIME STAND STILL tonight

the spectacularly refined chap
Silver badge

Re: ...accurate for a period of 158 million years...

Right now the offset between BST and UTC is 3600 seconds. That offset should change to 3599 seconds, and UTC should continue unchanged. The TZDATA files will get bigger, but not much, since all countries should implement the leap second at the same time.

Careful, this is a simplification of a simplification. Many of these amateur suggestions are implicitly based on layers of simplification, knowing or unknowing, which introduce paradoxical effects at the margins. Doing the job properly is complex which is why you have a panel of experts spending so long debating how this should be handled - I wouldn't call myself qualified to add anything meaningful to their discussion but I've studied this enough to understand the complexities. In this case BST is not a 3600 second offset from UTC: is closer to 3601 seconds, and adding the leap second to UTC simply alters the offset to just under 3600 seconds. BST is a defined offset from GMT which the UK still uses in law at least. GMT is essentially an older version of UT1: it is defined astronomically and has no leap seconds.

Simply adjusting the definition of time zones like that has dramatic side effects - in particular events that happened close to midnight in the past can suddenly move from having occurred on one date to another simply by the introduction of another leap second. It doesn't take too much imagination to envisage all sorts of issues this can raise in the field of contract law alone.

The most elegant way of representing this I have seen on computer is simply to allow a second to be two seconds long during a leap second, i.e. allow space in whatever fine scale representation you use to accommodate e.g. 23:59:59 and 1500 milliseconds as the middle of the leap second as opposed to a 23:59:60.5 representation. Apps that don't care too much about precision time keeping simply get 60 second minutes and can ignore the whole issue, still being guaranteed that the date, hour, minute are always perfectly correct - the second too unless they try to get clever with internal representations. Apps that need ultimate precision can get the precise time any time they wish.

Yes, it's still a bit of a fudge but it avoids many of the issues of the simplified alternatives. It also closely approximates the current treatment with periodic insertion of leap seconds.

4
0

Github's 'Atom' text editor hits version 1.0

the spectacularly refined chap
Silver badge

Re: Still no print capability?

You print code out?

Of course, in much the same way that over a foot of space on my bookshelf is given over to hand-written notes on one of my pet hobby projects.

What are the most important development tools? Pencil, eraser, notebook and source listing. Fancy software tools can help massively for specific issues but ultimately nothing can replace time and effort spent understanding and thinking about the task in hand. Physically moving away from your computer instantly eliminates one of the principal distractions to doing that properly.

14
0

Page:

Forums