* Posts by Henry Wertz 1

1983 posts • joined 12 Jun 2009

Boffins silently track train commuters without tripping Android checks

Henry Wertz 1
Gold badge

Why not prompt for accelerometer?

Why doesn't the accelerometer require permission? I mean, if you are using a game that uses tilt etc. (or "shake to do x" function in an app") you expect it to need it, otherwise it'd at least raise questions when some emoji app or something asks for accelerometer permission on install.

0
0

Death of a middleman: Cloud storage gateways – and their evolution

Henry Wertz 1
Gold badge

All seems reasonable

All seems reasonable to me. I could see this type of appliance being useful, and could also see the companies that already add compression, dedupe, etc. to their devices adding cloud sync type of functionality.

Putting stuff "in the cloud" just because? Pretty pointless. Having essentially a NAS that uses AWS or whatever cloud service for backups? Seems perfectly reasonable depending on how costs work out. Having a whole office use AWS or the like directly as a NAS seems like a good recipe for disappointing performance (both Windows and Linux, the GUI will more-or-less deal with 50-100+ms per file operation but you can tell it's not happy about it, and having to copy files in and out via some web interface would be really clunky.) But using the AWS as a backup while keeping a fast local NAS negates this issue. It still allows (if you want) remote workers or branch offices to access the online copies too. Quite convenient. You could of course still run into trouble if your office is churning out so much data that the backup to AWS never catches up -- hopefully there's some interface on the NAS to tell you that it's (for example) only 45% backed up or whatever.

It does also seem like this is just a software feature, so I could definitely see the kind of storage devices that have added dedupe etc. over the years adding this kind of "cloud sync" type functionality.

0
0

Windows and OS X are malware, says Richard Stallman

Henry Wertz 1
Gold badge

suck it up

" It is poisonous in the extreme, and it's outrageously expansive demands have smothered the open source movement. GPL3 is specifically designed to metastisize and malignantly infect everything it touches. It has nothing whatsoever to do with "your benefit"; it benefits one thing and one thing only, and that thing is Dick Stallman's enormously overinflated ego."

I don't know how much Microsoft koolaid (or whatever) you drank to make GPL3 sound like some kind of tumor with no benefit. But, yes, it's designed so if you wish to benefit from people's GPL3 code, you are expected to release your own code under an open source license. This is not to inflate Stallman's ego, it's so people who wish to see the source code for their software, be able to modify the software and build their own versions of the software if they wish, have the source code to do this. That's the point of it, the concern was some people would do all the hard work on tricky utility libraries and so on and release them under a BSD license (for instance), and commercial vendors would then say "thanks a lot for that!" and lock it all back up into closed source products. LGPL permits building code as a library and using that without affecting your code.

Don't get me wrong, I'm no license zealot, and if you want to write closed source software, be my guest. I just object to characterizing GPL-licensed code as some kind of infection just because you can't use it in your software. Suck it up and write it yourself, or find code with a more permissive license.

3
1
Henry Wertz 1
Gold badge

Oh Stallman...

"Its been shown time and time again that the unwashed masses are quite happy with the status quo warts and all. Otherwise how do you explain the total failure of linux on the desktop."

No they aren't quite happy with the status quo. I hear people complain, again and again, "Don't you hate it when computers do a, b, and c?" (Insert several complaints here... like installing updates at inconvenient times, or wanting to reboot at inconvenient times, or getting viruses and spyware, or blue screens, or "having" to defrag too often, or activation problems, or being "forced" to buy a Windows 8 system becacuse Windows 7 is no longer available, or upgrading Windows and finding it doesn't support their old peripherals, or installs that just get slower and slower over time, or whatever.) And I'll point out "That's not computers, that's Windows, I don't run Windows so my computer NEVER does that." (Except the person complaining about having to defragment their hard disk like weekly, I pointed out to them they really didn't need to defrag that often.) These people really aren't "quite happy" with the status quo, they think it's normal for computers to be a pain in their ass and don't realize it's just Windows. (I do realize if you handle Windows *just so*, you can evade these problems... but, if you *don't* run Windows, you don't HAVE to take special steps to avoid them!)

And there is no total failure of linux on the desktop.

As for Stallman.. I appreciate his contributions but.... man. I've never found Stallman to be particularly well spoken. I don't think he realizes, although the actual information conveyed may be the same, saying "Windows and MacOS do x, y, and z, did you know this actually makes it meet the definition of malware?" may inform people, while saying "Windows and MacOS are malware!" Sounds like hyperbole and people may not listen if he keeps on talking to explain why.

4
2

Factory reset memory wipe FAILS in 500 MEELLION Android mobes

Henry Wertz 1
Gold badge

"That doesn't seem to stop Apple, who managed to backport full-disk encryption and make it available for every device sold in the past few years as part of their regular update process. It wasn't *ooh* *whimper* sooo *sniff* haaaaaard *sob* like it was for Google. It's a core OS function that isn't dependent or reliant on manufacturer customizations, and should be updatable."

Apple didn't backport full-disk encryption to older iOS versions, they made sure iOS was installable on somewhat older devices. Not the same thing at all. Also, Apple only ships a handful of models of phones. For vendors that follow Google's recommendations (i.e. not too many nasty hacks and binary blobs), if the vendor doesn't bother to release updates, CyanogenMod does. I really would prefer if all vendors at least made it so CM could release functional updates. If you do want to make sure to actually get updates, there are several lines of Android devices that do actually receive official updates for a guranteed length of time.

0
0
Henry Wertz 1
Gold badge

"It isn't like an OTA could be sent out to all phones to update it so the manufacturers and carriers would need to do the update and if they were going to go to all that trouble of writing the core files into their customised version, testing and delivering it then they would just update to the latest version anyway which is designed to work better on older devices (although that's debatable)."

Well, maybe, but I've had a few phones that due to the unusual radio files (Samsung Stratosphere for example had a Via -- yes Via, not Qualcomm... Via CDMA/EVDO/GSM chipset and Samsung LTE chipset, so if you evaded Samsung's lame firmware lockdown and put a newer kernel on, the radio files would absolutely not work with it. The Stratosphere II I have now has a more normal radio but a similar situation. It's pretty common to see on Cyanogenmod forums and the like that some devices will run a newer kernel, but with no radios. I doubt Samsung'll update either of these phones at all, but if so I'll be shocked if it gets anything other than a "x.x.(current +1)" update, or a vendor implemented patch.

0
0

Zero rating? Zero chance says Vodafone India

Henry Wertz 1
Gold badge

Major problems

There are multiple major problems with this type of setup:

1) It could easily start getting quite expensive and ridiculous for these companies (slacker, facebook, whoever) who, after all, are ALREADY paying for their internet connections, to be expected to also pay off dozens of cell phone companies and ISPs for this type of special treatment.

2) I think service in India is pretty cheap, but in countries where cell phone rates are already exhorbitant, this will probably just push them into giving people even LESS data for the fees they charge, but say "oh it's fine, because sites x, y, z don't charge data." In effect, falsely claiming they are providing internet service but (due to crippling fees) really giving users a walled garden. Exactly this kind of thing apparently goes on in Canada, plans that are so expensive for so little data that the data may only cover E-Mail, and otherwise the user can only use the vetted services.

3) This most assuredly does violate net neutrality, since instead of just giving the customer internet service, they are favoring certain services over others based on receiving payments from them.

Sidebar -- There is one variant to this that may violate net neutrality, but I don't really object to. T-Mobile US does the "these sites don't use your data", but a) They charge customers much lower fees than most cell cos in the US, and they aren't using this as an excuse to reduce data caps and raise prices. b) They throttle when you hit your data cap, not exhorbitant overage fees. c) They are not charging the companies they put in the "no data use" camp, if they meet technical requirements (having their music or video streams come from some deterministic set of sites so T-Mo can whitelist them), they're good to go apparently.

0
0

The Internet of Things becomes the Game of Thrones in standards war

Henry Wertz 1
Gold badge

Time to wait!

This:

Quoting Gavin Chester a few posts up: "Lets face it one of the biggest things that us consumers learned from the VHS/Beta format wars (or DAT/DCC.MD, or BluRay/HD-DVD, or all the memory card formats, ) is that we just leave them to fight it out before shelling out. No-one wants to be left with the V2000."

Agreed (except that I'm a customer, not a consumer.) I was thinking if you were just getting something self-contained like those mood lights it might be OK; but even then, who wants to go to replace a bulb a few years down the road, only to find out that the old bulbs were on the losing side of the protocol war and the new bulbs don't use the same protocol? Definitely wait it out, who wants to spend the big bucks only to end up with Beta or HD-DVD? Prices may be more reasonable by then too.

0
0

Backpage child sex trafficking lawsuit nixed thanks to 'internet freedoms'

Henry Wertz 1
Gold badge

"(I would expect the judge's decision to be reversed.)"

I wouldn't, but they could in theory keep appealing the decision up to the supreme court, if higher courts will hear the case.

"Irrespective of what anyone thinks of prostitution, "Backpages" is a locus for criminal activity and the idea that a filter is sufficient for vetting their ads is laughable; there needs to be an actual human being making the decisions."

I do have to agree, there seem to be quite a few sites that seem like they rely entirely on "automated moderation" (filters and the like) with very little to no actual human moderation, instead of using the automated moderation as an aid. And some of them really could use some human moderation. The first thing I thought when I heard about that FTC case against "Youtube Kids" a few days ago was that they really should have some moderators, and Backpage and similar buy/sell/trade sites should have some moderators too.

0
1
Henry Wertz 1
Gold badge

Reason for this CDA clause

The reason for this clause in the CDA, is that before it was passed the legal precedent was building up towards online providers that did not try to moderate or filter their sites getting common carrier status and so getting a free pass (after all, nobody would try to prosecute phone companies for the numerous illegal activities that surely are facilitated by telephones), while those who DID moderate their sites could be prosecuted for things they missed. Which is exactly what was happening here. Just think how much seedier it'd be online if site operators felt the only way to avoid prosecution was to never moderate their comments.

6
0
Henry Wertz 1
Gold badge

The judge is right

The judge is right.

Several points here --

1) The site did have filters. Which these posters evaded.

2) The site had an age check.

3) The site probably converts images when they are put on, for size (filesize and on-screen size) and consistency, not just going along stripping metadata. Of course when sites *haven't* stripped metadata, there are also complaints because they leak information the poster didn't know was in the photo, and they become a virus hub for "malformed image" type attacks that have plagued WIndows from time to time.

4) "Backpage" is not some double entendre, this is a general purpose classified ads site. It looks like a craiglist clone.

5) So, how the hell lazy are the cops anyway that they didn't catch the scumbag(s) responsible for these ads quite a while ago? If it was so obvious, it should have been a no-brainer to just order services, and have whoever shows up take them back to the pimp to bust. If they moved, call *that* police department and have *them* do it, or get the feds involved and moving wouldn't help them.

This really is the kind of thing the CDA was meant for -- quite simply, a "provider or user" is not liable for content that was actually put up by another "provider or user". I mean, it makes sense -- anyone who runs a blog with a comment section could be sued for literally anything otherwise based on what random trolls and hooligans put in the comments before you get on and remove them.

I'd also like to point out, when some newspaper here in the US started complaining about Craigslists ads for "massages" and "escorts" (until Craigslist finally pulled them), it turned out THAT VERY PAPER had FAR more of these ads in their classifieds than Craigslist itself did. I'm just saying, this site may be being singled out for ads that showed up elsewhere.

11
0

Google DOG WHISTLING fails to send URLs across the room

Henry Wertz 1
Gold badge

"I want to keep my URLs secret, so I sit with my back the wall. Why would I want to broadcast my favorite xxx URLs to everyone in the room? Ok, some rooms, yes, but in the living room....nope."

Umm, your watching porn while in a room full of people? Classy 8-) But seriously, I don't see the point of this either; the fact of the matter is, I don't think Google sees a point either, it's an experiment.

I did have to ask, though, why would using this plugin involve "temporarily" storing URLs on Google's servers? Is a multi-ghz PC now not fast enough to do basic signal processing? Are they sending off the sent and received URLs (and/or sent and rececived sound when a URL is detected) to be able to analyze possible failure modes?

0
0

Microsoft's Surface 3 is sweet – but I wouldn't tickle my nads with it

Henry Wertz 1
Gold badge

I thought the ad was a parody

When I saw the ad for this, I thought it was a parody. The US ad for this just says (as I recall) "Surface 3. Slightly smaller. A little lighter". I mean, seriously.

0
0

A good effort, if a bit odd: Windows 10 IoT Core on Raspberry Pi 2

Henry Wertz 1
Gold badge

A few points

First off, to get this off my chest, WinCE is not an RTOS. I mean, it has better interrupt latency than standard Windows, but it doesn't do anything to guarantee latency like a true RTOS does.

"Microsoft’s strategic goals may explain why IoT Core lacks a command shell or Windows desktop, both of which would be welcome among Pi users attempting to use it like a PC. The company is trying to drive developers towards UAP."

I think there are two reasons: 1) Technical reasons. I would guess that Windows still has a reasonable kernel at the base. But they probably found the GUI was dependency hell, and was an all-or-nothing affair. So they pulled it. 2) Microsoft's big business is PCs and servers. I think it has become strategically important for them to make sure that x86 desktop is the first class experience. Linux? The software's all portable, I have used Linux on several non-x86 platforms, and other than the unusual-looking machine at your side you could as well have been on a PC.

Anyway... I'm not sure that very many Raspberry Pi users will be interested in running a stripped down Windows on it, there are so many better OSes to run on it. On the other hand, Windows developers who want to make so-called "IoT" software (and as Windows developers, think the way to do that is using Windows) may well be interested in installing onto a Pi to have a test environment.

7
1

Manchester car park lock hack leads to horn-blare hoo-ha

Henry Wertz 1
Gold badge

"The whole Manchester car park horn-blare omnishambles raises wider questions about the security and reliability of electronic door locks."

Reliability? The ones on my car died like 5 years ago. The range started to get very low, and I found with the spare it was very low too. Replaced the battery on one and reprogrammed it, very poor range. Then no range at all (i.e. doesn't work.) I've assumed the antenna on the car module broke?

Anyway... I guess this shows people are pretty stupid (for standing around because "the car won't lock" instead of locking the car manually), but not as stupid as thieves think (they didn't walk away from their cars just assuming it locked because they pushed a button, as this particular exploit seems to assume people will do.)

"Cool! How long have you been emitting RF in the 430mHz band? I'm sure there's a scalpel-wielding boffin or two just itching to have a 'chat' with someone like you..."

Really they have nothing to say, 430mhz is an ISM band; ISM band users are not permitted to intentionally cause interference, and must accept interference from other users. As a practical matter, ham radio rules also prohibit just transmitting dead air or the like too, I would guess even if a 70cm operator was right next to your car, they'd usually only be on the air long enough for you to be "huh, let's try pushing the unlock a second time" and having it work then.

2
0

Microsoft's certification exams: So easy, a child of six could pass them. Literally

Henry Wertz 1
Gold badge

Real terms

"And as for such a pretentious interpretation of the title "Engineer" - like "Consultant", "Architect" and even "Doctor", it's so over-applied in so many other ways (including beyond IT), that such snobbery really belongs in the mid 20th century.

Whether you like it or not, language evolves"

Well, the fact of the matter is, both Cisco and Microsoft have dropped the term "engineer", because in quite a few jurisdictions an engineer is an actual engineer, and it's actually illegal to refer to oneself as an engineer if they don't have an engineering certification of some kind. Language evolves, but engineer and doctor are still real terms with real meanings.

0
0

YouTube Kids 'showed nippers how to make nooses, play with fire'

Henry Wertz 1
Gold badge

Sounds like youtube needs to work on this

"Anyone who complained should have their details passed straight to the local rozzers for neglect."

Why? It sounds like with the complainants, I don't think they are claiming they left their kid sitting around, then saw this. I think they looked into the service ahead of time.

Normally, I think these "Oh think of the children" types are kind of wankers. And to be honest, I doubt these young children will really be harmed by anything they see on there. But, in this case, I really can't disagree with their arguments. Youtube presented this service as something appropriate for young children, and it sounds like it's not.

I'm guessing what happened is 1) Youtube opened this service. 2) Trolls put various Youtube clips on there to mess with.. well, whatever motivation trolls have. 3) No profit. Youtube expects "improper" videos to be flagged for removal, rather than pre-screening; the kids aren't going to flag anything, and I wouldn't expect parents to pre-screen since it was after all presented as a service with children's videos.) I think, quite simply, Youtube expected to be able to use the exact same procedures as the main service, and this simply won't work for a service like this were people really panic if anything "slips by".

2
1

Amazon cloud to BEND TIME, exist in own time zone for 24 hours

Henry Wertz 1
Gold badge

I don't see the problem

Leap seconds are being used so, eventually, you don't end up with 12 midnight happening in the middle of the day. After all, leap years are there for a similar reason -- older calendars did not have leap years, and eventually became inaccurate enough that people began to notice. If you don't want to deal with leap seconds, don't deal with them, your clock will not be off by much over the likely lifetime of your clock or computer. But, personally, I have network time on my phone, and ntp on the computers.

Note, ntp does have the "-x" option -- normally, (per the man page), ntp will jump the clock if it's off by more than 128ms, less than 128ms it does in fact slew the clock (speed it up or slow it down until it has correct time.) -x sets this cutoff to 10 minutes. The man page warns most UNIX systems allow a maximum slew of 0.5ms/second, so it'd take almost 14 days to slew 10 minutes. For 1 second, that'd come to about 33 minutes, so Amazon must be using a much slower slew rate. If you object that much to having your clock jump 1 second, use -x.

1
1

Feds: Bloke 'HACKED PLANE controls' - from his PASSENGER seat

Henry Wertz 1
Gold badge

Similar comments...

I have similar comments to others...

a) If he had been hacking flight control systems in flight, throw the book at him. This is just dumb.

b) "That last sentence is a major point, i.e., that even ATTEMPTING to tamper with actual flight controls is a crime. So is CLAIMING you've tampered with a plane, or passenger safety, whether you did or not." Actually, per the last sentence, claiming it is not illegal at all; that doesn't mean you won't be investigated to see if you really did it or not, which is what is happening now.

c) I do seriously doubt the in-flight entertainment system is tied into anything other than the power. First, I think they have the common sense to not tie systems together unnecessarily (airplanes have higher safety standards than cars, where the car cos have occasionally stupidly thrown everything on one bus). Second, airlines are obsessed with weight, they wouldn't want to tie things together due to weight and cost either.

0
0

Lightbulbs of the future will come with wireless extenders and speakers

Henry Wertz 1
Gold badge

Network extender

I think the network extender would be useful. Since the light is positioned to light the room, it should have a cleaner line of site to whatever it's repeating than having a repeater up on a shelf or whatever. I would, however, need some way to actually turn the light on and off without resorting to an app.

2
0

Turkey president: Nuts to 4G networks, we're cutting straight to 5G

Henry Wertz 1
Gold badge

Really...

Really.. if the networks there have enough 3G capacity to keep speeds up and the 3G is running well, then skipping 4G would in fact make sense. T-Mo here in the US never got around to upgrading a lot of their rural network from 2G (often even GPRS rather than at least EDGE) and now are directly overlaying 4G LTE in these areas (so they will be 2G+LTE, no 3G), skipping a gen does make sense at times.

0
0

Not sure what RFID is? Can't hack? You can STILL be a card fraudster with this Android app

Henry Wertz 1
Gold badge

"The problem is, indeed, the lowest security cards are the cheapest. And NXP, of course, is not withdrawing lowest sec cards because of low cost and massive revenue (people don't understand security and of course buy the cheapest)."

Maybe they *do* understand security. Given they're loading $16 on the card, and it's for an intangible asset (unauthorized use of the transit) rather than tangible (lifting $16 worth of items from a store or something), they may have gone in knowing they were not getting the highest security card, ran the numbers and figured the card cost savings outweighed the fraud risk. I wonder if it could be "fixed" on the back end like the Dutch system in a post above, so "Android reloaded" cards would be deactivated.

0
0

Microsoft: Free Windows 10 for THIEVES and PIRATES? They can GET STUFFED

Henry Wertz 1
Gold badge

My guess?

My guess? People that buy second-hand computers at pawn shops, etc., that just have Windows on them from wherever, have this tendency to go non-genuine -- they don't usually do a reinstall AFAIK, just try to clean the system up into appearing to be a more or less fresh install state. You know, the only legal way (per the license, unless you have some enterprise agreement) of reinstalling Windows is from the ORIGINAL MEDIA, not like "Oh, I have this OEM disk that works on all Dells", not a slipstream. Stupid but true, and makes me glad I don't deal with Windows installs. In some cases, I'd guess the machine has a 7 license but the improper install media was used; in some cases, since NOBODY wants Vista it probably got a pirated copy of 7 installed over Vista; in other cases, probably it is valid but Microsoft falsely says it isn't (look online, this happens plenty!)

So, Dell, HP, etc. will make some deal where Microsoft will offer you Windows 10 for like 10% off or whatever.

1
0

Wrestling with Microsoft's Nano Server preview

Henry Wertz 1
Gold badge

"What was it?? Linux in 8MB? or was that 4.... Worked quite well in 1998 - including X window and software development, with a mail server and DNS even."

Not 4. I ran Linux on a 4MB system, and X + xterm was enough to soak it. To be honest, 8MB was pretty minimal once you were using X. (X was known even in the 1980s for it's "extreme" hardware requirement of needing 8-16MB of RAM to run decently.)

Anyway... if I were Microsoft, I would make the MSI installer service an installable/deinstallable package. You install MSI, install whatever, then deinstall MSI (so you don't have to worry about potential bloat and security implications of having an installer present.) I really can't understand not having some kind of local command prompt either. I would bet the reason there is no GUI at all (even a screen with a command prompt) is that they found a massive wad of interdependent spaghetti code, have no possible chance to seperate it, and to get the size down they had to rip out the whole enchilada.

It'll be interesting to see if they get this to some kind of reasonably useable state, it'll certainly be better from a security standpoint than the status quo.

1
0

IN YOUR FACE, Linux and Apple fans! Oculus is Windows-only for now

Henry Wertz 1
Gold badge

Does anyone know what's going on?

Does anyone know what's going on here? I mean, if the video card is doing the 3D rendering work, and sending the result (via HDMI) to the Occulus, why does it need *2* USB3 ports - this is a lot of data! I wouldn't think motion and position info would push, well, even a USB1 port honestly. If the textures and triangles are being sent to the Occulus to render there, why the powerful video card requirement? I was thinking maybe power, but then why the requirement for USB3 instead of just two USB ports? If the work is truly being split, then how do you think this is being done -- every other line, left/right half, card and Occulus doing every other frame? Just curious.

BTW, if the work's being split that's probably why there are no OSX or Linux drivers. I know Linux *does* support this kind of usage -- recently - but a) Since it's recent support, I don't know if it's got a reasonably good design, or if it's some kind of sloppy kludge that got the existing configurations to work. b) nvidia driver, at least, bypasses a portion of the Xorg internals -- which is not necesarily a bad thing, nvidia's implementation is fast and well-behaved.. but it does mean it's possible Xorg supports splitting OpenGL up between cards in the way the Rift needs, but the nvidia driver bypasses the part of the stack that suports this (and the "nv" driver probably doesn't support new enough cards.)

6
0

Back to the Future: the internet of things as imagined in 1985

Henry Wertz 1
Gold badge

What about the oven?

"The Wallflower attaches to your stove - either direct to the plug in the case of an electric stove, or on the gas pipe with a gas oven. Very simply, if it detects that you - or, more accurately, your phone - are not near the stove it sends an alert. If you don't respond in a set time, it turns the stove off."

Don't your stoves have ovens in them? Just saying, I wouldn't want to leave the house with the stove going probably, but leaving with a roast or turkey going in the oven? Sure. Also (per the photo) WHY THE HELL IS IT SO BIG?!? 8-)

Oh, I actually think the light switch thingy is rather clever -- placing a plate on top of the existing, working light switches, seems a bit of a kludge, but way more appealing than rewiring the house to replace what are after all working light switches. $60 is a bit steep for it though.

0
0

That DRM support in Firefox you never asked for? It's here

Henry Wertz 1
Gold badge

Product returns galore!

"They'll own the playback equipment, but like I said there are ways to prevent tampering: one-way suicide switches, epoxy blocks, lead shields to block x-raying, and so on. A prominent label with bold letters saying, "DO NOT OPEN! THIS DEVICE WILL STOP FUNCTIONING!" should server as adequate warning."

Some devices already say "no user serviceable components inside", and it doesn't slow down anyone wanting to mod it. For something like a 4K Blueray player?

a) Sony might put killswitches and crap in thier players. But the Chinese makers are interested in sales to customers, I think stuff that just lowers the reliability of the finished product will not go in.

b) I expect Best Buy etc. to just start getting many, MANY returns until the vendors stop putting this kind of thing in. If I put a soldering iron or some voltage to the wrong point and zapped some hardware? That's on me. If I turn a screw out one turn and a device self-destructs? That's on the vendor and they are getting a product return.

2
0
Henry Wertz 1
Gold badge

DRM problems

"I'm still not a fan of DRM, but its more for where it can go wrong as opposed to some philosophical opposition. DRM can fail or malfunction, locking out a customer who has purchased access to content. But at least there, in theory, there is recourse and you can get access restored"

Or is there? I've seen no indication of recourse, when the DRM fails (NOT if!) you are simply screwed.

MLB (Major League Baseball) has already gone through this, where they charged big bucks for people to "own" some older baseball games -- these were downloaded but required access to a rights restriction server to view. They shut down the rights restriction server like a year or two later -- that was it, thanks for the wads of cash customers, you can sit on it and spin! They did not receive new non-DRM copies or DRM copies using a newer rights restrictions server. Microsoft has done the same thing, shutting down an older rights restriction system with no recourse to the purchasers.

If I get anything that is supposedly rights restricted, I make sure the DRM is cracked first and make a clean copy. People WILL be screwed out of the use of their own purchases sooner or later otherwise. These are multi-billion dollar companies that said "we can't be bothered to leave a computer plugged in" after just a year or two... others have gone out of business (screwing customers out of use of their videos or music), or have used DRM systems that are no longer supported (so they get files infested with "Windows xx"-specific-DRM, then get "Windows xx+1" -- or even better, Linux or a Mac -- and find out the DRM is not supported, never will be supported, and no, their files will NOT be re-issued in a newer DRM system. Or they'll be re-issued but the company thinks they'll pay a second time for the stuff they already bought.)

2
0

Reader suggestion: Using HDFS as generic iSCSI storage

Henry Wertz 1
Gold badge

Seems reasonable to me

Stevel's comments might be a real problem -- in particular, overwriting blocks within an existing file might be something a lot of software expects to be able to do. And, in particular, if you have disk images served via iscsi I would think this software would be particularly likely to want to scribble into either a disk image or a differences file.

Otherwise, I think this sounds quite reasonable -- why spend the huge bucks on specialized SAN hardware when this will do the same thing? The one reason ordinarilly would be stability but a) HDFS is proven software with known stability. b) SAN vendors have flubbed it now and then too.

0
0

Lies, damn lies and election polls: Why GE2015 pundits fluffed the numbers so badly

Henry Wertz 1
Gold badge

Banks were just greedy and incompetent

"That's probably the most concise summary of what went wrong with banks - you just have to add that, unlike pollsters, they are not seeking to correct that as we bailed them out instead."

Well, with the banks it was and is sheer greed. For example, with CDS (Credit Default Swaps) -- the person who originally designed the modern CDS flat out told the banks they were using them wrong and would lose their shirts eventually.

With a CDS, a bunch of loans and mortgages are clumped into this security, the seller sells it off, and receives a monthly payment from the buyer. In return, the seller will pay the buyer IN FULL for any loans within the CDS that are defaulted on (i.e. whoever made the loan stops paying it off). The developer of the modern CDS flat-out TOLD the banks that a CDS with, say, 10% default rate over 100 years, that it's not going to be 1/100th the defaults per year but rather much lower defaults most years and much much higher other years, that the defaults would come in big clumps. Well, the first bank he worked at eventually fired him for being a buzzkill, raked in cash for a few years, then when EXACTLY what he said would happen happened, they then lied and claimed they'd had NO WARNING this could possibly happen; and instead of letting the incompetent banks go bankrupt and moving their bank accounts to competent banks (plenty of banks DID NOT participate in this incompetence), the Feds wasted money bailing them out. You know what a few of these same banks are involved in now? CREDIT DEFAULT SWAPS, again!

0
3
Henry Wertz 1
Gold badge

US poll system is broken

Well, the US poll system is totally broken. Imagine how inaccurate your results would have been if the poll was conducted like "So, are you voting Conservative or Labour?" "No, I'm voting UKIP." "Oh, so undecided then eh?" That is the situation in the US. You would have ended up with a poll then claiming Conservatives and Labor at 50/50, and had polls off like 15 percentage points instead of just 3.

There have been elections where (at least on a local level) 3rd-party candidates have won an election but showed 0 in the polls (because of course, they only asked if they were voting Democrat or Republican, and would not even record any other choice), and numerous other cases where a 3rd-party candidate would get 15-20% or more of the vote but 0 in the polls. (Although typically 3rd party totals are closer to 5%.) The two times I've been polled, the first time the person simply admitted they had no choice for any 3rd party and hung up on me; the second poll the automated system said "dial 1 for republican, dial 2 for democrat, dial 9 for someone else" and then (when I dialed 9) said "your choice is invalid" and hung up. Usually if they don't simply fail to register a choice (making the poll invalid already) they follow this fantasy that 3rd-party voters are merely "undecided" and inaccurately record their choice as "undecided."

You then have people who (I don't understand this) based on seeing these invalid polls, think they are "throwing away" their vote if they vote for who they want, feeling forced to vote for a member of the main 2 parties even if they think both are a real piece of crap.

4
2

Microsoft enlists fat-piper Equinix to pump Office 365

Henry Wertz 1
Gold badge

Naming

"It seems to me that the 'Azure' brand is being attached to far too many things of dubious benefit."

(Not getting into the "dubious benefit".)

This is typical of Microsoft though. When .NET (the common runtime environment) was first released, they had planned to call their single sign-on service .NET, and had either released or planned to release Office .NET, Visual Studio .NET, Windows Server .NET, I think Exchange .NET... just off the top of my head. I think they were even planning to stick the ".NET" name onto DirectX somehow. Some marketing type at the company will decide to stick "name of the day" on all their products, later on they'll realize it's way the hell to confusing and stop. Apparently today the "name of the day" is Azure.

I have to admit, if hosted Office's performance characteristics make it tempting to get a dedicated connection to get decent performance, I'd probably instead conclude the performance isn't good enough and not use it rather than spend the big bucks on some direct line.

0
0

Pakistan URINE STORM: Google Maps chokes off user editing

Henry Wertz 1
Gold badge

How many edits do they get?

I just wonder, how many edits do they get that someone approving them can't keep up? I would have thought they would be able to just look at the "before" and "after", make sure it doesn't look like an Android pissing on an Apple, and approve it if it doesn't (i.e., not particularly time consuming.) But, maybe they get a huuuuuge number of edits, or it really is time-consuming to check each one?

1
8

Microsoft points PowerShell at Penguinistas

Henry Wertz 1
Gold badge

Keeping tools relevant

I'm with Thames on this, I think this is to make Windows admin's lives easier more than getting Linux admins to use Powershell. But from the description it looks like it does everything you'd manage deploying updates and software.

2
1

NSA spying is illegal? Then let's make it law, say Republicans

Henry Wertz 1
Gold badge

So politicians are failing to uphold their pledge

So here we have politicians that are failing to uphold their pledge to defend and protect the Constitution (these NSA programs are, after all, not only illegal but unconstitutional). Time to kick these guys out of office!

The big problem we have in the US is having effectively a one-party system... you have these Republicans that say they are all for freedom and doing whatever, while at the same time wanting a massive government to restrict people's freedoms (which they falsely call "balancing" them.) The Democrats say "unlike" the Republicans they are all for freedom, while in reality seeming to think the solution to any problem is additional government programs and regulation ("let's ban it!").. Of course, at the same time both parties want all this stuff that adds to the government debt, they simultaneously CLAIM they are all for reducing it and the debt is the other party's fault. At present a few like Ron Paul (who due to the broken political system runs as Republican even though he's clearly Libertarian) not only spoke out against laws like the Patriot Act but ACTUALLY VOTED AGAINST THEM... but most of these guys in both parties will speak out against laws like this but then WILL VOTE FOR THEM ANYWAY.

The root of the problem is the broken polling system -- political polls in the US ask if you're a Democrat or Republican... if you are a Libertarian, for example, the pollster will either hang up on you and fail to record a choice at all, or falsely record you as "undecided". Every poll I've seen (both results and getting polled) is inherently inaccurate in that it not only doesn't list any 3rd parties, it doesn't even have a choice of "3rd party" or "none of the above" or "other". So, we've got 2 mashed-together parties encompassing what SHOULD be AT LEAST a centrist party (the "central" republican/democrats), a "far right" party (the religious nut Republicans), tea party (tea party Republicans), some kind of Green party or the like for "far left" Democrats.

1
0

Tough admin forces hacker to STRIP to PANTS, LEAP to his DEATH

Henry Wertz 1
Gold badge

The Corn Field

In SecondLife, they sent people to The Corn Field. Of course, it's tricky to enforce proper behavior in SL programmatically, since it is open-ended, people are expected to be able to create objects and deploy them, full physics engine, scripting language, etc. But if someone trolled hard enough, or was actually using hacks, or whatever, they'd get reported.

They apparently had problems in particular with several people that LOVED to troll severely. But if they banned their account for 2 weeks or whatever OR permanently apparently they'd just make a new account, rinse and repeat. What they did instead was build an island with nothing but a corn field, a TV in some corner of the island (which was playing a 30 second or so loop, no channel selector) and a tractor (which didn't work.) They'd stick the troll there for 2 weeks, with teleporting disabled, no ability to create objects, and nothing on the island to interact with. Apparently, since the character was stranded but not actually banned, this worked psychologically so the troll would not make a new account again. They'd try to escape, create objects from scratch, create stuff from their inventory, interact with objects, whatever hacks they had, and so on, for a few days to no effect... then simply wait it out. I remember reading one did succeed in burning down the (supposedly inert) cornfield using some hack, the Lindens just reset the island to factory settings (and probably studied the hack so it'd be ineffective in the future.) My recollection was one troll quit, and the rest actually decided they should behave and at least reduced their trolling to tolerable levels.

3
0

HORDES OF CLING-ONS menace UK.gov IT estate as special WinXP support ends

Henry Wertz 1
Gold badge

Real requirements, and WebPOS?

"A lot of the hardware is so antiquated that it struggles to run Windows XP. A lot of the machines are 32-bit Dell desktops made around 15 years ago, with only 2 GB of RAM"

2GB? You're kidding right? That's plenty of RAM to *not* "struggle" to run XP, and plenty for Windows 7 or 8 too AFAIK. That said, they've probably got systems with like 512MB or even 256MB, that'll be the problem systems.

If I were these guys, I would just do the registry entry (google it) to get updates for "Windows POSReady 2009" -- voila! -- since they were still selling, basically, Windows XP up through 2009, they are roped into providing Windows XP updates through 2019.

1
0

Why don't you rent your electronic wireless doorlock, asks man selling doorlocks

Henry Wertz 1
Gold badge

Hype and usefulness

"The problem is that, even with much hype and excitement around things like the Nest thermostat and the Sonos multi-room wireless speakers..."

Well, that's the nature of hype. Those who hype the products think everybody will be just BEGGING to get the products they are hyping if they REALLY understood how they worked, or whatever. Sometimes others really DON'T understand the new product, other times they understand it very well and are simply not interested. (Note by "Those who hype the products", I don't mean just salesmen or people working for the company... there are almost always some... lets say very enthusiastic customers.. also known as fanbois depending on how big a fan they are.)

A) No, I'm not going to rent my door lock and thermostat. I mean, come on!

B) The suggested terms aren't even that good. $50 a month for $800 in gear? The cell cos here (which are widely considered a rip-off) seem to be perfectly happy to take $30 a month over a 2 year term, for a $700 device (that'd make it $33.33 a month for an $800 device.)

C) The very same people who can't save up $800 for a Nest, and a fancy doorlock, and the other thing, are also not going to want to pay up $50 a month either. They may also not have a smartphone to control it anyway (I thought nearly everyone did, but the place I work now -- which is not high paying -- the number of flip phones is absolutely shocking).

D) I think most people are not buying this stuff because they don't have a use for it. These guys have deluded themselves into thinking they've created new markets, when in reality they have come up with (sometimes better) ways to do things that people just weren't doing that much to begin with.

For example... I have zero interest in multi-room speakers (if I want to hear something from the bathroom or kitchen I can just turn it up a bit.) People have been able to run some speaker wire room-to-room since the beginning of time (as it were) or use short-range FM... and people don't do it much that way either.

I have light switches to control my lights; the Hue light might be a fair replacement for anyone who is using tinted bulbs and mood lighting but I've seen very few people do that either.

I have no idea why I'd want a remote-control thermostat. Mostly, people just turn the heat down or A/C up (i.e. less run time) when they go on vacation, and have programmability for when they are there. (Personally, I just have a dial thermostat.) I simply can't see spending the kind of money these cost just to be able to pre-heat or pre-cool the house if I was coming back from vacation. Or renting it.

And, finally, I don't have a garage door. To be honest, a phone-controlled garage door opener probably is a genuine improvement over one that requires a proprietary remote as most do. But, it depends on cost... if the phone-controlled one is so much more expensive I could lose and replace my proprietary remote a dozen times, it kind of negates the advantage.

1
0

JavaScript CPU cache snooper tells crooks EVERYTHING you do online

Henry Wertz 1
Gold badge

How does this work?

First off, I'm very surprised that Javascript could run deterministically enough to be able to be useful for this.

That said, OK, so it can determine that a key was pressed. How could it possibly determine WHICH key was pressed? If one was (for instance) typing information into a form, wouldn't the computer get a very small delay from a keystroke, and take the same length of time to process the keystroke whether the user pressed any [a-z,A-Z,0-9]? (I specify letters and numbers because naturally tab or F1 for example would do something different.)

4
0

HP wag has last laugh at US prez wannabe with carlyfiorina.org snatch

Henry Wertz 1
Gold badge

Yes a big deal

"big deal. it was a merger of two huge companies and why would you keep people that have multiplicative roles."

But: a) Carly pushed the Compaq/HP merger to begin with -- it's not like it had already happened, was in progress, or was planned when she took over. Quite a few didn't consider it to be that good of a deal. And honestly, HP wasted the DEC Alpha (along with their own PA-RISC), so really I'm not sure they did gain that much from it.

b) She didn't cut just duplicated jobs, she cut whatever. See the post somewhere above where she cut a division that was profitable, and had more profitable shipments booked up in the future.

c) She seriously thought she could cut R&D (using entirely the same off-the-shelf hardware you could get from literally any vendor) and cut US-based phone support (UK-based for UK I assume) in favor of the same India call centers every other vendor are using, but if she marketed JUST RIGHT she could get customers (or "consumers" in CEO-speak) to view HP as somehow still above the other vendors even though at that point there would have been nothing to differentiate them.

4
0
Henry Wertz 1
Gold badge

Yeah I don't get it either

I don't get it either... why are people impressed that someone was a CEO? Would I be impressed if someone was a CEO? Well, yeah, if they did a good job. And, that doesn't necessarily mean lead the company to more and more growth -- sometimes the market is bad and the best a CEO may be able to do is stem the losses.

But, for some reason, many people are enamoured with CEOs even when they proved to be quite incompetent. I'm always amazed at the CEOs that will be shuffled from one failed company to another; the fact that these companies go from possibly stagnant but stable to failed after they are running it for a year or two doesn't seem to phase the next company, it's like "They've been CEO of 5 companies, that means they are EXPEREINCED!" Yeah.

2
0

Security bods gagged using DMCA on eve of wireless key vuln reveal

Henry Wertz 1
Gold badge

A few points

"When did IOActive formally advise the vendor of the flaw - I do believe that there is such a thing as a "reasonable" period of time to adress the flaw....

If IOActive told them about it in February, that would be reasonable notice and the DMCA threat means nowt.

If IOActive told them about the threat a week ago, IOActive can get stuffed."

A) The "reasonable period of time" thing is a courtesy, not any sort of legal requirement. I do agree with the sentiment that the vendor should get some time (like a month at least) to respond. But, the flip side of that, some vendors response to advance notice is to try to gag the information from coming out (like this vendor is doing) and then not fix the flaw at all (will the vendor also do this?) I contend the advance notice is to give vendors time to fix the flaw, and vendors whose response is to gag information rather than fix the flaw are a bad actor and do not deserve advance notice at all. (I think this also applies to vendors who just fix flaws in the next version of their software, months or years later (usually a paid update), with no disclosure.) I don't know if the vendor here is in this "bad actor" category but it would not at al surprise me.

B) Given the general state of the SCADA industry, this is probably NOT some subtle flaw they didn't already know about, it's probably a real boner like "if you skip authenticaton the SCADA lets you send it commands anyway" or "no sanity checks whatsoever are run on input to the system" or some such thing.

C) DMCA is a *copyright* law, DMCA simply does not apply

7
0
Henry Wertz 1
Gold badge

Counternotification and charges?

So, if the DMCA was used incorrectly (which, it certainly sounds like it was), one is allowed to file a counternotification indicating the notification was inaccurate. It's also illegal under the DMCA to file false DMCA notifications (which this sounds like it was), and the DMCA allows for damages to be collected for this. The trick is, last I heard NOBODY had ever used the "false notifications are illegal" clause to nail someone to the wall for it -- now's your chance!

6
0

New Windows 10 will STAGGER to its feet, says Microsoft OS veep

Henry Wertz 1
Gold badge

"Actually ever since Vista the horsepower required to run each successive Windows version has gone down! Mainly because they were moving from PC to Tablet as the device it would be running on so it had to be much lighter."

Actually, the requirement's gone down because Vista was a bloated disaster, and Microsoft has optimized some of the very sub-optimal code that went into it since then.

8
0

Microsoft cuts Facebook Messenger, Google Talk from Outlook.com

Henry Wertz 1
Gold badge

Not supporting industry standards

"The company cited Google’s move to Hangouts – which replaces Google Talk and doesn’t support the extensible messaging and presence protocol (XMPP), an open-source protocol used in Jabber."

Of course, Microsoft has used proprietary wire protocols rather gratuitously and extensively through their history (and would kind of whine when Google and Apple didn't hop to it quickly enough to support one, when it was in Microsoft's interest.) But, it's a bit worse on Google's part to switch FROM a standard protocol to non-standard (and won't even maintain XMPP for interoperability apparently.)

0
0

Google reveals bug Microsoft says is mere gnat

Henry Wertz 1
Gold badge

Full disclosure FTW

"My bet is that Google will drop this plan sooner or later; and the sooner it is, the least they will cover themselves with ridicule."

Ridicule for what? 90 days is PLENTY of time for a vendor to at least say "Hey, we are working on it." Certain vendors *cough* Microsoft *cough* may PREFER to just have people sit on vulnerabilities forever so they can just pretend they don't exist and not fix them (and yes, Microsoft, this IS a security vulnerability!) but it is really better for the public to know there are holes their vendor is not bothering to patch, than to only find out when their systems are pwned (the blackhats WILL already know about these vulns after all.) Full disclosure FTW.

0
1

Quid-A-Day Nosh Posse chap in 'desperate' cash shortage

Henry Wertz 1
Gold badge

Cheers to those who've tried this

Not that I want to lessen the impact of people's trying the quid-a-day challenge.. but a lot of areas do not HAVE room for a garden, and are a cement desert where there are unlikely to be any edible weeds to scavenge (if there are any weeds at all, perhaps there'd be enough to have one serving of salad.) Just saying.

I hate to say it, but I'm sure not going to try it -- the local stores? This city seems to have abnormally high prices, I'll hear radio ads for stores (in other towns, like 50 miles away) discounting stuff 50% or more, only to find locally the discounts are more like 10%, if that (and for that matter, normal prices here seem about 25% higher than "normal" too.) For some reason, people locally seem to be willing to pay full price for older pastries, bread, and so on, when there are "fresh" ones right next to it; the local stores will move this stuff in a clearance section but not discount it so much as a single penny as near as I can tell. No local store allows any of the "creative" uses of coupons couponers use, strictly one coupon per item. They seem to favor carrying tiny, overpriced containers of spices (VERY overpriced, other than salt and pepper they typically have like a 1 ounce container for about $5), I bet spices alone could amount to not pennies but like $1 a week, since rice, beans, etc. would need some nice spicing. Finally, the practical matter, my work involves physical labor for 8 hours, so I couldn't play this game of "Oh, well, maybe I only need like 1000 calories a day." I'd probably pass out if I tried it. Cheers to everyone trying this!

0
1

Not pro-Bono: Russian MP wants Apple to face stiff action for cramming 'gay' U2 into iCrevices

Henry Wertz 1
Gold badge

U2? Bleh. Russia's law? Also bleh.

Honestly, that cover does look just a bit gay. But not much. Of course, Putin seems to *love* having shirtless photos taken of himself. Russia's law is absurd, and this is an absurd application of the law. That said, I don't like U2 at all and would *STRONGLY* object to having anything of theirs shoved onto my device. But, I like to have control of my devices, therefore I never buy an Apple product.

4
0

Inside the guts of Nano Server, Microsoft's tiny new Cloud OS

Henry Wertz 1
Gold badge

Seems like a good idea to me.

First off... I am no Windows fan, but think this is an interesting move on their part, and I hope they have good success developing a stripped Windows. The biggest problem Windows has had is the layer after layer of congealed together, interdependent, bloated cruft; more recently, .NET and so on kind of "sits on top" so a lot of the cruft is not even necessary. This sounds like it strips it right out.

"A good deal of commercial applications require a GUI to install."

Yep, the article says right now the "install method" is to just copy files into the install image. They'll have to work on this. Most Windows installers really just ask a question or two (which can be automated for automated installs) and show a progress bar, so I can't see any reason why these can't be made to work without GUI (to be honest, I assumed they already could work without GUI -- if some MSIs get pushed onto your WIndows box by the administrator, it really pops up Windows randomly while it does it's thing?...)

" Yes Server Core has been around for how long... but we all know the rule, 'If it ain't broke don't fix it'. MS will have a hard job ahead getting every application converted to this model (if at all)."

Except, this core still had way WAY more cruft than Nano, much of which is really not needed for a server. I think Nano is taking the general concept of Server Core and going way beyond it.

"The everything remote mantra will probably work for MS shops. Those who run SQLServer, Exchange, Biztalk and the like but there are a whole raft of products out there that just won't install without a GUI running on the box."

Well, there's plenty of setups (both Windows and otherwise) where someone deploys (usually a VM these days), it runs some services. They script updates, software installs, software replacements, configuration changes, and so on, either "roll your own" or using something like Puppet -- a GUI is actually a hindrance in this case.

But, I think if the goals of Nano come to fruition, it could still be useful for your scenario where you need a GUI (although Server Core does allow removing some items) -- you could have the GUI, but (unless you want it) no print support, no scanner support, no fax support, no dialup networking, no wifi support, no DirectX support, and so on; exploits in these subsystems cannot be exploited if they don't even exist on your install.

1
0

Apple Watch WRISTJOB SHORTAGE: It's down to BAD VIBES

Henry Wertz 1
Gold badge

Upgrades?

A) Non-replaceable batteries are STUPID.

B) That said, I was a bit amused to read ifixit's determination the watch is non-upgradeable.... I must admit, I don't expect my watch (if I still had one) to be upgradeable 8-)

0
0

Forums