Feeds

* Posts by Tom 38

2385 posts • joined 21 Jul 2009

Look inside ELON MUSK'S CAR! Tesla S wundervehicle has voom

Tom 38
Silver badge

Re: Superchargers Free!

For everyone in the UK to change to an electric car within one year, we would need to build more lithium ion batteries than have ever been made since they were invented.

Math:

Registered vehicles in the UK: 3.5x10^7 vehicles

Li-ion cells in each Tesla S: 7x10^3 cells

Worldwide Li-ion production: 6.6*10^8 cells

Years of current worldwide Li-ion production to equip UK with enough cells for cars: 371

Li-ion powered cars: for the rich only. Being smug about "saving the environment" whilst you use 10000 times the resources of the next guy to get to work - priceless.

4
2

Thanks for nothing, OpenSSL, grumbles stonewalled De Raadt

Tom 38
Silver badge

Re: So....

Interesting -- may we have a reference?

Sure:

openbsd.tech

You are welcome. Stuart Henderson wrote the draft, but he forgot that part, and Damien Miller and I realized it was needed. We sensed there might be some ambiguity... we'll take care the next time an OpenOffice problem also.

... as long as you aren't using FreeBSD or a derivative (hint: Jupiper), you are fine. That's the only place I know of an OpenSSH hole.

Oh now I sense some angst. Please ask Kirk McKusick, he knows the story about why this is not being disclosed to FreeBSD. Sometimes I feel a bit sorry for them (and for him), but then the next minute I don't feel sorry because there's damn good reasons they won't be told about what I found.

2
0
Tom 38
Silver badge

Re: So....

What is ironic is that de Raadt does exactly the same thing with OpenSSH, which is his project. He has explicitly said that any security bugs in OpenSSH, he will not report it to the FreeBSD project, because someone once made him cry.

Act like a kid, get treated like a kid.

11
2

Google reaches into own silicon brain to slash electricity bill

Tom 38
Silver badge

Re: All good stuff

Especially as in a DC, power is your biggest cost. If your devices use less power, then they generate less heat. If they generate less heat, you can pack more of them in per rack. If you can pack more in per rack, you can have more devices in the DC period, and the cost of hosting is reduced.

I'm sure google have well specified DCs, but we often can't fill our rack because our DC provider can't* sell us more power, because they are near their cooling limit. If we used less power, we could have more per-rack, and we would need less racks/have more servers.

* Of course they can give us more current, but it is exponentially expensive, to the point where filling a rack (using say 22A) is almost as expensive as taking another whole 13A rack.

2
0

Game of Thrones scribe George R R Martin will KILL YOU for US$20K

Tom 38
Silver badge

1) Find $20k

2) Change name to "Ned Stark"

3) ....

4) PROFIT?

4
0

Marc Andreessen: Edward Snowden is a 'textbook traitor'

Tom 38
Silver badge

Re: get over it!

Crikey, you Americans and your constitution and bill of rights. The NSA is the "Department of Breaking The Law When We Think We Need To", and you are surprised that they break more laws than the ones you wanted them to break?

9
0

Londoners urged to cut landlines and take up wireless broadband

Tom 38
Silver badge

"The voice service probably only accounts for a few pence or a quid at most"

In which case I'd rather have the few pence.

My ISP provides FTTP and also provides my home phone line, if I want one. If I take the phone line, it costs me £10 a month extra. If I don't take the phone line, it costs me £12.50 a month extra.

0
0

DevOps is actually a thing – and people are willing to pay for it

Tom 38
Silver badge

Re: CI != Code Review?

Except when the client or management say that it HAS to be patched up and out the door for the trade show or that there's no more money left and we have to go with what we've got (plus a little unpaid overtime).

Yes, every two weeks we re-evaluate everything we are doing to determine whether it is still worth doing more work to that for the business (not us). We tell the business how long it takes to deliver quality, so if we haven't got enough time to deliver quality, either we've been slow or we're bad at estimating.

Given we are only estimating tasks that take less than 2 weeks, you really can't be that far out. And if the feature you're working on was scored for "2 days work" (thats not how we score things), and it takes 10 and is still not done, then you either didn't get enough details from the project owner (hence his fault - the job of the project owner is to give well specified tasks to the team), or the task is overly complex and should be re-evaluated anyway.

Before you move to a scheme like this, you have to have buy-in from all the key stakeholders , so that when that trade show rolls around, you can easily say "No. This was not agreed on. If you want us to work on things, you have to present it through the project owner who will prioritize your requests alongside everyone elses.".

I've happily said this to C-level execs, they agreed this working model. This shifts the discussion about whether you do something away from your team; it's then a business decision, and they can horse-trade all they like in order to change what you do *next* sprint - no-one can change what you do *this* sprint.

1
0
Tom 38
Silver badge

Re: CI != Code Review?

CI != "automatically push to live"

CI is having processes in place such that you can be confident that you can always push to live without breaking things.

We do things on a 2 week sprint cycle, which means every task, change request or feature we do must be fully complete, tested and deployable by the end of those nine days (or it gets re-scored for the next sprint).

Once the sprint is complete, on the tenth day we demo the completed tasks to the commercial team, the maintenance team and then release to live.

During the sprint, the maintenance team will make as many maintenance releases they need, all also underpinned by CI - or they might kick things back to us if we broke them in the previous release.

0
0

Linux users at risk as ANOTHER critical GnuTLS bug found

Tom 38
Silver badge

Re: Open source - crap code

Rich, what you don't realise is that most code in the world isn't just crap, its real crap. Code that no-one ever has to show to anyone is the crappest code of all.

The point of OSS is that you, yes YOU, can look at the code and determine if it is crap or not. GnuTLS has long been known to be crap.

7
1

Feds hunt 30-year-old alleged to be lord of Gameover botnet

Tom 38
Silver badge

1) Feds have taken control of the botnet's C&C servers

2) The botnet is currently idle, as no instructions are being sent from C&C servers

3) It will only take approximately two weeks for the botnet owner to setup new C&C servers and 're-capture' the botnet.

4) Now the feds just have control of former C&C servers.

So you have 2 weeks of your computer not being abused to disinfect it, before it will once again become part of an active botnet.

4
1

100% driverless Wonka-wagon toy cars? Oh Google, you're having a laugh

Tom 38
Silver badge

Re: Some things over-exaggerated.

Industrial robots aren't cheap either, but Foxconn's finding them cheaper than minimum-wage assembly line workers.

That would be the "Replacing 100s of cheap skinjob with an expensive machine is good business" clause then...

0
0
Tom 38
Silver badge

Re: Some things over-exaggerated.

Some things have been exaggerated all over - automated cars won't replace pizza delivery guys because pizza delivery guys are cheap and automated cars are not.

Replacing 100s of cheap skinjob with an expensive machine is good business, replacing one cheap skinjob with one expensive machine is not.

3
0
Tom 38
Silver badge

Re: Nice idea

In theory, and in practice, the tube could be fully automated - the DLR already is. The reason it is not is not technical, it is political.

5
0

FORGET OUR PAST, 12,000 Europeans implore Google

Tom 38
Silver badge

Re: Confused

No, I didn't think these would require a jury. I also don't have such a jaded and hopelessly cynical view as you on our courts, which are independent and whose judgements are accountable, and can be appealed to higher courts with multiple judges.

0
1
Tom 38
Silver badge

Re: This is like

Bollocks.

When Russia or China do something like this, it is the State determining what content is available. This is individuals being given the ability to correct incorrect information held about them in a database by a company, and is in fact a right we in the real free world have had for a long time.

The only really interesting thing about it is that Google had to be forced to recognise firstly that it does in fact operate in the EU, and maintains databases of personal information. There is no new right, there is Google crying because it has to follow the law.

0
4
Tom 38
Silver badge

Re: Confused

You're not a little confused, you're a lot confused.

Peter Sutcliffe cannot have his past forgotten because it is still relevant. He can apply to Google to have his past forgotten, Google can say "Fuck off and get a court order", and the court will simply say "Fuck off".

The recent court judgement says that when the court does order Google to remove invalid or out of date data from their database, Google must do so. Google's argument seems to be "bwaah! don't wanna!"

To clarify, the information is in Google's database, which is the link between the keywords searched for, and the resources found for those keywords. This judgement is that where a court has ruled that the resources contain invalid or our of date data that contravenes someone's right to privacy, then Google must not link certain keywords to certain resources.

The purpose of the court is to judge the relative merits of the individual's right to privacy and Google's rights, and Google do not have to do anything until a court has ordered them to. Google is upset because they don't want to do anything with courts at all.

Their solution is to they hire a raft of PR guys to spin this story as much as possible to confuse people in to thinking that this means people like Peter Sutcliffe can be erased from the internet. This form and the 12,000 "requests" that it has received are solely designed to give Google's PR people a story that they can spin to newspapers and confuse people further.

So far, they have had to remove one link to one article, containing out-dated financial information, when you search for one guys name, so that the guy can stop having it included in his credit score. That is it.

Poor google, how will they cope.

0
2

YOSEMITE GLAM: Apple unveils gussied up OS X

Tom 38
Silver badge
Linux

Re: Sync?

Pfft, this isn't the 90s, the Linux users are the trendy hipsters.

5
5

Rap chap tapped for $3 BEELLION: Apple buys Dr Dre's Beats

Tom 38
Silver badge

Re: WTF?

As for music streaming.... surely the geeks employed by Appfelsaft could have aye Tunes do this...hang on. Doesn't this exist already?

They've not bought it for the headphones, they've bought it for the streaming service.

They haven't bought the streaming service for its technology nor customers (although the latter helps). What they've mainly bought it for is to get access to contract terms that the music labels would give to Beats, Rhapsody and Spotify, but would not give to Apple.

5
0

Microsoft's 'CEO of no' on Xbox: NO SALE

Tom 38
Silver badge

Re: Name ONE successful (and profitable) Consumer Electronics item from MS!

Intellimouse.

Hey, I agree with you in principle, you should have said "name two succesful CE items from MS".

4
3
Tom 38
Silver badge

The sales track record of Windows ARM tablets is poor

FTFY.

4
2

Microsoft Cortana EULA contains the Greatest Disclaimer of ALL TIME

Tom 38
Silver badge

Re: I think Cortana was recently employed by the Premier League

Ah cool, I would never have figured out that was the gag the author was aiming for without your helpful assistance here. Could you explain the chicken-crossing-road joke again though, I still don't get it - something to do with the fact he is not on the other side at the moment!

0
0

Tens of thousands of 'Watch Dogs' pirates ENSLAVED by Bitcoin botmaster

Tom 38
Silver badge

Re: Re. trojan$

"Overheating GPUs can lead to premature failure as I found out, even as little as 10% over spec long term can make that GPU last say three years instead of four before it shows problems."

Nothing like a bit ok anecdotal evidence on a sample of 1 to prove your point.

He's only provided anecdotal evidence, but you are being a massive dick for not understanding that not only is he 100% absolutely right, but that that it is a well known fact that as you place higher voltages through an IC or use it at higher temperatures, the shorter a working life that IC will have.

However, a GPU will be sold to work at a certain spec for a certain period of time. It might be rated for 3 years warranty. Using it at 100% utilisation for 3 years should not mean it would stop working after 3 years, but it might mean that it stops working after 4 years instead of after 9 years with modest usage.

The charts on this page should make you understand: http://www.anandtech.com/show/2468/6

For more detailed info, this article was published in Spectrum:

http://spectrum.ieee.org/semiconductors/processors/transistor-aging/0

7
1

Congress guts law to restrict NSA spying, civil liberty groups appalled

Tom 38
Silver badge

Re: not with data mining.

But we all know data mining is far more effective at both targeting the bad guys and ignoring the salacious but irrelevant data that human interaction might detour towards.

We do? When did we find that out?

I thought we had established that mass data collection has stopped no attacks in the past 13 years, and that human intelligence and target surveillance has stopped many.

4
0
Tom 38
Silver badge

Re: Again, I ask the question

I expect them to do it with targeted monitoring and human intelligence, not with data mining.

10
1

Wolfenstein: The New Order ... BLAM-BLAM! That guard did Nazi that coming

Tom 38
Silver badge
Thumb Up

SHUT UP AND TAKE MY MONEY

0
0

Why are Fujitsu and Toshiba growing lettuce in semiconductor plants?

Tom 38
Silver badge

Re: revenue steam?

No, they are growing a special kind of lettuce that people hospitalized on special diets can eat. Presumably, the place the hospitals used to get that kind of lettuce charged more than 3 times normal price.

2
1
Tom 38
Silver badge

Apparently if they used a different herb in the same hydroponic grow rooms, they would pay for themselves quite quickly.

0
0

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

Tom 38
Silver badge

"Encrypted" passwords

Damn well hope my password wasn't encrypted, and was actually hashed.

It would have been more useful if they had said whether the passwords were salted or not. If my salted hashed password has been released, I'm totally "meh" about it, where as if my unsalted encrypted password has been released then I'm much more angry.

8
1

EE boffin: 5G will be the LAST WORD in mobe tech – literally

Tom 38
Silver badge

I was born with a hack that allows me to call people within 100m...

9
0

BRITS: Wanna know how late your train is? Now you can slurp straight from the source for free

Tom 38
Silver badge

Re: Good Thing (TM)

Trains aren't that shit to be honest. I spent 5 years commuting by train, for 4 hours a day. Occasionally something really unexpected happens, and you get stranded for 2-5 hours in the middle of nowhere - that happened to me just once.

Infrequently, the first branch service would not show up, because the train didn't end up in the right place the night before or overrunning engineering works. Branch services definitely aren't as reliable as main line services, but if your main line train is delayed, they'll often delay the departure of the branch line to compensate.

The only thing bad about the trains are the cost and the overcrowding. The former is only necessary due to the latter. Everyone tries to get on trains that arrive between 8 and 9 am, with later trains basically deserted.

I suspect that it is all rigged so that commuters all travel at the expensive time - there is no significant benefit to taking a later train if you travel most days, the season ticket is the same price. This then constrains the off-peak price, because if they lowered it too much, commuters would travel later and buy individual day tickets (which would, incidentally, solve those overcrowding issues on the trains and tube and lead to a more even flow of passengers throughout the day, but hey, less money, so lets nix that one).

Here's my list of desired features from the train companies:

1) Flexible season tickets - I want to buy a season ticket of 30, 60 or 90 non-consecutive days, especially as I am expected to work from home two days out of every five.

2) Flexible walk up pricing on non-peak trains - if the train is empty, it shouldn't cost you more than £1 to ride it.

3) When I give you £6000 for a years season ticket, and in return you give me a machine processable token to get through entry gates, then the token should be durable and resilient. A paper card with a magnetic strip that lasts 2 months tops (1 month if its also a tube travelcard) is not sufficient.

3a) Stop making me carry my photocard, embed it in the ticket

19
0

Achtung! Use maths to smash the German tank problem – and your rival

Tom 38
Silver badge

Re: Danger!

I get it perfectly well - the law says that when you accidentally give access to information to someone not authorized, you're not publishing the data, and when the unauthorized person access that data it is unauthorized access to a computer.

The law is a fucking ass. Putting something online is publishing, allowing someone access to data is authorizing them to access it. The law says that these things are not publishing nor authorization, and so the law is - obviously - wrong.

It does not matter that you did it accidentally - don't have bad processes.

It does not matter that the "someone" is an unidentified anonymous internet user - that is who you authorized to access it.

Businesses and courts don't like this because it made their lives difficult, so instead they made the law difficult. Much better to redefine what "published" and "authorized" mean in newspeak than to properly secure your data.

Anyway, the whole point of this was not about the vagaries of URL manipulation - TFA suggests you can infer information from your competitors, and indeed you very often can.

Just be wary when you realise you can extract a great deal of information from them and think about the legal implications before you fire up a script to capture all that lovely information - it might be illegal to retrieve the information they have "published" and "authorized" you to access, for the reasons listed above.

4
5
Tom 38
Silver badge

Re: Danger!

When you take data that is not available and make it available to people, it is called publishing.

If you accidentally publish and distribute 10,000 incorrect leaflets, it does not stop being publishing because it was a mistake.

4
4
Tom 38
Silver badge

Danger!

Your competitors' websites can be a valuable hunting ground.

Yes and no. Say your competitor has accidentally leaked 0.1% of their records on their homepage, and you notice that by clever manipulation of the URL you can make it also reveal the other 99.9% (0.1% at a time), should you then go on to extract their entire database?

Common sense says that they have published this data, the law commonly comes down on those who extract databases in this way - just ask weev.

1
7

Big data? Internet of things? Sport of Kings inches into high tech

Tom 38
Silver badge
WTF?

a permanent 2Gbit wireless network

A what?

0
0

Dogecoin off the leash after Doge Vault admits server attack

Tom 38
Silver badge

Re: Physical access

It's easy to get physical access when you're the guy paying the bill each month.

0
0
Tom 38
Silver badge

Re: I am shocked and appalled....

I am shocked and appalled....

...at the standard of grammer in this article!

Good job you don't mind the spelling mistakes.

1
0

WORLD LOSES MIND: Uber valued at TEN BEEELLION DOLLARS, Pinterest pegged at $5bn

Tom 38
Silver badge

Re: Worth $10 billion

ckm5: Show us on the doll where the cabbie touched you

6
3
Tom 38
Silver badge

Re: Get in Early

There are reasons why regulation of cabbies exist - it is not just a cabal to limit supply - and it is unclear that the business model of Uber et al go far enough to obviate the need for said regulation.

But no worries, as you said, its not Uber's fault, we just need to re-align our thinking to accept low/no background checks on our taxi drivers, and having 10 mobile phones on the dash is de rigueur these days and not at all distracting to the driver.

5
1

Boffins run iOS apps on Android hardware

Tom 38
Silver badge

Re: Stop gap

This isn't virtualisation, it's emulation. The linked PDF does explain:

While virtual machines (VMs) are useful for desktop and

server computers to run apps intended for one platform on

a different platform [36, 44], using them for smartphones

and tablets is problematic for at least two reasons.

[…]

To address these problems, we created Cider, an OS com-

patibility architecture

This is how FreeBSD's linux emulation works, the linux binary is linked to it's linux libraries, and a special rtld that maps any linux syscall (which would be handled by the linux kernel) to an equivalent BSD syscall.

For cider they have to do a bunch more work to make API stubs for iOS user-space libraries, but the premise is identical.

1
0
Tom 38
Silver badge

Re: "run **UNMODIFIED** foreign binaries"

like Intel dynamically recompiling ARM code on x86 Android

Not at all like that, because this isn't recompiling or translating opcodes or anything like that, it is simply a shim around syscalls - the same original instructions run, not different instructions inferred from the original instructions.

3
0

Game of Thrones written on brutal medieval word processor and OS

Tom 38
Silver badge

Peter Dinklage is an awesome actor, check out these flicks:

The Station Agent

Death at a Funeral (2007 UK version, not US remake, although he is in both)

1
0
Tom 38
Silver badge

Re: Word bad, raw text editor good

Eight Megs And Constantly Swapping

(another vim fan :)

0
0
Tom 38
Silver badge

Re: @Badvok

The 'age' of the characters is irrelevant, the book is set in a fantasy world where there are dragons and magic and shit, there is no reason why their years == our years.

Timing is weird in Westeros - a good definition of a year is the time passing between seasons until you return again to the same season, and it has been "summer" for (at least) the past "15 years", so how a Westeros Year is defined is unknown.

Arya is 9 at the start of the books, Jon Snow 15. Do either Maisie Williams (17) or Kit Harrington (27) look 9 or 15? By the end of book 5 (maybe equates to season 5/6), they should be 11 and 17.

My conclusion is that Westeros years are longer than Earth years.

2
1

Comcast exec says wired broadband customers should pay-as-they-go

Tom 38
Silver badge

Re: I hate the incorrect piracy warnings on DVD/BlueRay

Criminal copyright infringement is already criminal. There is such a thing as non-criminal copyright infringement, which, unsurprisingly, is not criminal.

0
0
Tom 38
Silver badge
Joke

It would be more efficient if they used a larger block size.

2
0
Tom 38
Silver badge

Re: Gouging

Actually, I've found the opposite. With my gigabit connection, my downloads go at 80+MB/s - thats megabytes, not bits - and as such, its very difficult to be constantly using my connection. 99% of the time these days, my connection is completely idle.

I would say that yes, possibly I download a little bit more than before - not much though, the majority of my downloads are automated, and haven't changed in quality nor quantity.

The main difference is that before my connection would have been utilised 20% of the time downloading things, now it is less than 1% of the time.

Really bad analogy with lots of holes: if you upgrade from a car that can drive to the shops and back in an hour to a car that can drive around the world in an hour then you might drive a little bit more than before, but you're not going to spend your time doing laps of the equator for the lulz.

You might however start going for coffee in Rome and the beach in Maui (think I've jumped the shark in this analogy now).

3
0

Surprise! Google chairman blasts EU's privacy ruling

Tom 38
Silver badge

Re: Forget-me-not

There is no right to be forgotten, there is the right to privacy (of the individual) and the contrasting right of free speech (of google). This judgement solely means that in circumstances where the two rights are in conflict, the court has the power to decide which right must be upheld, in that specific circumstance.

Google will not need an army of anything, since before anything will be forced to be removed by them, a court has first agreed.

6
2

Get cracking on STARTTLS says Facebook

Tom 38
Silver badge

Re: Hmm

However, for those using exclusively the likes of Hotmail, gMail, etc, encrypting in transit makes life that bit harder for spooks - they can't just dragnet them on the wire

If the email was encrypted in the users client, they still can't read it off the wire, so I'm not sure what your point is.

If they use a web-based client, their "client" is the web server servicing their requests, and all communication with that is SSL already (or should be). The "client" receives data over SSL, immediately encrypts it with the target users public keys, and stores a version encrypted with the senders public key (for sent mail).

Handling the decryption on the client side would require a piffly JS cryptography standard.

STARTTLS is popular with service providers because it gives point-to-point security whilst still allowing the service provider to do whatever they like with your cleartext - the poacher is telling the gamekeeper how to fix his fences.

We spend billions on making sure Joe Sixer can watch DRM'd HQ cat videos in his browser without the chance of Joe being so evil as recording it, but we cant spend 1% of that to properly fix email security...

0
0

Convergence as a new new thing

Tom 38
Silver badge

Good article, however:

If you have a pair of virtual servers on a particular host and they need to communicate with each other, they do so via the hypervisor's on-board virtual switch: the traffic doesn't ever even hit the LAN switch underneath. By cutting out a number of layers

that's a bad example, as it isn't cutting out the layers, they hypervisor's virtual switch operates at level 4 (transport), and since the nodes are actually on the same machine, there is never a need to drop to level 3 (network). This is just ISO-OSI as it was originally envisioned - can you do what you need to do at this layer? "Yes - go do it" or "No - call a lower layer".

0
0