123 posts • joined Wednesday 16th May 2007 18:52 GMT
TLS needs to be fixed first
TLS/SSL needs to be fixed before making it mandatory, otherwise it's just more security theater.
The NSA can simply order a CA to issue them certificates suitable for man-in-the-middle attacks, or they can order a website operator to disclose their private key, as they did with Lavabit. Given that most TLS cipher suites do not provide perfect forward secrecy, this means they can easily retroactively decrypt your communications.
The question is, what value does Intel really bring to the table? It sounds more like Brian Krzanich cleaning house and divesting himself of a money sink on one side, and Verizon on the other hand making an acqui-hire:
I wouldn't be too hard on Fastmail. IMAP is a spectacularly poorly-specified protocol, and it doesn't help when some like GMail implement it in an even more spectacularly crackpot way. It was a fairly plausible assumption that changes in Mavericks Mail.app's IMAP implementation was causing problems.
Re: Android @Version 1.0
Within living memory, J Edgar Hoover tried to blackmail Martin Luther King into committing suicide, by threatening to expose MLK's extramarital affairs.
No one can be entrusted with this unfettered power, unless we want our democracy to turn into a Putinesque siloviki state.
Re: Good thing I live in the USA!
The US has a total area and population comparable to the EU. The whole point of the Single Market is to make intra-European commerce as streamlined as the US so it can gain similar economies of scale. Of course, language barriers won't go away any time soon, but telecoms and financial networks need to be made geography-neutral for that vision to be achieved.
Quash it, don't pardon it
A pardon implies admission of guilt by the pardoned. Turing did nothing wrong to begin with, it's the law itself which was wrong. A pardon would semi-legitimize the law by implication. In France, for instance, Captain Dreyfus was pardoned in 1899 as a matter of expediency to free him from prison, until his conviction could be quashed in 1906. Accepting the pardon implied admission of guilt, and he only did it because he was exhausted by 4 years of hard labor. In the case of Turing, there is no such practical or humanitarian consideration, and thus the principled thing to do is to wait until the conviction itself is overturned.
The proper course of action would be to abrogate the law he was convicted under, with retroactive effect, and cancel his conviction. Not sure how that would work in UK law, in the US the law would be found unconstitutional by the Supreme Court and any convictions under it vacated.
Re: Was this news?
If a tinpot dictatorship like Iran does this regularly (google "comodo iran" for more details), you can rest assured our benevolent voyeurs do so as well.
Better done at the OS level
The semantics of block devices are not rich enough for them to do a good job of caching. This is better done at the OS' filesystem layer, as with ZFS' logzilla/cachezilla hybrid storage pool approach, Apple's Fusion or Microsoft's ReadyBoost.
Given the dismal failure of the network management software industry (I'm looking at you, HP OpenView) to solve even basic network management problems, I doubt they will ever deliver on the vision. They will, however, be successful at selling boatloads of overpriced shelfware to clueless & gullible IT managers.
The book "The Innovator's Dilemma" by Clayton Christensen, which describes how incumbents get disrupted even though they know it's coming, was based on case studies from the hard drive industry.
Is “as dumb as possible” the best answer to the question “how smart should the office phone be?”
Yes, because business phone UIs are terminally horrendous (I have a Polycom unit at my desk, that is blinking red, I have no idea why, nor can I be bothered about fixing the darn thing, even though I am a Telecoms engineer by training).
Of course, the real answer, as any Millennial can tell you, is the best office phone is no phone, you should be using IM (or email for this old fogey) instead.
There's a name for it
It's called the Dunning-Kruger effect.
Remote PDUs + serial console won"t help if the system is aborting in the middle of the boot sequence, e.g. due to fsck.
The reason Google, Facebook and other hyperscale companies don't provision LOM on their servers is not so much cost as the fact their ops model treats individual servers like cattle vs. pets. If a server dies it is automatically failed over and the FRU is the server itself.
Kindles are not the issue
Tax-dodging or Kindle lock-in is not the worst transgression. Amazon's abuse of its near-monopoly status in books is. For a few examples:
Typical cellco scum
The great thing about Apple is that they don't cave to carriers' demands to put crapware all over the phone, unlike Google's supine attitude (even though there are bad signs like allowing AT&T to misrepresent HSDPA as "4G" and allowing the carrier to restrict FaceTime over the wireless connection).
The problem is not authentication or lack thereof
but rather the bugginess of embedded systems, Internet-connected or otherwise, manufacturers' unwillingness to expend engineering work to issue patches, and the logistic intractability of managing patches for all the devices out there. We've seen makers of expensive SCADA controllers wash their hands of the problem, and even lowly printers have turned out to be attack vectors.
Authentication won't solve the problem. Strict product liability laws that force manufacturers to fix bugs would be a first step, and it's encouraging the FCC recently compelled HTC to release Android security updates for phones they'd just as soon not want to support.
One option could be to require devices to disable themselves 6 months after their last autoupdate, and to require manufacturers to support devices for 7 years after EOL just as they are required to for spare parts.
Practice safe browsing
Apple (or Microsoft) can't really be blamed for security vulnerabilities in third-party software, Adobe Flash and Java being egregious culprits.
That's why I disable Flash and Java in my primary browser (Chrome) and only have them enabled on my secondary browser (Safari) that I use to visit sites that absolutely require either, and then only under duress (normally I will just ditch a site that requires Flash or Java, or won't work with cookies disabled, as that is not acceptable in the 21st century). I also make sure the bug-ridden Adobe Reader never makes it onto my computers.
The best approach would be for browsers to run all plugins in a virtualized sandbox where they cannot do any harm, but the engineering effort to do something like this would be daunting, essentially duplicating the functionality of VMware, and non-portable to boot.
Not as scandalous as it may seem
Stock options have a cost for the company, even if only an opportunity cost, so it's just a question of Facebook transferring a tax burden from itself to those executives, like Zuckerberg's reported $1B+ tax bill.
Those executives will most likely be paying at a lower 15% or 20% tax rate as stock options held over 2 years have favorable tax rates, similar to dividends or capital gains, that working schmucks don't get to use.
+1 for MariaDB
I switched in September 2010. Putting oneself at the mercy of the professional extortionists at Oracle is not acceptable under any circumstances.
Whenever possible, I opt for PostgreSQL, and I wish I could be rid of MySQL/MariaDB altogether, but Wordpress and Cacti require it, so I keep MariaDB around for now, bloated as it may be.
The most valuable element to bring back would be phosphorous. There are already some indications we have reached peak phosphorous and it is the ultimate gating factor to how big the biosphere can get on Earth.
Re: Typical MS
Android is based on Linux, which ran on 25MHz machines when it first came out in 1990 or so, and iOS on Darwin, which is based on Mach/Xnu, which originally ran on even older 68030 machines. WinCE's lack of upwards scalability is due to its being crippled by design.
We finally moved our AWS instances to a colo and couldn't be happier - half the cost, 6x the performance, 1/30 the latency and incomparably higher MTBF. Back when I had 80 virtual servers with them, they would fail about twice a week. In comparison, the scheduled outage notices were much rarer - less than 10% of cases, and thus lost in the noise of EC2's general crappiness.
We switched to MariaDB when Oracle acquired Sun
The writing was on the wall. I expect all the MySQL talent has left Oracle, just as most of the Solaris devs did. That said, we use PostgreSQL for all our own work, MariaDB is only for Wordpress.
You can't stack 9 of these oddball chassis in a standard rack as the tapped holes are spaced for integral multiples of 1U. Therefore you would need to use proprietary posts or cabinets, which I am sure HP will be happy to sell you at a princely markup.
My company looked at the ZeusIOPS as primary storage for our high-IOPS low-latency DB needs, but it is vastly overpriced (by a factor of 4x compared to competitive offerings), and we ended up going with SATA Crucial m4s for cache and PCIe Intel 910s for storage.
It's hard to see STEC surviving against well-entrenched competitors like Intel or Samsung who make their own flash chips. They coasted far too long on the fat margins from being the only SSD qualified for EMC arrays during EMC's own transition from spinning rust to solid state.
Market distortion due to subsidies
The mobile market is hugely distorted by handset subsidies, in the US at least. More than 2/3 the real price of an iPhone is fronted by the carrier, who then makes up for it handsomely during the lifetime of the contract. Since you cannot buy BYOD (bring your own device) contracts discounted to not include the subsidy, the only rational thing to do for consumers is to buy a subsidized phone every 2 years to recoup some of the excess monthly charges they are forced to pay by the cellco oligopoly.
This gives the cellcos huge power over the selection of phones. Not absolute power, as the Apple vs. Verizon tug of war showed, but Apple has a rabidly loyal following and no other handset manufacturer has the same negotiating leverage with the cellcos. Palm was hamstrung by the fact neither AT&T or Verizon carried the WebOS devices. Nokia was effectively held at bay in the US because carriers distrusted Nokia Ovi's "over the top" App Store of sorts (cellcos have an inflated sense of entitlement and believe they should get all revenue on mobile, even though they bring zero innovation to the table).
Cellcos have zero interest in truly open handsets, specially openness at the level of the baseband controller, the separate CPU and embedded OS by the likes of Qualcomm, Broadcom et al which controls the radio and the GSM/CDMA/3G/LTE/voice protocol stack. Some of this is due to legitimate concerns about network stability (it's shocking how brittle the signaling systems that run the networks' control plane are, relying mostly on security by obscurity), Mostly it's about protecting revenue, though: cellcos don't want you to use a fully integrated Skype or equivalent VoIP to bypass the outrageously expensive racket that are voice minutes and SMS. They also don't want you unfettered tethering. They want to shovel unremovable crapware on your home screen to pitch their own half-baked services like paid navigation.
All of this explains why they have zero incentive to encourage truly open FOSS phones, and in fact strong incentives to oppose them.
4G is a post-voice technology
All the 4G technologies (LTE, LTE Advanced and WiMax) are pure packet-based data technologies, not circuit-based voice technologies with data as an afterthought as with GSM/GPRS/EDGE or 3G/HSPA/HSPA+. In the case of LTE, voice (VoLTE) is the afterthought that is only just beginning to be deployed.
Even if margins on voice were not collapsing, voice turnover would still fall as the West reached peak voice and call volumes are now dropping. We may soon reach the point where voice calls are socially considered unacceptably intrusive in most situations. I for one can't wait for the day I can just ditch my cell phone. The great thing about iPads (and equivalents) is that they cannot receive phone calls.
Re: Lets hear it for Lazenby
OHMSS is my favorite, but mostly for the outstanding performance by Diana Rigg.
I would assume they don't want to show just how badly new license sales for the Oracle RDBMS are doing due to flight to open-source competitors like PostgreSQL (much closer architecturally to Oracle than MySQL is). Sure, Oracle can ride revenues by jacking up prices on support contracts, as vendor lock-in is particularly acute for the database, and it has, but that only accelerates migrations away from their RDBMS for new deployments.
Postgres is a solid, reliable and extremely capable workhorse of a database
I have 16 years' Oracle experience and started looking at porting my app from Oracle 8 to PostgreSQL 5 years ago due to Oracle price-gouging. The company got sold before it could be rolled out in production, but I opted for postgres at my new startup, where I run a sharded PostgreSQL farm on a 64-virtual node cluster. We handle a sustained 5,000 transactions per second, each one being a stored procedure call. We use the same architecture as Skype with PL/Proxy, which even gives you map/reduce capabilities with the expressive power of SQL instead of hand-written Java.
MySQL used to perform poorly in heavy write environments, but has improved somewhat since, but PostgreSQL should really be seen as an Oracle alternative. It may lack some of the creature comforts of Oracle, but is orders of magnitude less DBA-intensive to administer. The licensing savings alone are the reason why NTT is funding so much of the development behind PostgreSQL (and half the worldwide community is in Japan). On the minus sides, partitioning requires some assembly, stored procedure programming lacks debuggers, DTrace is required to get the same level of observability as Performance Pack, and single queries are not parallelized so it's not optimal for data warehousing tasks.
A side effect of legalized mass corruption in DC
AT&T is one of the biggest lobbies in Washington (some years the biggest). That goes a long way to explain why our venal congresscritters let them get away with stunts like these.
Contrast this with the Netherlands, that has a functioning democracy. When KPN mulled doing something like this, parliament promptly passed a law banning violations of net neutrality, i.e. monopolistic price discrimination.
Paterson is innocent - QDOS ("Quick and Dirty OS, the OS Bill Gates licensed to turn around and resell to IBM as MS-DOS) would not have sucked as hard as it did if it actually had CP/M code in it.
You touch only briefly on the lenses. They are exceptionally good - Leica quality, both optically and mechanically, at a fraction of the price, and far superior to most lenses from the likes of Canon, Nikon, Sony or Olympus, even much higher priced ones like the Canon 50mm f/1.2L.
Fuji make the lenses for Hasselblad and they clearly pulled out all the stops to make XF a superlative lens system. I have a Leica M9 with some Leica's best (50mm Summilux ASPH, 90mm Apo Summicron ASPH and 28mm Elmarit ASPH), the M9 is clearly superior to the X100 I carry as my jacket pocket camera, but in the same class as the X-Pro1.
The only caveat is that this is a big camera for a mirror less CSC, the same size as the Leica M9.
BIND is a bug-infested maze of spaghetti code with a history of security holes nearly as bad as sendmail. The comparison to Apache is apt - there is a reason why nginx is gaining so rapidly for web servers, or Postfix in the email space.
djbdns is another option, unfortunately without IPv6 or DNSSEC support, and not actively maintained. PowerDNS is another (disclaimer: I used to work with Bert Hubert).
That said, I don't see why anyone with a pulse would pay for a proprietary repackaging of an excellent open-source DNS server produced by NLNet,. one of the organizations that maintain top-level DNS servers (in Europe). NSD and Unbound are some of the best DNS servers around, designed for massive scale, and a pleasure to administer compared to BIND or even DJBDNS. If they are suitable for you, you are best off building them yourself from the original open-source release.
Re: "Now if only New Zealand would show us another example, bla bla,
The threat was economic - to make NZ imports in the EU difficult - not military.
The ITU predates the UN by almost a century, and has its own institutional culture (it is based in Geneva). It is effectively the talking shop where Big Governments trade favors with Big incumbent Telcos with PTT mindsets. This whole exercise is just naked rent-seeking by the telcos, nothing more, nothing less.
Carefully parsed statements
"no evidence of controlled military goods exported from the United Kingdom being used for internal repression in the Middle East and North Africa".
Note the weasel word "controlled". It is unquestionable UK military exports are used in the brutal crackdown in Bahrain:
Then again, Bahrain was for all practical purposes invaded by Saudi Arabia, so this might be "external" rather than "internal" repression.
Carriers use DPI to detect tethering
At least in the US, carriers use Deep Packet Inspection (DPI), the telco euphemism for snooping on your data packets. The chief intent is to build a database of what websites you visit for marketing purposes, but they also look at the browser User-Agent string, for instance if they see the Firefox for Windows UA string on an Android no-tethering plan, they will send you a nastygram.
If you use unofficial tethering, make sure you also use a VPN or limit yourselves to non-web use.
Face it: patent reform won't happen. Our legislature is terminally dysfunctional, and there are strong vested interests like lawyers opposing it.
A practicable solution would be for firms to group themselves in a consortium that pledges to retaliate against any firm using patents against a member. Sort of like the Great Convention in Dune: "Use of atomics against humans shall be cause for planetary obliteration."
What's the difference between car and computer salesmen?
The car salesman at least knows he is lying.
It actually makes perfect sense
If you use Macs for high-end production work, an iMac with a fast external Thunderbolt array will still be much cheaper than a Mac Pro, despite the Thunderbolt price-gouging, and possibly even faster until the E5 Mac Pros finally ship.
A Director's responsibilities
Schmidt served on Apple's board when he worked for Google. As such, he worked for Apple and it was his duty to serve Apple's interests, or recuse himself if there was a conflict of interest.
I don't know how much info Jobs shared with his board, but I suspect he was as tight-fisted with them as with the press, or even Apple employees beyond the few need-to-know on each project.
Google argues they bought Android before Apple made its announcement of the iPhone, and they may be right, but at that point it was a device more akin to a Danger HipTop, with a large keyboard, than the iPhone. If Schmidt got Google to switch to an iPhone-like direction on Android, he would indeed be in breach of his fiduciary duty to Apple, but it would be very hard to prove in court (but not impossible, see Oracle's success in proving deceptive intent wrt Android and Java).
I don't think Schmidt had necessarily that much control at Google. He was a stuffed suit foisted on Brin and Page by VCs with their inane belief in "adult supervision", and Brin and Page made sure he was cut out of the loop on many critical decisions, Android may have been. It is quite possible Schmidt mentioned something about the iPhone to Brin & Page, but that of course would be nearly impossible to prove.
The telcos should just bring M-PESA to the UK
Kenyans, fed up with the corruption of their banks, opted massively to use their (foreign-owned) phone accounts as a means of payment.
Any similarities to banksters in the UK not unintentional...
Sharding a social graph is exceedingly difficult, because ther is no way to partition the social graph cleanly, and ther will always be croo-shard links. Face book's engineering challenges are far tougher than even Amazon's.
As for Cassandra, which is based on Amazon's Dynamo (and indeed done by some of the same people), even though Facebook originated it, they are no longer using it themselves.
Sharded MySQL may not be fashionable, but it is well understood and mature, which is why Facebook engineering still uses it. There is something to be said about a predictable system, and Facebook has a demonstrated record of operational excellence. This is no coincidence.
The Dutch had to because their incumbent telco is one of the worst in EU
When I ran ops for an ISP in Amsterdam, circa 1999, KPN (the incumbent PTT-era telco) was incapable of delivering even simple telephone interconnection in less than one year, and once they cheerfully announced my $100K a month 45Mbps link to the US was going to be down for 3 months.
The arrogance, incompetence and sense of entitlement of KPN is simply breathtaking, and that's why the Dutch legislature had to nip this in the bud.
SMS is a racket (over $80B revenues a year worldwide, compared to $10B for all of Hollywood at the box office), with utterly unjustifiable profit margins that are long past due to fall in line with actual costs, that are near zero.
Sun/x64 is just not competitive
I've been running Solaris/x86 in production for over 12 years, at first on Intel white box servers, then on Sun's excellent V20z and X4100 Opteron servers. Their x64 machines were competitively priced. In my new company I needed a quote for 40 servers, and they are now twice as expensive as HP, so we are going to switch. We'll still be running Solaris, but the OpenIndiana fork, since Oracle's support contract policy is unconscionable. And of course we ditched Oracle for PostgreSQL...
It's amazing, but Larry Ellison is even better at running Sun into the ground than My Little Pony was...
I have a hard time believing that the inability to use a server GPU as a video card is what is hindering adoption. More likely, the difficulty in porting legacy applications to make full use of the hardware is to blame.
Not the same
My HP-15C is one of my most prized possessions (I also own the iPhone app version), and I use a HP-12C as an inferior substitute at the office. The current Chinese-made 12C is a pale shadow of the Corvallis or Singapore-made originals in terms of build quality, specially the keypad, and the Platinum edition is completely different under the hood, with a number of bugs introduced along the way.
Ah, the joys of byzantine failures
A fault-tolerant system that assumes the only failure modes are relatively well-behaved ones like total failure, is not really fault tolerant, as the Aussies discovered to their regret.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16