1116 posts • joined 22 May 2007
Re: Which problem is The Problem?
"Should GCHQ want to recruit people who 'forget' their passwords?"
Everyone forgets their password from time to time. Or locks out their account. Or....
Just because a person is one of the best cryptanalysts in the world doesn't mean they don't have a memory like a sieve.
However, for an intelligence agency to be storing passwords in plain text is inexcusable. Even on a peripheral system. It doesn't matter whether they are sending out plain-text password reminders, as such. It is that they are storing them insecurely. Which is bad. Very bad.
"So for your whole life you've supported a party that believes in electoral reform that they expect to mean regular coalition governments... The party that believes coalition government is a good thing goes into coalition."
You beat me to it. The Lib Dems had no choice but to go into coalition (or abandon all hope of saying they support PR, which means regular coalitions). They had very little option but to go into it with the Tories, as any other would have both been very complicated (using every party in Parliament to oppose the Tories) and against the apparent wishes of the electorate (who basically voted Labour out).
On top of this, they have done real good for the country. They have tempered the Tory government, and pushed through beneficial changes (such as the rise in personal allowance).
The only real policy mistake I believe they have made was breaking their promise on tuition fees. This was a firm commitment to vote against any rise, and they just tossed that down the toilet. Apart from that, the main damage to the party is just in the association with the Conservatives and their policies. It is a perception held by many, and that will have the most damaging consequences. However, this is because the
proles electorate are stupid have not thought it through.
"And the noise."
That was my main problem when I bought a pair of DL380G4s to replace a couple of home servers based on desktop hardware. One of the old desktops had blown it's PSU while I was on holiday (which happened to be my mail server, causing great distress to my other half), which prompted the move to real server hardware.
When I got them home (and installed in my new rack), I found the noise level... unacceptable. Or rather, SWMBO found the noise level unacceptable. I wasn't really too surprised, as they would drown out the noise from our vacuum cleaner from the next room. I did, however, find a fix.
The first part was to retire one to the duty of parts repository, and keep any non-essential services on a desktop-based server. The second was involved a soldering iron, some heatshrink sleeving, some resistors and every fan in the system (8, I think). Then, after a few days of careful monitoring in mid summer, I determined that the heat levels were acceptable so long as I left the window latched open.
I'm actually in the process of heading the other way, now. All my external services are hosted elsewhere, and I am in the middle of consolidating all my systems into one desktop based server. At least it's now in a rack mount enclosure, with custom dual PSUs and two UPSs. The spare hardware, well... It will probably join all my other spare hardware in the cupboard, ready to fire into life when something else goes wrong.
As a side note, I'm not looking forward to the other half noticing the drop in our leccy bill when I switch off the 380. She noticed the rather large increase when it was installed, but didn't figure out what was causing it. I'm pretty sure she will go mad when she realises how much juice that thing was drinking...
"I am also a little wary of a wireless network that can supply enough energy to charge a phone using me as a medium"
It's not using you as a medium. It is using, mostly, air as the medium.
I will accept that if you happen to be in between the charge and the device it would be using you as a medium, it's only in the same way the your phone is using your head as a medium if the base station is on the opposite side to the phone.
Re: Would you Adam and Eve it.....
"Apart from having to deal with BT, any reasons why I shouldn't go with them?"
Nope, but that's enough reason for me!
"I would rather pay for my broadband separately"
I don't really know why. I was (and still am for a few days) with Be, and was delighted when I could get a landline with them. It simplified fault finding no end. The landline provider couldn't just fob you off on the ISP, and vice versa, because they were the same.
Re: Where to go then?
I would strongly advise against. I have had several conversations with them over problems with my parents' broadband & phone. I would not touch them with a barge pole. They are arrogant, rude liars. Their philosophy seems to be "the customer is always wrong". They are (I can barely believe I am saying this) worse than BT.
YMMV. This is only from my own, personal experience, but it is a very bad experience.
I've been with Be since I moved into my own place a in 2008. Above all else, the support kept me there, plus the ability to have multiple static IPs and the speed advantage I gained.
When I moved in with my girlfriend a few years ago, I stuck with Be even though it meant getting a second line (as she refused to get rid of hers, with Sky as it happens).
Since then, I have actually found Sky to be a great (consumer) service, both from reliability and speed aspects and on the support front. It has impressed me enough that I have just cancelled my Be line and migrated to Sky Fibre.
I know some will not be happy with this announcement, but from my own, single experience I have to say that Sky are my second favourite ISP, behind Be only in the technical aspects.
Re: Not sure how you legally define a "Troll"....
I don't know about legally, but:
- ARM design their cores and license them out to fund more design. There is a continual process.
- MPEG-LA is just a group of companies, really, with licensing deals (I know, far too simplified). Other companies hold the patents, MPEG-LA just makes licensing them all easier.
- Google bought Moto, which are still (IIRC) a separate company and do make things using them.
- Troll Inc just buy patents then try to license them out. They do no development or production of their own, and exist purely to suck money away from others.
Re: A few points
"The problem with that is it stops small time inventors being able to earn a living from real inventions too. Just because you like inventing things, doesn't mean you would be the right person to take it forward as a product."
I thought about this too.
For me, there would be 1 simple way of solving this problem; all patents must be held by an individual. No companies may own a patent: They may license it, but not own it.
There would be a host of problems stemming from this, too, ranging from transfer of the license through to what happens when it is the companies effort (i.e. you are employed and gain a patent on something you do at work), but none of these are insurmountable.
Re: Just remember...
"You start producing the item and then sue and you're not a NPE anymore"
Shows how much you know!
Let's say I came up with a fairly simple, but non-obvious and innovative, enhancement for, say, a car engine. It is not something which can easily be retrofitted. I have developed the idea and patented it, but I don't have the money to produce the new engine myself.
I go to a few car companies with this enhancement idea. Some are interested, but they don't license the idea, they just steal and use it.
I am a non-producing entity, and have no way of producing it. Should I have to post the billions in a bond just to be able to sue them for stealing the idea?
The obvious way around this is to exclude the original patent applicant, but what if I had taken my invention and rolled it into a company?
The problem is making sure the legislation doesn't remove rights from those it is intended to protect (i.e. innovators).
Re: I'm no pro-animal-rights-maniac..
"If there was some explainable means to and end, then fine!"
There is. Read the article.
OK, it was probably started with "I wonder what would happen if we linked 2 brains together" (possibly followed by "that'd be so cool! Now get another round in") , but the research shows that joining 2 brains may have some purpose.
Personally, I hate the idea of experimenting on animals. I think it is cruel. However, it is a necessary evil in my view. Without it we would not be able to do half of what we do today. I hope, some day, we no longer need to, but for now it's the best option available to us.
More power for more performance I think for Atom.
I think this very much depends on the application.
I would suspect that for many applications you are right, but for many you are wrong. Added to which, most server applications (which this article is talking about) scale well across threads. Therefore, if we took an Atom dual core processor (the most Intel do at the moment, I think) compared to a multi-core ARM SOC, I think you would be able to get similar performance for much lower power and cost.
This is only my own gut feeling, I have no numbers to back it up. Where I work we had enough trouble upgrading our MES from a couple of old (>10 years, although they are still running perfectly) Alpha's to Itaniums, and are now being blocked by the bean counters from consolidating most of our boxes into a new vitualised environment. We move slowly here, if ARM servers take off we may get to them 10 years or so later...
Absent without leave
Our beloved BOFH appears to have gone AWOL.
Can we expect a new story any time soon? There's been nothing since November and I'm getting withdrawal symptoms!
Re: Eye Spy with My Raspberry Pi
"my USB camera and microphone cost about £3 and theoretically would work"
Not as well, though.
The camera module connects to the CSI2 connector on the Pi, which allows images/video to go straight into the GPU, be processed, then spat out to either the display or into userland. With your USB webcam, even forgetting the terrible inefficiencies of USB, to get the same functionality you need a userland programme to pull data from the webcam and put it into the GPU (whether to display it or to process it).
Re: It's never going to be fast
"or there is no Wine at all"
Ah, wait, you didn't mention beer. Is my beer safe? Do we need emulation for beer to exist?
Re: @ Mark
"Is it possible to run GNU/Linux software on Android by installing libraries?"
On a rooted device, you can set up a chroot environment with, say, Debian installed. Use a terminal emulator and, hey presto, you've got a Debian shell.
Add to that the Android X-Server app, and you've got linux GUI apps, too. Looks very odd (and hard to read without tweaking) seeing LXDE running on your mobile.
Re: Point of fact
"I might want to watch ITV, Sky, or all those other channels that don't insist on charging me the poll tax"
Still watching TV.
Although the BBC would like you to believe that the license fee is theirs, it is a tax on watching (live broadcast) TV. You wanna watch TV, pay the govt for the privilege. Nothing to do with the BBC, except that the government pays for them.
"Rather than try and stifle debate, we need to be having a really good, proper scientific debate where data is properly released in full (yep, a reference to a certain Anglian university), analysed by lots of different people and the results discussed sensibly. Then, we can implement the changes necessary, not to try and stop it necessarily, but to adjust with it."
And you see this happening?
I completely agree that this is what is needed. In fact, I don't doubt that such debates happen. The problem is that the debate has become so polarised it is virtually religious. The "hippies" and "deniers" take such extreme views that the other side are heretics who should be burned.
I did like the comment about offline storage. I actually considered a disk library project a while ago along similar lines.
My plan was to pack 4 3.5" disks into a "module". This module would be a RAID-5 set, but would be used like a tape in a tape library. Files would be written to it, and their location recorded in an online database (as in on a hard drive in the machine, not as in a server on the internet). Need a file, it's looked up in the DB, you are prompted for the module number. Insert it and you've got your data.
Using today's prices (quickly gleaned from ebuyer), the storage itself using 4x3TB / module @ £100ea would give, in RAID-5, 9TB for £400. For 1PB, you would need 112 modules, leading to approx 45k. Add in a grand (over estimating) for a server to deal with it and you have your PB of storage, offline but redundant.
Good luck to him
Not many can say they have left as big a mark on the computing world. I wish him all the best and hope the "family reasons" aren't anything serious.
On a side note, I think that his response to the conspiracy theories is a classic:
"while I frequently think Linus is an asshole... I am departing quite genuinely for family reasons"
I'll raise a glass to him tonight. Cheer Alan!
Re: Hmmmmmm. morality and lawyers.
"I'd argue that those who were posted about had an expectation of privacy"
Exactly. If the explicit photos are taken in a private setting by their partner, there is a reasonable expectation* that those pictures will be viewed only by the partner. To then make those images public is a breach of privacy (as well as showing the person who published them to be a dick).
Imagine how horrified you would be if you allowed your partner to take photos of you, you broke up and then found they had posted them on the web for all to see.
The chances of anything coming from Mars are a million to one.
I have to agree, here.
Everywhere could easily run their own databases for medical records. What is needed is a standard format for exchange of this data between NHS institutions.
So if your GP refers you to the hospital, they can send the data on in a manner which will integrate with the hospital's own systems. Similarll, A&E departments could be given (logged and controlled) powers to access a patient's medical records, with that access being funnelled to the appropriate GP's database.
This requires much less development (and money) than a centralised system, and should be more secure. At the very least if a breach did occur, it would be for a single database instead of the whole thing.
Re: How the Kessel Run was run
Interesting ways to explain it.
I still reckon Georgie boy made a cock up, but the second 2 explanations make some sense.
I think part of the problem is that everyone lobbies, so they effectively cancel each other out. It also forces everyone to lobby. If you wanted to get rid of lobby groups, you would have to lobby the government for it.
It brings to mind something I was told about tobacco companies. Apparently, they were glad when they were banned from advertising. Adverts hadn't been bringing in that many new smokers (that was mainly peer pressure behind the bike sheds), but because all their competitors were advertising, they had to or loose customers to other brands. Banning advertising barely affected their sales, but hugely reduced their expenses, leading to much greater profits.
The same would be true if lobbying was stopped. Companies would save a lot of money, but the overall effect would probably be the same.
If I understand it (agreed about the lawyerspeak!), he is saying the law required them to investigate but, given the evidence they found, the law required them not to proceed.
Although I hope I am wrong, I am starting to think that the Play store Nexus 4's were no more than a marketing gimmick. They got everyone talking about how amazing the phone is for that price. However, it could be that the it is heavily subsidised by Google for this, and stock limitations are intentional (so Google don't have to subsidise so many). In the mean time, to get one you have to pay at least £100 more in normal stores, put it into the price bracket of several similar (or better) phones.
I really hope I'm wrong, because I want one. I have some moneys put aside earmarked for this phone when it becomes available again. I'm not going to hold my breath, though...
Re: A bit ironic, really.
"It's got a single button... that's very difficult... to turn it on"
Sounds like the missus!
You produce software A, and expose features which are used by software B.
You make a change to A which stops B from working*.
There is a bug in A, not B. You need to fix it.
*Obviously, this does not include features which have been deprecated and scheduled for removal.
"Hybrids may become known as SSHDs"
I hope not. It will always be secure shell daemon to me.
"the chap from Google got up and bluntly said it was his duty to find as many legal ways of paying less tax - if the government want it to stop, they have to tidy up the legislation."
This is true. A company has a legal duty to it's shareholders to return as much value to them as possible. Normally*, this includes paying as little tax as is legally possible. They are not only not breaking the law, but doing their legal duty by finding as many loopholes as possible.
The only way to stop this is to close the loopholes.
* I say normally to take into account the Starbucks situation. If the company starts to loose sales because of their tax arrangements, they will do something about it. In that case, paying more tax is returning more value to their shareholders.
Re: No time to refactor
"it's very often a bad idea. Any change to working software introduces risk., and this risk is magnified by well-meaning attempts to clean up bad and incomprehensible code. This is also a good reason why quick-and-dirty patches aren't revisited."
^^ This. Over and over and over.
As a very simple example, I needed to add some additional checks to a very old bash script. Now this script was written as a quick hacked together job by someone who used to work for the company. He left many years before I came along, and the "code" has been modified by so many people, with such varying backgrounds and styles, and copied to do similar jobs slightly differently... Well, as you can imagine it's more of a mess than a spaghetti factory after an explosion.
Anyway, I thought it would be a good idea to tidy it up "while I'm in there". This was a bad idea. So many obscure utilities were being used, exploiting "undocumented features" in them, that we very nearly lost a weeks worth of data (luckily I had added the additional checks first, which caught the mistake).
As for "time for refactoring"... I have been pushing for this for 5 years now. According to my bosses it's not necessary. When I tried to make time in between jobs to do it, I got a bollocking for wasting time. These scripts fail every few months and take a few hours to clean up after and get going again, delaying other departments in the process, but spending a day rewriting them is a "waste of time". I've given up, and managed to push the "clean up" responsibilities onto someone else (sucker.
And this is just a tiny set of bash scripts.
Re: Biased article
I agree that it is annoying to have to pay for a voice line that you don't use.
However, that's not necessarily what you are paying for. AFAIK line rental is for use of the copper pair. You use the copper pair for broadband, hence the line rental.
Now, you may argue that they could provide the copper pair without voice equipment attached. Hiowever, I doubt that would reduce the costs associated with it.
From what I have read (I may be wrong here) FTTP is provided without that copper pair, and voice is provided by a VoIP adapter at the premises. However, you will probably still pay a line rental to rent the fibre, and again the savings from omitting the voice element are probably negligible.
Re: Technic LEGO for 21st Century..
Please give the designs and software to LEGO so they can
mass-produce it :D over-charge for it :(
(Seriously, I never realised how damn expensive Lego is. Had loads of it as a kid, but recently bought some as a pressie for my fiancée's cousin and could not believe how much they are charging for even the simplest of kits!)
Re: So, this tool is not for cracking but for sniffing
I would not recommend sniffing my crack.
"Here we again see the problem of opensource, it make it easy to break into. When will he learn?"
I can't decide whether you are joking or not. I really hope you are...
"So what happens if I set up a domain controller on eg Server 2K8, add in a bunch of other domain controllers using Samba 4, then remove the original Server 2K8 machine? Does it still work?"
AFAIK, it would continue working, in just the same way as if you had added a load of 2K8 DCs then removed the original. Someone else can probably confirm this.
"More importantly, if you're only using AD for authentication - what happens when it comes to CALs if you're using an AD running exclusively on Samba4 installs on non-Windows boxes? I suspect Microsoft's stance will be that you still need CALs on either a per-user or per-machine basis, but it's an interesting question to ask..."
I'm not sure which way round you are talking here.
If you mean a Windows server with Samba clients, I believe you still need CALs.
If you mean a Samba server with Windows clients, you don't.
Re: only makes sense for expensive unix consultants
"Good UNIX/Linux admins can cost 2 to 3 times per hour what a Windows admin costs."
Also, good Windows admins cost 2-3 times what a normal Windows admin costs.
You are paying for ability. Most Windows admins (in my experience) are terrible. Don't get me wrong, there are many good ones out there, but the ones who get paid as little as you are talking about... It's for a good reason.
Even putting this aside, you do not need a team of Unix admins to run Samba 4 as AD controllers full time. You need someone to set up the server, and someone (or a support contract) to support it long term. Othere than that, Windows admins could easily still be used to administer the system from day to day, because standard AD admin tools on Windows can still be used.
Re: What a waste of time
"AD server - install, add user + computer accounts, and it "just works" (with apologies to the Jobs-ites). Ok, I do see where if you're in a single small/home office, saving the OMG $500 on an unsupported solution might seem to stack up financially, or if you have expensive Unix gurus on tap who can get all low-level with their troubleshooting and fault-fixing."
You obviously haven't seen recent Linux server variants, or even read the article very well.
Recent Linux server variants can be installed in such a way that they are just as easy to administer as Windows servers.OK, they are different, but some are now at the level where you don't need "expensive Unix gurus on tap" any more than you need expensive Windows gurus on tap. Sure, the gurus would be able to do a better job of fine tuning the environment, but it isn't 100% necessary. Just as a Windows guru (not the normal bods most companies have in their IT depts, from what I have seen) could set up your Windows servers much better.
Once installed, you never (or at least rarely) need to touch the *nix box again. All the standard AD management tools will work straight from Windows. So management is just as easy as with Windows.
There is one other good thing about the Samba4 release, which I will be taking up with my colleagues at some point in the new year: It becomes a second supplier. I will be suggesting we install a couple of Samba4 DCs alongside our existing Windows DCs. This gives several advantages, the biggest being that if, say, an update is applied to the Windows boxes which knocks them out, the Samba boxes will provide continuity of service until the Windows boxes are back up and running. I don't think you can put a price on that in an enterprise environment. Also, if MS increased the license costs to an unaffordable level, or dropped support for the version of server we are using at a time when upgrading was not feasible, or any of a number of situations which could arise, continuity of service is maintained.
For myself, the main reason I am pleased with this is that I can set up an AD controller at home. Looking forward to the simplified administration and extra funtionality I will gain from that!
Re: No good deed...
"But he didn't keep logs, which is bordering on destruction of evidence in a child porn case."
Tor is provided as an anonymising service. It is used by many people, often for perfectly legitimate purposes, not just paedophiles. He cannot trace where the traffic comes from (a feature of Tor, the data is bounced around the network in such a way that you can't trace it, until it pops out of en exit node). And he would not want to. He has no legal obligation to, and the whole point of Tor is to avoid tracking. Nobody would use it if everything was logged, because it defeats the point of it.
"A point worth noting is that he is being investigated, he is not being punished. At least, not yet."
This depends on your definition of punishment.
If the cops came to your house, took away all your computers, mobile phones etc, some of which may be part of your business, this could easily be thought of as a punishment.
For example, for myself, it would have a big impact on my life. I only use my mobile phone, so I would loose contact with a lot of people. My computers contain a large amount of my personal data, projects, photos, and many other things. There would be a huge inconvenience, and at this point I would already consider it a punishment.
Then there's my work's laptop. Although all my data is backed up at work, there would be a lot of work to set me up a new workstation. There is also the damage to reputation: In this case, I would likely have to explain to my bosses why the laptop had been seized. if it is on suspicion of child porn, imagine what my bosses would think! Do you really think there would be no impact? I could easily see being suspended from work, and irreparable damage being done to my reputation, even if cleared later.
If you run a computer based business, it would be even worse. Even a few months of investigation could bankrupt a small business. The destruction of a business that someone has worked hard to build, ploughed large amounts of money and time into, is definitely a punishment.
I'm sorry, but I do think that even this "investigation" step is punishment. It may be necessary, but it's still punishment.
Re: Reminds me of a few years back..
"A subscription warez service? I doubt it. One of the points of warez is that it is software that you are not prepared to pay money for, and so I doubt how successful such an enterprise would be."
Actually, I remember lots of subscription warez services from that era. You tended to get faster connections, larger collections of software, quicker access to newer releases and a single place to look. The subscriptions were small, and if you were after high value software (e.g. professional stuff costing thousands) it was well worth it. Plus, you got less malware in the subscription services.
Re: No good deed...
Not knowing exactly what you do for a living, I can't be sure of an example which fits. A reasonable guess, as you are on this site, would be an IT admin.
Say a colleague, or a friend, brought you a laptop in and asked you to fix it for him. You do so as a favour. A couple of months later you find that he has been arrested for making and distributing kiddie porn, and a big chunk has been done using the laptop you fixed, since you fixed it.
So, you did a good deed by fixing his laptop, but you helped a child abuser. It was still a good deed.
The same applies to this guy. He set up a Tor exit node, donating his bandwidth and system resources to the general public. This is a good deed. The fact that the service is used by child abusers doesn't make it any less of a good deed.
No good deed...
... goes unpunished.
Although it would be easy to say that it's his own fault for running something which can be abused, I find it difficult to do so.
He was providing his own resources for the benefit of others. Of course there is the potential for abuse, but it is a sad state of affairs when he is punished for doing a good deed. I have heard of other cases which have had similar effects, e.g. people hosting public Wi-Fi APs etc. being collared when it was someone abusing their generosity. Hell, our office has locked down our "visitors" Wi-Fi network because someone was bringing their laptop in and downloading torrents, which almost caused the entire companies internet access to be cut off.
It reminds me of a school friend's hippie mother. She tried to help people out wherever she could. At one point, she started allowing (through a charity) homeless people to stay at her house. She had a spare room, and they would stay for a few days, get hot meals, showers and a nice warm place to sleep for a few days. She got nothing back except the knowledge that she had helped someone in need.
This all stopped after one person abused the system. Someone who she had been so kind to robbed the house (and the insurance wouldn't cover it).
It is abuses like this which stop people from helping. It makes the whole world worse off. If I was this guy, I'd be very reluctant to run a Tor exit node again, and the story will likely put others off from doing the same. It makes me sad (although the cynic in me knows that this is just how the world works, I always try to listen to the ever-diminishing voice of my inner optimist)
I did some work experience in an R&D fab developing gallium arsenide components a few years back (well, about 13 to be precise) and the cost of a raw wafer was a LOT more than 10x that of silicon. So we've come a long way already. If it starts to be used, costs will come down.
Interestingly, they told me back then that there was research going on to try to grow GaAs transistors on a silicon wafer. I guess they never got it to work well enough, but it was a very interesting process (involving depositing many layers of different compounds on the silicon wafer to match the crystal structures).
Re: Using a tablet to get away from AV software?
"We have several tablets around the house, but we all have the common sense to realise that they're the least-secure bits of computing kit we own."
To a point I agree.
I treat phones and tablets on my home network as potentially dangerous. However, I do the same with all machines. Even a Linux box could be infected with malware, or machines could be hacked, or any number of possibilities. As an old colleague used to say, "The only real security is a 6-inch air gap". Although this is a little outdated due to the prevalence of wireless networks, the principal holds: The only way to ensure a computer is not vulnerable is to have no network attached (and no physical access either, really). Beyond that, you are taking a chance, no matter what security methods you employ.
Even on a Windows PC, the best security method is user vigilance. This applies even more so to Android. When you install an app, ensure it is coming from a trusted source, and study the permissions it requests. Keep an eye on what your phone is doing, periodically clear out unused apps, and never grant root access to any app you are not sure about.
I don't use a "virus scanner" on my Android devices, but I keep them under a great amount of control. I take the risk of my device being compromised, but I don't keep any sensitive info on it, and I accept the risk. Just as I used to do with my Windows PC when I had complete control over it and resources were stretched by virus scanners.
Of course, not everyone thinks about security when they get an email containing "The most realistic fart app yet!"
Re: I believe RIM is toast
I have to agree here. BB's main selling point has always been messaging. If they developed apps for other devices, they would open up their market and bring in a lot of new customers.
That's very, very sexist!
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Microsoft refuses to nip 'Windows 9' unzip lip slip
- Tesla: YES – We'll build a network of free Superchargers in Oz
- US Copyright Office rules that monkeys CAN'T claim copyright over their selfies
- True fact: 1 in 4 Brits are now TERRORISTS