Care to elaborate on the reason behind the down vote or are you simply trying to bury bad news for a shilling ?
835 posts • joined 21 Sep 2010
"For example, unlike Windows, the Linux Kernel can be upgraded independently of the rest of the operating system; therefore it is hard to link Linux Kernel vulnerabilities to a specific Linux distribution or Linux distribution version."
If Florian gave a fuck about producing an accurate or useful picture for the punter, all he had to do was pick a distribution, and take an inventory of the kernel revisions that got punted with that distro over the year. It's not hard, the information is in the public domain.
Instead, Florian has decided to use a methodology that produces a figure that isn't representative of what a real world Linux user would encounter (because in practice distributions ship a small fraction of the kernel revs that are out there), but just happens to be the biggest possible value he could arrive at with the least amount of effort.
He really shouldn't have bothered.
"Note if you watch the video by the way Mr Rifkind (he doesn't deserve the Sir), says he actually earns no money. If that's the case whats happening to the taxes I paid in for his wages (81K he gets a bonus for being on def and intel commitee (14K) ) and expenses. Bastard."
I have a hypothesis that may cover that glaring "inaccuracy", sorry I mean blatant lie. Perhaps Mr Rifkind views the money he earns as part and parcel of being an MP as "gifts", whereas the money he has to get off his arse to earn/swindle from Her Majesty's Long Suffering Tax Payers and lobbyists as earnings.
A BA's lunch served to me over 30 years ago still stands out in my mind. The menu said "Omelette", but I think they actually meant Omelette boiled in brine. Impressively awful, I suspect that much of the derision heaped upon British cuisine may well be caused by BA's Omelettes being so bad that visitors to blightly can't remember anything else when they get home.
Re: but the '...w.dll' - Could be time to IPL with Toggle Switches. ;)
"Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again."
Vendors are compelled to comply with the law - regardless of how stupid or counterproductive it may be.
Besides I'll bet that most people would choose to have their machine boot with the NSA malware in place than not boot at all.
At least the greybeards with old PDP-11s running V7 UNIX in the basement can bootstrap via toggle switches, so the world hasn't ended yet. ;)
Re: i can see myself
"@Roo : The real question is: Are you using Erlang?"
No I am not using Erlang... It wouldn't make any difference if it were the right tool for the job because the people with the gold specify what tools their minions can/can't use - despite having zero knowledge, experience or interest in the mechanics of distributed apps. I offer my advice, and then I do what I'm asked to do. I write more efficient code more quickly than the Java & thread junkies, and I get paid for doing it, it keeps the family clothed and fed and it helps minimise the amount of time I waste giving unwanted advice on parallel/distributed apps. :)
Re: i can see myself
"The bottleneck in my experience is in the apps, not in the network or protocols."
My experience differs - but my perspective is that of someone who has been paid money to write REST services. Here's some things where HTTP 2.x is likely to help me write more efficient REST based systems:
1) It's not uncommon for REST services to run out of file-descriptors before they run out of compute & memory. HTTP 2.x will definitely help with this...
2) Where compute power is at a premium you can burn hundreds of thousands of cycles processing the headers alone, which really kicks you in the nuts when you are trying to address thousands of small objects (this is the majority of cases in my experience)... HTTP 2.x's use of a binary format will improve this a little.
3) head-of-line blocking really hurts performance in a lot of REST apps. The classic work-around is to address multiple addressable objects with one request, and then overload the HTTP reponse codes and bodies in weird and wonderful ways - which breaks the REST model. This very day some poor sod was forced to explain why they had decided to return a 200 when their now-non-REST request partially completed... HTTP 2.x's multiplexed connection will bin the head-of-line crap and allow us to spam the server and let it sort out the best order in which to process the requests - rather than slavishly processing them in FIFO order. People reckoned that out-of-order execution was a good thing for processors & hard drives - it's a win for REST services too.
4) header compression. K, you don't give a stuff about network bandwidth because you can throw wider pipes at it as time goes by, but the thing is wider pipes don't automatically reduce latency. Reducing the amount of data you have to transfer & the amount of effort to parse that data *does* reduce latency. Another win for HTTP 2.x.
I won't begrudge you looking at kitty pictures with HTTP/1.x, by the same token it would be nice if the wannabe luddites out there spared a thought for the poor sods (like myself) who are forced to use HTTP in high performance distributed apps. ;)
Anyway, we'll see how HTTP 2x works out, hopefully my lack of cynicism will be rewarded just this once...
Re: Evolving playable monsters?
I enjoyed some epic games of Natural Selection back in the day, there weren't enough hours in the day ! I really liked how a match could take unexpected turns, it was never the same twice. Seeing expert Fades at work was something else. I wasn't surprised that it didn't catch on though - it wasn't really possible to have a quick blast in the same way as Counterstrike et al, which pretty much eliminated the casual gamer.
Re: Who says it's a breach
"Maybe O2 just sold the data?"
In practice the phone companies use third parties to do their surveys/advertising, there's a very good chance that one of their suppliers simply misappropriated the details O2 provided them with...
" Can't say I'm surprised to see Council Tax listed as one of the things they'll stop you leaving the country for, given they already charge you council tax for the period that you're in prison for failing to pay said council tax...."
I suspect an awful lot of old money would get clobbered by that process if it were to be applied universally, and I have no doubt that there will be a number of people who get have their travel restricted due to an administrative error or good old fashioned fraud... I suggest you hunt for an old school tie in your local charity shop before setting out for the airport. ;)
If this policy is administered badly enough the only people left in this country will be the poor & fraudsters...
Re: @Roo - Wait a minute
"I think your Irony Detector isn't working..."
It's working fine, I was embellishing your post. :)
Re: Wait a minute
"Well obviously the Security Services just need *MORE* snooping powers..."
Tell that to McKinnon et al.
Re: Sad, and not good enough
"Well maybe his senior colleagues need to bloody well try harder, instead of wringing their hands and saying "oh what a pity"."
The fact that a detective can trot out this bullshit, yet we see plods track down folks who crack US Navy boxes with default passwords without breaking a sweat tells exactly how much his senior colleagues care about ordinary citizens.
@ MB (Re: amanfrimmars1 No one should be surprised.)
" So you missed the bit where Communist Vietnam signed a trade deal with The Man waaaay back in 2001"
It appears that you are overlooking the 50+ years lost to weapons of mass destruction. Fair play to Vietnam though, they are making rapid progress.
"But where do Alice, Bob and Carol fit in to all this?"
In this case you should be on the look out for Larry, Curly & Moe.
Who do I bribe ?
To have this law applied retrospectively after being forced into installing Windows Genuine Advantage in the UK ? :)
"Shame we can't recreate Westminster on a small island and have him come back, to it, at night. Just leave a sign on the door saying we all emigrated."
That is an excellent plan, and probably a lot cheaper than Cameron's 24x7 surveillance society, and even better it respects human rights and doesn't willfully kill people. Cameron could learn a thing or two from swampdog - assuming of course that Cameron could take his head out of his rear echo chamber for 10 minutes or so and pay attention.
"You've really got to admire their cojones."
You don't have to be brave to take the piss when you know there will be zero consequences.
Re: Burroughs beat IBM by over a year with the B5000.
"Computer scientists may wet themselves over clever architectures, but at the end of the day the IBM 360 was successful because it was affordable and there were programmers available"
"Affordable" as opposed to offering better price/performance ? :)
I suspect IBM's *existing* dominance in the market place, Lawyers, FUD and marketing muscle had a fair amount to do with 360's success. For folks to succeed in the face of that kind of opposition they need to offer a performance/price ratio that far exceeds other offerings (at least 5x better).
The B5000 was a cracking piece of work - it does make the opposition of the time look terminally retarded. I can't help but wonder if the industry as a whole would have been more productive over the past decades if something like B5000 had become ubiquitous. Even without IBM et al dominating it would have been tricky though - I think they would have had to have cannibalised their high margin business to do so - few companies are capable of biting that bullet. DEC actually started out by punting small low-cost machines, and they shipped the LSI11 (a 4 chip processor) in 1975 and followed up with the F11 (1979). Then they went backwards with the VAX-11/780 - they built it out of 74 series TTL and 'shipped' it in 1977. :(
Re: After the election comment
"I have sent an email to the Office of the Prime Minister - I'm retired and they can't make trouble for my company - spelling out why their universal backdoor policy will not work and would in fact backfire on UK business"
You appear to be under the impression that the Office of the Prime Minister gives a toss.
In my experience when an outfit is going ahead with a blatantly stupid idea despite being given a metric shitload of reasons why it's stupid, the chances are you don't understand their goal. In this case the goal may well be totally insane from a rational proletariat point of view, but from the point of view of keeping Dave, his school chums and their sprogs in safe and in power forever it may make perfect sense.
Besides if they do destroy the UK, it's pretty easy to emigrate these days, even Idi Amin managed to retire somewhere sunny...
"when this bleeder suddenly tries to take over the world you just open the window and shove her out, problem solved BOFH style!"
"Never trust a computer that's too heavy to lift" - can't recall where I first saw that one, but it has served me well. ;)
Mortgaging your bollocks.
I struggle to see how handing your gonads over to Larry Ellison is a sound business decision. Were the non-exec directors sleeping off a huge lunch at the time that decision was taken - or had they already had their gonads removed ?
Re: foot shooting
"WIndows Phone 8.1 and Denim firmware update were promised for last quarter 2014 - so far it's only been put on new phones"
Microsoft do have some form in that particular area ...
They haven't really thought this through have they ?
The third-party vulnerability reports will still be there for the public to peruse, but they won't be able to see if Microsoft has bothered to fix them now... I can't see how making Windows look like an abandoned legacy OS is going to help market share.
Re: The "Real" Reason is......
That could well be true, but I don't see much of a reason for the plods to actually help cover that up, unless they are corrupt themselves of course... Nothing to hide, nothing to fear and all that. ;)
In essence it seems far more likely that the plods are simply refusing to play ball because they know they've been breaking the law/rules.
Re: Anti VM my foot
"An honest question - does it matter whether the share on the other machine is writable or not?"
If you're unlucky enough to be running NT3.51/4.x on your file server you could see compressed files on read-only shares get corrupted by clients attempting to write to them (same happened even if the files were also marked read-only on the read-only shares). They *should* have fixed that one by now, but I wouldn't bet my data on it. ;)
That is so dumb I can't decide whether the crooks and/or financial institutions are getting dumber.
Curious to find out why this person chose to dox 350K clients.
"Tapping fibre at the bottom of the sea? With robots or in scuba gear, through an armoured cable, and all without being noticed? And they didn't fuck up once and get caught? "
Err, the not getting caught thing would be quite easy, there's a lot of water to hide in out there. Also you seem to have overlooked the fact that submarine cables seem to break as a matter of routine and they are repaired by private companies. I can't see those companies saying no to getting paid for some lawful work.
Re: worse @ streaky
"When all this comes to pass what do NSA/GCHQ do? Nothing - they effectively cease to exist because they have no real-world capability and all the money has to go where it should be going anyway, into humint."
The vast majority of that encrypted traffic will still be vulnerable - they can lean on certificate authorities, service providers (not just ISPs, folks like Google et al), and carry on with their man in the middle attacks. It's not rocket science.
The fact is mass surveillance has been their goal from the outset, they've spent a lot of money on it, they have the law on their side and they'll find a way and a lot more money to carry on doing it. As to why they are doing it, the hunting down criminals reasons don't make much economic sense to me unless they view the majority of the population as being criminals.
Sure they're whinging about it...
But at the end of day there is absolutely zero evidence to support the idea that joe public's vote can stop them doing whatever they want however they want whenever they want.
"Criminals will always try to increase their power/wealth, and if they end up changing laws that affect millions, they do significant damage to society. The possibility of dropping on the end of a rope may make them consider something else."
- Like framing someone else for example.
Re: Roo Mephistro (@ Matt Bryant)
"Good point. Unfortunately, there seems to be a whole raft of reasons (Sony hack, Anonyputzs, Lizard Squad, Silk Road x.0, etc, etc.) for the authorities to seek to regulate the Web"
You shouldn't lay all the blame at the door of the lamers on this one.
The internet has always had a bunch of crackpots hell-bent on causing mayhem by accident or design, the difference now is that the internet is now critical to business. Therefore the government's tax revenues are now increasingly dependent on the internet working - so they have a strong incentive to crack the whip.
I think it's fair to say that rising of importance of the internet would have happened even without a single loon rampaging around the internet. I suspect that the Internet would be a lot less popular if it didn't have any loons rampaging around it.
Re: Mephistro (@ Matt Bryant)
Nice to see you strutting your good stuff again Matt, nice choice of icons too.
I can't help but feel there may be a link to the DNS Root attacks and this TOR shakedown.
Re: Writing parallel code doesn't have to be any harder than writing sequential code.
"But when you start talking about true parallelisation, with multiple threads working on the same data set, these approaches don't work. HPC code writers have struggled with this problem for many years."
I suspect that we're in violent agreement. You pretty much hit the nail on the head with respect to threads hammering away at some shared data.
The point I'm trying to make is that writing a bit of code to do something in parallel isn't hard in itself. In fact languages & tools that have a concept of parallelism make a lot of problems a lot easier to solve. :)
On the other hand breaking up the problem into nice discrete computational units that run nicely in parallel at run-time is hard. In essence I'm saying the mechanics of writing parallel code are actually straightforward, the most intractable bits lie in the logical domain.
With respect to VISC it is a step in the right direction, but AFAICT it seems to be rooted in the tightly coupled thread world. As you know component failure in a distributed system is almost guaranteed - and in the real world you usually have to share your system with other workloads at runtime, so what I would like to see this kind of tooling scale from threads on the same die right up to balancing multiple workloads on a few hundred racks. In my minds eye that magic toolset would stitches all the pieces together so a developer/ops/sa can take a kernel / dataset, move it around and refactor it to fit the hardware it's running on at run-time.
I know that does sound like a bit of wishful thinking, but many pieces of the puzzle have been done already over the past 30 years or so,
Writing parallel code doesn't have to be any harder than writing sequential code.
VISC sounds neat, but at the end of the day it seems to be more concerned with scheduling instructions across a bunch of cores, and as such it's not going to make much more headway against Amdahl's Law. That said I do like the fact they're tackling the problem of fitting parallel code to the hardware at run-time, that is a problem that hasn't really been taken seriously enough in my view - but I think we really need to go a lot further than VISC to fix that one.
I take issue with this oft-repeated assumption that writing Parallel code is harder than writing Sequential code. If you're solving the same problem, the constraints are the same, so why should it be any more difficult ?
Case in point hardware engineers have been writing parallel code for years without making a fuss about it, their code tends to be a bunch of communicating state machines instead of a pile of if-then-else spaghetti. Sometimes it's actually easier to do a bit of parallel programming than shoe-horn the solution into a sequential straitjacket, the key is using the right tool for the job.
No doubt some people who have been burnt by threads are going to take issue with my stance on this topic. I have a clue for you guys: using a sequential language with threads is the problem - it's global variables all over again - but this time with multiple threads of execution hammering away at them.
"I often wonder whether it would be possible to resurrect Unixware."
That is one of those things that may well be possible but is also dangerous, painful and ultimately unrewarding - I'd put it in the same category as going quail hunting with Dick Cheney. It looks as though you can still buy it, although I really struggle to find any upside to purchasing a neglected zombie cash cow.
"I would love to see a real genetic UNIX available again"
Depends on your idea of real I guess... I count the *BSDs as being more real UNIX than the various commercial hacks of SVR4 - but that is because I cut my teeth on SunOS and was then savaged by rabid Solaris boxes. Those boxes running early cuts of Solaris were so unreliable, and so badly set up that I concluded that they weren't running a UNIX.
Those scars linger on - as a result I still avoid SVR4 when given an option. :)
"You are making the (incorrect) assumption that Apple are the only people who want to make use of Samsung's fabs."
"I'm making that correct assumption on the basis that Apple was reported in 2012 to account for 89% of Samsung's foundry business"
I think you missed the point... I'm saying the demand is there for that process regardless of whether Apple are using it or not..
FWIW iSuppli has Samsung ranked #2 by revenue from 2002-2013 (IDM & foundry), I guess we'll have to wait for the 2014 figures to see if A8X put a measurable dent in those figures.
You should keep in mind that Apple are still shipping a lot of Samsung chips in their gear that aren't A8X's - simply because they can't get enough volume from anyone else - which is not surprising given that Samsung has been #2 (second only to Intel) by revenue for over a decade.
Samsung would have more cause to worry if Intel+Micron managed to muscle in on the Apple business.
"It is pretty obvious given the massive amount of capacity Apple was using. With an average die size of 100 mm^2, given the volumes of chips they'd be buying it is essentially the entire output of one modern fab. I saw figures suggesting that Samsung would drop to 30% utilization on their leading edge processes as a result of Apple ditching them for TSMC."
You are making the (incorrect) assumption that Apple are the only people who want to make use of Samsung's fabs.
"Just remember these are chips designed by Apple, not Samsung , they are only producing them off apples design."
Or to put it another way:
Apple design a core, copying the core design features from ARM's IP, and then pay someone else to make it for them because they don't have the ability to fab their own designs, unlike Samsung.
Apple have more than enough money to build a 14nm fab, there must good reasons why they have not gone that route yet... The usual reasons are lack of skills & thin profit margins. In Apple's case the latter won't apply - so that leaves lack of skill / technical ability as the most likely show-stopper.
It is sad that many of (superficially) technically literate posters seem to be completely unaware of how much skill, knowledge & effort goes into building & running fabs. I'm guessing none of them have ever actually made anything in the real world.
"Samsung was left with a LOT of very underutilized fab space when Apple chose TSMC to make the A8 and A8X"
Got any figures to back that up or are you just guessing ?
"This is all perfectly obvious. Why would anyone assume different?"
That was my initial thought - based on reading the manual for a CDC Wren hard drive.
However it is technically possible for a drive to handle a variable aerial density either through signal processing or adjusting the motor speed (Compact Discs have been doing this for donkeys years).
Varying spindle speed would probably be pretty dumb for random-access drives - so my money would be on varying bit rate to maintain near-constant aerial density. I have a feeling Fujitsu Eagles may have done that trick - but I could be confusing them with something else - it's been a long time since I delved into hard drive schematics. :)
Re: Hmm... Whilst there is much that one can criticise Redmond for I have to say..............
"...........that their openness about what went wrong on this occasion is to be welcomed."
I'll second that, well played MS Azure folks.
Re: Can someone interprete this to me like I'm 5 years old?
You can have a cynical view for nothing. :)
I read it as some people who have decided that they will get more out of life by ingratiating themselves with a bunch of very wealthy and powerful folks at a meeting in Davos. They are hoping to accomplish this coup by offering a service that caters to the demands of the wealthy and powerful folks in preference to paying attention to the needs of the proles.
They are actually proving themselves to be useful by sticking two fingers up at the proles and doing corrupt stuff like trying to appoint themselves permanent positions of power. A little bit like the WW2 Vichy government but without any notion of civic duty.
Re: Not what I have read..
"If I had attempted to rootkit the entire planet, pretty sure that I'd still have a stripy suntan today. AFAIK nobody from Sony was jailed."
It goes a bit further than that. Sony's actions and lack of response from the authorities is making the law look stupid. It shows that there is no point in abiding by the law because it is not being enforced where there is a large amount of harm done to a large number of people, and even worse it makes the police & judiciary look like a bunch of corrupt feckless numpties*.
*= I know that they aren't all corrupt feckless numpties - but it only takes a few to screw everyone.
Re: No fan of Sony, but...
" I am not even sure that one can accuse Sony of faking anything - nothing that does not belong to them, at least. "
By that logic it's open season on Sony's publishing operations (incl. websites) seeing as they occasionally infringe copyright. The fact is Sony don't own the servers, the storage or the pipes that stuff is traveling along, they would just be another bunch of self-righteous wanker script kiddies if they decided to do a bit damage.
Oh they've root-kitted millions of PCs already you say ?
Surprised Sony refused to comment...
Usually PR hacks are only too happy to assure the general population that they're doing nothing illegal - why the reluctance to whitewash their name today ?
This will be lost in the tide... But here goes...
Reg, that reformatting effort was very, very brave.
Re: No worries...
"Exactly Stuart. It's impossible to look 30 years into the future and predict anything*, let alone what part of your code may be exploited."
Let's be honest... You don't need a crystal ball to tell you that it's bad practice to try and dereference a pointer that *may* be invalid.
Re: Money, and only money, talks
"Take a look at Sony's stock this week. Barely a dip (http://www.sony.net/SonyInfo/IR/stock/stockprice.html)."
They just lost a ton of IP and confidential info, and it appears that the market has priced that IP at ~$0. Sony, f.off and root yourself.
Re: just a thought or two.
"Nation state or criminal group ( and unless people have been living under a rock, yes, there are a couple out there that are just as sophisticated as quite a few Intelligence Agencies...) , this has been a big one, and the current broohaha is only the first chapter in the book."
Interesting hypothesis. I hereby award you an up-vote and a Black Helicopter !
I'm going to see if I can find my copy of Burning Chrome. ;)