* Posts by TJ1

93 posts • joined 16 Jun 2011


Bits of Google's dead Project Ara modular mobe live on in Linux 4.9


Virtually Mapped (kernel) Stacks

CONFIG_HAVE_ARCH_VMAP_STACK: this is a great addition. Initially for x86 but hopefully the other architectures where this is possible will follow suit sooner rather than later.

For those not understanding its purpose or operation - it is simply using the virtual memory mapper to allocate pages of memory for the stack of each kernel task and including guard pages either end so that any stray writes can be detected and contained almost as soon as they happen.

[0] http://lwn.net/Articles/691631/


BBC to demand logins for iPlayer in early 2017


Is this a breach of the BBC Royal Charter?

So before we can consume networked BBC iplayer content we have to enter into an additional contract involving the exchange of our (valuable) personal data?

<sarcasm> Will the over-the-air broadcasts refuse to decode if we don't provide the same data to those 'smart' TVs and radios? </sarcasm>

It seems like the iplayer content is no longer 'free'. How does this square with the BBC's current charter which says:

13. No charge to be made for reception of the UK Public Services and associated content.

(1) The BBC must not charge any person, either directly or indirectly, in respect of the

reception in the UK, by any means, of—

(a) the UK Public Services

It is arguable that requiring personal data as a condition is a (direct or indirect) charge in that the BBC requires valuable information (if it was not of value to the BBC there would be no reason to ask for it).


She cannae take it, Captain Kirk! USS Zumwalt breaks down


Weapons: 750 x 155mm shells, 2 launchers, 154km range

It's a few things but the 155mm launchers are a 'traditional' naval gun platform, although looks like another application of asymmetric warfare.

It's ironic that for general navigation and interaction with civilian vessels they are going to have to hang damn great RADAR reflectors on the sides so that other vessels can 'see' it!


'Neural network' spotted deep inside Samsung's Galaxy S7 silicon brain

Thumb Up

Linux kernel does branch prediction weighting

Linux kernel has the macros LIKELY and UNLIKELY [0] which causes the compiler to arrange conditional jump instruction destinations so as to favour the branch predictor.

[0] https://kernelnewbies.org/FAQ/LikelyUnlikely


UK IT consultant subject to insane sex ban order mounts legal challenge


Exercise the SRO

Seems like one man can now tie up the entire resources of the Yorkshire constabulary by simply continually informing them daily or even hourly of his intentions to have "sexually explicit conversation", then talk to Siri or whatever other AI is out there, or even the speaking clock (if it still exists!).


Time to re-file your patents and trademarks, Britain


Re: 'EU' -> 'UK' -> 'K'

Sure have!

Currently: The United Kingdom of Great Britain and Northern Ireland

After Scottish Independence: Little Britain and Northern Ireland

After N.I. Border Poll is triggered and results in 'unify with Ireland' : Little Britain


As US court bans smart meter blueprints from public, sysadmin tells of fight for security info


Forget the 'terrorist' straw man, it's far worse...

... remote controlled so-called 'smart' devices connected to a publicly accessible communications network (whether Internet, cellular, or dedicated radio-frequency access) is an open invitation for script kiddies, malcontents, and probably a new pastime for the 'swatters'.

Imagine arriving home every day to find fridge and freezer contents mysteriously spoiled, HVAC not working, security systems knocked out, and so on. Imagine if you rely on a home kidney dialysis machine, breathing support device, or other mains reliant medical device.

If there are any systemic vulnerabilities in these devices that can be exploited using a shotgun approach it has the real potential to cause extreme aggravation and hardship to thousands of homes and possibly injury or death.

Yay for 'smart' meters ... just like 'smart' phones that have forgotten what the telephone experience should be like, 'smart' televisions that become moronic if the Internet connection drops, 'smart' books that delete themselves, and 'smart' web-sites that are unable to render basic HTML without a full-blown Turing Complete executable code environment!


German boffins smash records with 37km wireless spurt at 6Gbps


"enough to transmit a DVD" - Teleportation German style!

... but do we have to stand under the dish to catch them or are they deployed as bird scarers?


Google-backed Yieldify has acquired IP from ‘world’s biggest patent troll’


TLDR: need leverage to spin settlement out of copyright/patent infringement

Yieldify's series A funding of US$11.5m was jointly from Google Ventures *and* Softbank.

This isn't a Google-owned company.

Bounce Exchange (am I the only one keeps calling them BouncyCastle!?) have sued for Copyright infringement in New York and Patent infringement in Texas. They allege the Yieldify (this is a trading name of Zeus Enterprise Ltd.) directors/founders attended a demonstration of the BouncyCastle software and later ripped off the code.

Just this week Yieldify laid off 10% of its work-force and announced a new 'senior management team'.

It looks very much like the company is trying to find some bargaining leverage to reach a settlement with Bounce Exchange rather than go to trial and they believe this patent is the ammunition they need.

In the original New York suit part of Yieldify's defence reads:

"in March 2013, Mr. Jay Radia, Defendant's Chief Executive Officer, and Mr. Meelan Radia, Defendant's Chief Technical Officer, met with representatives of Plaintiff. At that meeting, Plaintiff demonstrated certain public-facing aspects of its behavioral marketing automation software. Plaintiff did not reveal any confidential information to Defendant, and did not show Defendant any of its source code, either at this meeting or otherwise."

I call that downright disingenuous and designed to mislead non-technical (legal) people.

The code at issue is client-side Javascript, so Yieldify or anyone else could easily copy Bounce Exchange's source-code without it being 'revealed' by them.

All it requires is to visit a web-site that uses Bounce Exchange's service to have the site send the source-code as an integral part of the HTTP request.

Amazingly, the Yieldify web-site states the legal entity is "Zeus Enterprises Ltd" but it is actually "Zeus Enterprise Ltd" (Co # 08037124) - OK, it's a small typo but you'd think they'd get the basic legal title correct, and it's repeated throughout their Privacy Policy and Cookies Policy.


Microsoft half-bricks Asus Windows 7 PCs with UEFI boot glitch


Seem to be missing some critical information

If the mobo has Secure Boot enabled, that infers it'll boot in UEFI mode, which implies either an entry in the firmware's boot menu, or the boot device has a removable media (simple) boot path loader at /EFI/BOOT/BOOTx64.EFI in an EFI System Partition, and that the boot-loader has a signing certificate indicating it was signed by a key trusted by a Certificate Authority embedded in the firmware.

It sounds as if the Asus firmware is doing something that isn't in the UEFI specification - namely when Secure Boot is enabled it isn't actually enabled so much as *optional* - if the initial boot-loader stub it reads doesn't have a signing certificate attached the firmware will boot with Secure Boot disabled.

If the MS KB3133977 update contains a boot-loader that is signed that would trigger Secure-Boot mode, but when the next stage is loaded and is found not to be signed it throws the reported error.

If this is correct then the Asus firmware could very easily mislead a user into believing a Secure Boot happened with an OS that does support Secure Boot when it didn't - any malware or physical intervention could replace the initial EFI stub with an unsigned version and the system would boot without a warning.

I hope this hypothesis is proved wrong else that's a big security FAIL on Asus' part.

If you're interested in the attack vectors I recommend reading this Intel & Phoenix "UEFI Secure Boot in Modern Computer Security Solutions" paper [0] and footnote 1 on page 7 and its reference 21 link to the Blackhat USA 2013 paper "A Tale of One Software Bypass of Windows 8 Secure Boot" [1].

[0] http://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf

[1] http://www.c7zero.info/stuff/Windows8SecureBoot_Bulygin-Furtak-Bazhniuk_BHUSA2013.pdf


Japan's Hitomi space 'scope bricked, declared lost after software bug


Good to see DevOps in Space!

Now we know why El Reg has been pushing DevOps so hard... they reckon it's rocket science!


Linux greybeards release beta of systemd-free Debian fork


@jerky_rs read the documentation

systemctl status --state active

systemctl list-sockets

systemctl list-dependencies ssh.service {--before | --after}

journalctl -u ssh.service

systemd-analyze {critical-chain | blame}

systemd-analyze dump

As an employer of admins for over 30 years if those admins can't be bothered to read the documentation, in man-pages or other forms, then I consider them remiss in the *most* important skill any admin should be using constantly.

When something isn't familiar you read the documentation, explore the commands themselves, do some lab-work, and become familiar with the tools.

systemd in particular has provided some excellent consistent tooling for gaining insights into service state, configuration, dependencies, resources and more.


Problems with Systemd and Pulseaudio

I find the technical design, configuration flexibility, single syntax, and tooling for analysing configuration and actions to be far superior to the alternatives especially on more complex systems.

I say that as someone who was originally set against accepting systemd at all and resisted it for a long time.

I've come to discover that in the main the problems attributed to systemd are more due to distributions adopting it before it is ready to take over the duties of other daemons, in that it hadn't reached feature-equivalence with the disparate services it extinguished.

Pulseaudio suffered the same way - it was introduced by maintainers before its features were complete for many mainstream use-cases, even though it was doing more sophisticated things without user intervention (I recall one such being automatic up/down sampling to match bit-rates for sources and sinks). In the case of Pulseaudio many people tend to forget that before it arrived the ALSA tooling it replaced didn't support multiple applications using the sound output at the same time, and that issue was a very big cause of desktop user bug reports and complaints.

With systemd one example is not supporting key-files for encrypted file-systems but it replaces the working cryptsetup scripts. That's something the distro maintainers could avoid by not including the systemd-cryptsetup service.

The reasoning behind the missing feature is technical perfection. There have been several pushes to add functionality but Lennart has held out against band-aid solutions and wants a once-and-for-all design which utilizes the kernel key-ring for handling the encryption keys.

So part of the problem is systemd-cryptsetup not implementing the full set of what I'd call 'standard' features but the distro maintainers enabling it, therefore causing regressions in user experience.

It is possible for distro maintainers to build only selected modules of systemd so that where features are not yet comparable the original service could remain, but mostly they don't do that.


Docker hired private detectives to pursue woman engineer's rape, death threat trolls


Troll mentality? - a story of abuse

Having been in from before the start of IRC - the first generally available anonymous Internet chat (excluding compuserve et al.) - I've observed this troll behaviour with some fascination, coming to understand or at least rationalise it, since it is an alien mentality to me.

I adopt the "laugh at them" approach, both for attacks aimed at me and at others around me - but just once - then totally ignore the trolling either mentally, or using technical measures (/ignore /ban etc.).

What I've observed is that all troll's *CRAVE* attention and wither away rapidly if they feel they're ignored. Even if you're reacting in the background (logging, tracing IPs, dropping honey-pot URLs into your conversation for them to visit [giving you info about their browser agent]) there should be a total lack of reaction in the troll's eyes.

A few years back my partner ( a man) was subject to escalating abuse that began online with blackmail-style attempts (threats to make allegations to me that would cause distrust in our relationship, etc.).

My partner was hugely upset and depressed by it, adopted what I call the 'victim mentality' and generally playing into the abuser's hands until I became aware and initiated a plan to identify them and put a stop to it.

It rapidly escalated to the real-world, first with poison letters to me, then to getting home visits from random (male) strangers at silly hours of the night who thought they were onto a random sex meet-up!

For the latter we tried to persuade several to provide details of how they had been fooled but most - understandably - were very embarrassed and eager to leave. So much so we recorded their vehicle registration numbers and later passed them to the police.

Due to the personal knowledge it was a reasonably good bet someone who knew us well was responsible so we set a honeytrap web-site and managed to get our primary suspect to visit it. That allowed us to correlate the IP and user-agent with details in some supposedly anonymous emails sent via services that add the SMTP X-Originating-IP header.

That gave us information about the ISP being used which correlated with yet more information we gathered on our range of suspects (from postmarks, etc), and we eventually got a perfect match that confirmed our primary suspect.

With all that information we made a complaint of harassment to the local police. A regular copper dealt with it and couldn't have been more helpful. Although she lacked the technical knowledge she was able to follow our (well organised and explained) evidence and through more technical colleagues rapidly came to the same conclusion as us.

The ISP information we'd gathered turned out to be the suspect's sister's family so when the police called at their house (in another county on the East Coast near Skegness) it of course made the entire family aware. From the sister they obtained the telephone number of the suspect and invited him in for an interview where - we are told - he was a trembling wreck. Presented with the evidence fell apart, admitted it, but had no rational explanation for the behaviour.

He was given a formal caution and a warning that any further contact and he'd be charged and taken to court. The last we heard was one last anonymous message saying he was "goodbye, I'm going to kill myself tonight". That was four years ago and we've not heard anything since.

I theorise it can't have done any harm in the online communities my partner used to hear the story since it marked him as someone to be wary of.

Sorry for the ramble but I wanted to give some confidence to others who may be targets that you do have options, especially if you have, or can obtain, technically literate expertise and a more cunning thought process!

In summary, trolls crave attention, are usually (but not always) meek and retiring in person, and generally have an inferiority complex. Thus, they feel safe to use anonymous mediums to attack people they deem weaker than themselves in an attempt to boost their own ego in their own eyes.

So, laughing at them can send the message "I'm confident and more psychologically strong than you" which lets them know they'll end up loosing so they rapidly loose interest.

If you are subject to such abuse and aren't mentally strong enough to counter it yourself I urge you to ask for help from someone who is and can - but avoid hot-heads that think making threats to the abuser will help in any way. At the least register a complaint (in writing, get an incident number, etc.) with the police to establish a history so if it later escalates it will be dealt with more urgently.


Official: EU goes after Google, alleges it uses Android to kill competition


Google not so astute

This has been so obviously on the cards for a long time; the parallels with the antitrust convictions of Microsoft between 1994-2013 are striking.

I'm just amazed that Google management refused to see this and amend their agreements a long time ago.

If they'd done that and competed on excellence and support for OEMs (including developing a unified patch/update C.I. pipeline) the EU would have been satisfied but the market would in all likelyhood have still overwhelming choosen the Google flavour.


Chinese crypto techie sentenced to death for leaking state secrets


Re: dollar payments

US$ is the de-facto alternative currency in many if not most countries due to its status as a reserve currency.


Moon miners book Kiwi rockets for 2017 lunar landing


It will then use hydrogen peroxide fuel...

... and if that fails at least it'll not have a bad-hair day.


UK authorities probe 'drone hitting plane at Heathrow'


Kepp those A320s out of our airspace!

How dare those airlines fly their large heavy dangerous airplanes into our small, light, perfectly 'armless remote controlled kids toys - won't somebody think of the children!?


CEO meeting fails to resolve Oracle-versus-Google java case


Re: Nuisance suite

You've got confused over the GNU GPLv2 issue and several of your statements are wrong.

The Java library code the Android Inc. company (later acquired by Google) used was Apache Harmony [1] under an Apache License and Android was originally a derivative of Harmony after they ditched the idea of using Java Mobile Edition (ME).

Dalivk was *not* a derivative of Java, it was a clean-room implementation of a virtual machine using a register-machine architecture and its own byte-code. Compiled Java class files have to be converted to the Dalvik DEX format.

The disputed code in the Oracle vs Google case was code developed directly by Google [2], not from Apache Harmony, but the API dispute is in regard to the sub-set of the entire Java SE API from Apache Harmony that Android Inc., originally adopted.

Android has now switched to the OpenJDK GNU GPLv2 licensed implementation.

Regardless of where concepts originate, the copyright exists in the *implementation* itself.

Oracle do *own* the Java API, by virtue of their purchase of Sun Microsystems. Copy-left licenses do not give away ownership, they give rights to distribute and receive source-code which otherwise would not exist.

In the U.S.A. the Federal Circuit Court of Appeals (the 'patent' circuit) has decided that APIs are subject to copyright and has remanded the issue back to the trial court for a new trial where Google's primary argument will presumably be that the Harmony/Android implementation was "Fair Use" [3].

[1] https://en.wikipedia.org/wiki/Apache_Harmony

[2] http://www.theregister.co.uk/2010/11/01/oracle_hits_google_with_code_copying_claims/

[3] https://en.wikipedia.org/wiki/Oracle_America,_Inc._v._Google,_Inc.#Appeals_Court


Linux command line mistake 'nukes web boss'S biz'


Whilst you're here...

... so you avoid the other 'rm' gotchya that traverses into the parent directory of the target when intending to delete 'dotfiles' via something like:

rm -rf .*

which matches ".." - the parent directory inode - and will merrily remove all entries in that directory too.

The shell file-name wildcard expansion is responsible. Use this instead (example with 'ls' to avoid damage):

bash/dash/sh: ls .[!.]*

bash/csh/zsh: ls .[^.]*

which will pick all the dot-files but not double-dot (link to parent directory). Only time this will be problematic is if there are files/directories named with the style "...three-dot-file".


US anti-encryption law is so 'braindead' it will outlaw file compression


And if everyone emails random data...

... imagine the fun when the government tries to force 'decryption' to plain-text :)

Any cryptographically secure data should be indistinguishable from random data.


BT hauled into Old Bailey after engineer's 7-metre fall broke both his ankles


And his colleague is still there, waiting for him!

Warning: black humour!

See Streetview: https://goo.gl/maps/z7WUjxGdXdN2


Bundling ZFS and Linux is impossible says Richard Stallman


You probably don't want to use OpenZFS on Linux...

... on your SSDs since it has no discard (TRIM/UNMAP) erase-block support in the file-system.

There are *experimental* patches coming along but they won't be in Ubuntu 16.04 LTS.

For TRIM/UNMAP discard support use eXT4 or BTRFS.


@ Bronek Kozicki: More data for your analysis

It's good to see a rational statement of the facts based on research into the issue, rather than the more typical knee-jerk opinions not based on fact.

To answer: Ubuntu 16.04 has the ZFS on Linux code as part of the Ubuntu Linux kernel source-code.

Some people need to remember the GPLv2 is a copyright licence (unilateral permission) not a contract (an exchange of obligations) [1]. Without it there is no right to copy, distribute or use a GPLv2 work.

When this issue first came up I did an in-depth analysis of it on Hacker News [0] and identified key issues that are being overlooked:

1. 'Derivative works" is a concept of U.S.A. Copyright law. It does not apply in the same way in the U.K., and Canonical Ltd., is a U.K. company.

2. The "OpenZFS On Linux" project is the so-called 'combined work' without needing to bring the Linux project into this.

OpenZFS On Linux distributes the OpenZFS (Solaris compatible) modules under the CDDL and the 'Linux' Solaris Porting Layer (SPL) module under the GPLv2. There are other SPL modules for interfacing with other operating systems.

These are actually separate modules with different licenses. The GPLv2 SPL is a shim (interface) layer.

So, the legal analysis should start with the OpenZFS On Linux project itself that distributes its code as a whole with parts licensed by the CDDL and others by the GPLv2. As the act of distribution speaks to the 'intent' of the authors of OpenZFS on Linux that would be the focus in a courtroom investigation if an action were brought - not what the Linux kernel developers, or Stallman, think.

3. When the Linux project is added into the mix, at runtime the GPLv2 OpenZFS on Linux SPL 'shim' module is dynamically linked into the Linux kernel and provides an API translation between the OpenZFS Solaris Platform API and the Linux API (just as the Nvidia kernel module does for its binary 'blob' module). The core OpenZFS modules dynamically link to the SPL module.

4. The GPLv2 SPL shim module could equally claim to be derived from Solaris or Linux, or both, since it implements, translates and calls the API interfaces of both OSes.

[0] https://news.ycombinator.com/item?id=11242410

[1] https://lwn.net/Articles/61292/


NASA gives blacked-out Kepler space 'scope the kiss of life


Hackers 1 - 0 Aliens

The best (and should be only) use of the word "Hacker".


WordPress pushes free default SSL for hosted sites


SSL? Didn't that get chucked out with the bath-water?

Last I noticed SSL (all versions) has been deprecated (as insecure) [0] in favour of TLS.

If I.T. folks (especially media, who as communicators should know to be precise in their use of terms) whom should know about these things continue to knowingly misrepresent the protocol name what chance have we (as a profession) to educate the non-technical folks about I.T. security?

See https://en.wikipedia.org/wiki/Transport_Layer_Security#Security


PayPal freezes 400-job expansion in North Carolina over bonkers religious freedom law


Re: Is Transgendered the new [Ms.] Black?

"... general office nudity would break my concentration every time a co-worker wobbled past my desk, ..."

Ah, the joys of working from home :p


Re: Riddle me this Batman

"because a transgendered person is not aroused by the sight of a member of the sex he or she desires to be."

Ah, I see you've not met my friend who is a trans-sexual female Lesbian ... and last I remember when around in great clonking hob-nail boots whilst sporting vivid pink shoulder length hair!

Still, made it easy to get into and out of crowds just by tucking in behind her :)


Re: @TJ1 - Who has the guilty conscience?

"Please don't get me wrong here, but why do you say this is a non-existent issue ?"

Because it is being used to deflect the electorate's - and media's - attention from the *real* substance of the law, which is to prevent the governments of cities and townships within the state passing diversity and equality ordnances/laws that go further then the state's protections - and the state is specifically calling out several key diversity/equality 'categories' as not protected.

*That* is the reason PayPal has reacted by 'freezing' its 400-employee support centre in the state.

P.S. I'm a gay man and fully support universal equality by constitution or written law without regard to 'categories'.


Re: Who are Americans?

> Any of you remember where Americans came from? Not THAT long ago.

Ah yes: Mexico, China, India, Philippines, Dominican Republic, Cuba, Vietnam, South Korea, Columbia, Haiti (and that's just the latest top 10 totalling 1 million people per year).

No European country has been in the top 10 going back to 1990 and beyond.


Who has the guilty conscience?

This kind of over-reaction to what has to be an almost non-existent issue always brings to my mind the key question:

Which of those law-makers was it that got so turned on sharing their chamber's bathrooms with a trans-gender person, that rather than maintain some self-discipline thought it better to reinforce their own insecurities (and have their cover blown - excuse the pun!) by imposing a law to keep those tempters/tresses out of the bathroom?

If you've got the urge either just say 'hello' or shut up and whistle Dixie!

P.S. Are those same lawmakers going to be demanding to see the apparently trans-gender person's passport to verify the gender re-assignment whilst in the bathroom?

P.P.S. Are those law-makers going to have a rummage around first - to confirm the apparent gender?

P.P.P.S. The mind just boggles...


Kik opens bot shop, promises world+dog access to teen market


"...improve people's lives"

So make a 'bot that cuts off their 'net for 20 hours a day and gets them doing something *useful* in their family/community - instead of staring at the bloody screen waiting for the next tid-bit of self-image validation whilst ignoring those actually around them!


Adobe preps emergency Flash patch for bug hackers are exploiting


Re: @El Reg BBC News

What's even more annoying is, just by running tcpdump on my gateway router and capturing traffic to an android device with BBC News application on it, and choosing some video link:

# tcpdump -w /data/bbc.pcap -ni br0 tcp and port 80 and host 10.2541.41

After extracting the HTTP stream using WireShark I get an MP4 link that works from the desktop browser (warning: Trump alert!)


So, there is absolutely zero reason not provide same via the web-site - and don't let the 'anti-Beeb' get away with arguing security by obscurity is somehow equivalent to geographical region-denial or 'anti-piracy'.


@El Reg

Time to name-and-shame and pester those prominent organisations still using Flash exclusively, with no HTML 5 option.

Hint: BBC web site, especially news (fed up having a big black box obscure every photo with a video link that says "You need to install Flash Player to play this content. Download Flash Now".

Since when did the BBC take up being a Malware advocate?


Spies rejoice! Gmail, Facebook Messenger BREACHed once again


Relies on Javascript

1. have control of the victim's network and install interceptor/sniffer

2. inject - into unauthenticated HTTP responses of some 3rd site - a Javascript

3. Javascript makes cross-site probe requests to the target site

3a. Javascript cannot read responses due to cross-origin policy block

4. network sniffer intercepts probe responses and analyses them

Yet another very good example of why using HTTPS for everything, having Javascript disabled by default, monitoring, and selectively enabling, are effective protections for many attack vectors like this.

Browser add-ons like uMatrix, NoScript, etc. will all help.


FCC boss: Oh look, net neutrality didn't end the world after all. Surprise!


re: former telco lobbyist

"You do the job that's in front of you" - Sam Vimes, Commander, City Watch


VMware's GPL violation case rolls into German court


Hellwig "doesn't have standing"

"The question here is not, whether Christoph has sufficient copyrightable contributions on Linux as a whole, but for the matter of this legal case it is relevant which of his copyrighted works end up in the disputed product VMware ESXi." [0]

From reading the details it seems like VMware is attempting to claim that Hellwig doesn't own sufficient copyright in the *code VMware have copied from Linux* into their "vmklinux" module, and not using the simple understanding but due to the German legal technical distinction "Bearbeiterurheberecht (loosely translated as modifying/editing authors right)" due to the incremental nature of most kernel code commits over extended periods of time.

As lawyers seem to like to play games with definitions it seems like arguing in the fashion above leaves them implicitly admitting they have copied the Linux code, but Hellwig didn't write/doesn't have copyright of that copied code.

I highly recommend the SFCs detailed technical analysis of the code under the sub-section title "Can you give a specific example, with code, showing how VMware combined Linux source code with their binary-only components?" at [1].

[0] http://laforge.gnumonks.org/blog/20160225-vmware-gpl/

[1] https://sfconservancy.org/copyleft-compliance/vmware-lawsuit-faq.html


Canonical accused of violating GPL with ZFS-in-Ubuntu 16.04 plan


OpenZFS CDDL license changes

Not obvious on the face of it but the OpenZFS license [0] - CDDL v1 [1] - itself includes clause 4.1 allowing "Sun Microsystem, Inc." and therefore its successor-in-interest Oracle to *modify* the text of the CDDL licence itself.

As the current OpenZFS license does *not* specify the version of the licence that applies it means in theory Oracle could modify the CDDL and subsequent distributions of OpenZFS (and other projects using the CDDL) would be covered by the *modified* license.

This was pointed out in the Hacker News thread to one of the core OpenZFS developers [2] who subsequently reported that from now on they would include a CDDL version specification in new code [3].

This is precisely why the Linux kernel is licensed [4] as "...the only valid version of the GPL as far as the kernel is concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x or whatever), unless explicitly otherwise stated." rather than the default GPL v2 [5] licensing phrase "... either version 2 of the License, or (at your option) any later version."

[0] https://github.com/zfsonlinux/zfs/blob/master/COPYRIGHT

[1] https://github.com/zfsonlinux/zfs/blob/master/OPENSOLARIS.LICENSE

[2] https://news.ycombinator.com/item?id=11178071

[3] https://news.ycombinator.com/item?id=11179121

[4] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/COPYING?id=2c3cf7d5f6105bb957df125dfce61d4483b8742d#n9

[5] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/COPYING?id=2c3cf7d5f6105bb957df125dfce61d4483b8742d#n314


Continuous Lifecycle Early Bird: Less than seven days left


No Dog-food?

Seems more than a little ironic to see these repeated Early-Bird time-limited promo offers especially in light of the subject; apparently the Finance side of the house isn't so impressed by Continuous Delivery and Dev-Ops.


Boffins' 5D laser-based storage tech could keep terabytes forever


Re: I don't understand ...

"The dimensions of the three-layered nano-structured dot voxel are length, width, depth, size and orientation."


Apple must help Feds unlock San Bernardino killer's iPhone – judge


Re: Apple Standards...

"Apple is claiming for itself a level of confidentiality and a duty of care on a par with Doctors, Lawyers and Priests. They are a phone manufacturer not a priviliged profession or religion."

I disagree. Apple says it has complied with legal and other requests for data it holds (I assume that mainly means the iCloud back-ups - which were a month old) and has its engineers advising the FBI technicians.

All that data is encrypted and the only place the key is stored is in the target iPhone 5C. The key's component parts cannot be extracted from the device's silicon which can only be activated by the device pass-code.

This issue is about the government compelling a company to attempt to crack its own product security, using its own resources, by creating a customised operating system image and finding a way to install it onto the target device so as to avoid the pass-code entry limitations.


Re: Apple immediately contests the order

"If that's true, does it not imply that the security of the encryption keys is "security through obscurity?" "

As I understand it, far from it. The whole point is that Apple's encryption scheme design is very good, to the point that the only way for the FBI to attempt to attack it is via a brute-force "enter lots of possible pass-codes" process.

Apple is being ordered to assist that process by creating a custom firmware update of iOS that aids that process by allowing non-human programmable pass-code entry attempts.

It is unclear from what I've read whether or not it is 100% certain that the iPhone 5c has hardware pass-code entry protection or not. Some sources claim the time-delay and quantity limits are implemented in the silicon (the Security Enclave). Others seem to suggest those limits are imposed by iOS.

If the latter, then in theory, a custom firmware upgrade could be used to automate a brute-force attack.

That still doesn't answer the question of whether the pass-code is required in order to use the firmware upgrade.

The court order suggests that it can be done without needing the pass-phrase, and without writing to the Flash memory (it uses the phrase "in-RAM"), which suggests there may be a way using a dedicated hardware harness (think JTAG debugging) to run a modified firmware without installing it, and thus avoiding pass-code entry.

Rather like on Android devices being able to hook it up to a PC and do:

fastboot boot local/kernel-image-file-name local/ram-disk-image-file-name



Apple immediately contests the order

February 16, 2016 A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.



Google after six-year tax foot-drag: No they're fine about the fine. We're fine. No fine


Think harder, or read...

"In the 2010-15 Parliament, the Committee held 276 evidence sessions and published 244 unanimous reports which included 1,338 recommendations. As proof of how seriously government takes the Committee's work, 88% of those recommendations were accepted by departments. "



ARM pumps fist as profits soar, warns of weaker hand in 2016


ARM 'sells' more in 1 year than every Intel x86 ever?

So, on these figures, more ARM-based chips were licensed and manufactured in 2015 than all the Intel x86 chips ever?

I base this observation on Intel's announcement in October 2014 that they'd sold 100 million microprocessors in their Q3 2014 for the first time ever.

Even if Intel had sold that many microprocessors every year for 34 years that's still only equivalent to the 2015 ARM-based production.

I knew that ARM based designs are everywhere but the sheer scale of those numbers is genuinely awesome!

Amazing what the BBC/Acorn Archimedes triggered :)


Japanese boffins fire up 100Gbps wireless broadband connection


Dulex WaveGuide Vinyl Silk

As anyone on the end of a xDSL line knows it's the Attenuation, stupid! 100Gbps Bluetooth maybe?

If the range is so limited I don't see how they can, on any level, compare it with Fibre optics since the key features of fibre are high bandwidth AND low attenuation/metre.

Maybe it can be combined with nano-material surface wave-guides as a new form of antenna - Dulex* WaveGuide Vinyl Silk?

*not Durex, although that 'raises' alternative antenna ideas :)


FTDI boss hits out at 'Chinese criminal gang' pumping knock-off chips


Re: A question for those that know more...

Your 3rd paragraph describes what the Windows FTDI driver released in January 2016 is doing. It injects "NON GENUINE DEVICE FOUND!" into the received serial data to alert the user (assuming the 'user' is a human watching a terminal console rather than a program using the serial link for embedded communications).

Combining the human operated terminal with the FTDI Windows driver is how the device-check you propose in paras 1 & 2 is performed.

The driver package released in October 2014 (and subsequently withdrawn) used an operation that would fail on a genuine FTDI device, but was accepted by a counterfeit FTDI device, to reprogram the device's EEPROM with a different USB Product ID (0) which isn't recognised by the FTDI licensed Windows driver.

Users could fix that up by re-writing a Windows driver .inf file to recognise the changed Product ID. That was the change the Linux kernel driver implemented (an additional Vendor/Product ID pair is recognised).

One of the alternatives devices, using the Prolific PL2303 chipsets, has been disabled in the latest Prolific Windows 8+ drivers as some (genuine) devices have been classified End-Of-Life. Additionally, the Prolific also disabled counterfeit devices with the same Windows "Code 10" error.

"Windows 8/8.1/10 are NOT supported in PL-2303HXA and PL-2303X EOL chip versions."

See http://www.prolific.com.tw/US/ShowProduct.aspx?p_id=225&pcid=41

We're dealing with a widespread industry counterfeiting problem, similar in nature to the counterfeit and just plain fraudulent USB Flash-based mass-storage devices, where USB device controllers are programmed to report a reputable USB manufacturer Vendor ID, and much larger capacities than they actually have, using address wrap-around to mask the fraud until the device has had a lot of writes.

Recently I've seen several (Linux) users burned by this latter issue, buying suspiciously cheap 'terabyte' USB thumb mass storage devices that report file-system errors due to the address wrap-around - usually they're actually 8GB-32GB devices with fraudulently programmed firmware in the device controller. Kingston, SanDisk and other major reputable brands have been suffering this for several years.

If, as a user, you condone and use a counterfeit device but expect an unrelated 3rd party to write and provide a licensed driver (FTDI/Prolific), then at the point you're aware the problem is between you and your supplier, not FTDI/Prolific.

If you disagree, then I know of several users of unlicensed copies of Windows who would like you (an unrelated 3rd party) to provide them with free updates and support.


NASA charges up 18-prop electric X-plane


Design Roadmap, Testing, in-depth technology insight (schematics, etc.)

"Hybrid Electric Integrated System Testbed (HEIST) and Full Scale Testing Update of the LEAPTech Wing"



Folding props, less drag, more lift, lower stall, smaller wing


"In this design, eighteen electric motors are mounted in nacelles regularly spaced spanwise along the wing leading edge and drive propellers that increase the dynamic pressure over the wing during takeoff and landing. The propellers spin at relatively low tip speeds to minimize noise. Propulsion in cruise flight is outside the scope of this analysis, but is intended to be fulfilled by a combination of some of these propellers, separate propellers mounted on the wingtips to take advantage of the wingtip vortex, and/or a separate propeller mounted on the tail boom to take advantage of the fuselage boundary layer. Any of the leading edge-mounted propellers not required for cruise propulsion fold at against the respective nacelles to minimize drag."


"One distributed electric propulsion (DEP) configuration that shows great potential is named Leading Edge Asynchronous Propellers Technology (LEAPTech) and features many small propellers distributed spanwise along the wing that blow the wing during takeoff and landing. This increases the dynamic pressure over the wing, facilitating lower stall speeds and/or reduced wing area without the need for structurally complex traditional multi-element high-lift systems. If the stall speed requirements are retained, a significantly smaller wing may be employed, because the wing is typically sized to meet takeoff and landing constraints. This smaller wing can result in a large reduction in cruise drag as well as substantially improved ride quality due to decreased gust sensitivity."

Aviation Technology, Integration, and Operations Conference, 16-20 June 2014, Atlanta, Georgia

"Drag Reduction Through Distributed Electric Propulsion"

See: http://www.jobyaviation.com/LEAPTech%28AIAA%29.pdf


Official UN panel findings on embassy-squatter released. Assange: I'm 'vindicated'


Even ignoring WGAD, UK Supreme Court suggests the EAW is invalid

I think like most non-lawyers my instinctive, common-sense, reaction is that Assange flew from justice as soon as his appeal against the European Arrest Warrant (EAW) to the UK Supreme Court (SC) was denied, and his plight is of his own making.

However I've taken the time to read the full Working Group on Arbitrary Detention (WGAD*) opinion, and even ignoring the opinion, was intrigued by the 'source' submission (Assange) in para. 79:

79. The source asserted that the legal basis for Mr. Assange’s extradition has further eroded. The UK’s response even rested its assertion on a Supreme Court decision which even the Supreme Court has distanced itself from. In the Bucnys case, the Supreme Court revisited its split decision in Assange vs. Swedish Prosecution Authority and explained that the single argument which had become the decisive point in Assange had been reached incorrectly.

That led me to read up on the SC's decision and reasoning in the 'Bucnys' case:

2013-11-20: Bucnys & Anor v Ministry of Justice of Lithuania; Lavrov v Ministry of Justice of Estonia


There's a SC legal blog that gives a good overview of the pertinent issues discussed by the court in earlier hearings:



Summarising, the court in the 'Bucnys' case re-visited the earlier Assange SC appeal holding. The issue turned on whether the organisation issuing the EAW is a 'judicial authority' (i.e. a Court) or a branch of the executive (i.e. government).

In the 'Bucnys' case the SC held:

"...that the relevant ministries of justice could not be a “judicial authority” within the meaning of the Council Framework Decision 2002/584/JHA and/or the Extradition Act 2003, Pt 1 because they were not part of the courts or judiciary as ordinarily understood"

The submission to the WAGD by Assange points to this in relation to the fact that the EAW was issued by the Swedish Prosecutors office, which is part of the 'executive branch' of government, not a 'judicial authority'.

This seems to suggest that, were Assange able to return to the SC, it is possible the SC would find the EAW is invalid as that was the decisive point in the original Assange judgement.

If that were found then the entire legal process since the issuing of the EAW and its certification in the UK would be found invalid, and would presumably lead to the conclusion that Assange's arrest was unlawful.

* WGAD: 5 members experienced in international human-rights law, and providing their services pro-bono (not paid for by the United Nations). http://www.ohchr.org/EN/Issues/Detention/Pages/Members.aspx