* Posts by Ken Hagan

4934 posts • joined 14 Jun 2007

Who would code a self-destruct feature into their own web browser? Oh, hello, Apple

Ken Hagan
Gold badge

Someone else already has: https://appdb.winehq.org/objectManager.php?sClass=application&iId=25

Apparently IE6 is garbage, but you might be able to use IE8.

0
0

Little warning: Deleting the wrong files may brick your Linux PC

Ken Hagan
Gold badge

"I mean when you see "rm -rf /", what do you think that will do, "

Even logged in as root, I think it will do nothing because it doesn't have --no-preserve-root. I still wouldn't want to accidentally type it on my own system, though. (Just the principle of the thing, you know. One shouldn't ever get *that* close to such a big mistake.)

But like the other guy said ... a default of --one-file-system would be nice, too.

0
0
Ken Hagan
Gold badge

Re: @TechnicalBen

"Even Windows has (had?) something of the kind."

I think this is still true: https://msdn.microsoft.com/en-gb/library/windows/desktop/aa365247%28v=vs.85%29.aspx (search for the section "Win32 Device Namespaces").

As a historical note (of which you are presumably aware, since you mention it, but others probably aren't) this odd behaviour is for backwards compatibility. DOS 1.0 didn't *have* sub-directories, so in order to support apps that simply wrote to (say) "CON", DOS 2.0 had to pretend that these devices existed in every directory.

It's utterly foul, but presumably MS have done their research and reckon that a significant number of end-users would wake up with broken apps if a new version of Windows ever fixed it. Such is life in the delightful world of closed-source software.

4
1

Winning Underhand C Contest code silently tricks nuke inspectors

Ken Hagan
Gold badge

Re: The scenario is irrelevant.

"In this case: a conventional warhead isn't supposed to contain fissionable material at all, so if the Geiger counter sings, shred it."

Then you've missed the point about how the false positives let you keep back some of your real warheads, untested. The scenario didn't seem that contrived. In fact, the most implausible part was the bit where no-one thought to run static analysis tools over the source code (many of which would pick up conflicting definitions like this without any trouble).

2
0

When customers try to be programmers: 'I want this CHANGED TO A ZERO ASAP'

Ken Hagan
Gold badge

Re: Any chance of a solution?

"Although the web server that executes any UNIX command in the URL [...] doesn't require a programming qualification to appreciate."

In fact, anyone who reads El Reg thoroughly will (at least this week) appreciate that a remote attacker could even wipe the UEFI firmware on your server this way.

The stories are all good. Perhaps they are too good. I know truth is stranger than fiction, but that also means that sometimes it is harder to believe.

0
0

Windows 10 will now automatically download and install on PCs

Ken Hagan
Gold badge

"Please explain your implication that a modern OS is more secure than an older one."

I like a challenge. I'll bite.

First off, the only relevant comparison is whether Win10 is more secure than Win7, 8 or 8.1, because the upgrade doesn't apply to any other.

Secondly, it is clear from the last few months that the only way to be sure that you don't wake up one morning to the Win10 "installing" screen is to switch off automatic updates, even if they are marked as purely "security" ones. Therefore, the comparison is between "Win10 which is getting patched" or "Win7/8/8.1 which is not getting patched".

Since every patch that you don't apply is a new zero day generously donated by Microsoft to the bag guys, the comparison may be fairly restated as "Win10 which MS are doing their level best to keep secure" or "Win7/8/8.1 which MS are doing their level best to turn into a stinking pile of zombie-fied porn server".

So, which is more secure? Hmmm ... actually you're right. That's not obvious.

11
3

Chip company FTDI accused of bricking counterfeits again

Ken Hagan
Gold badge

Re: Linux?

"a generic USERLAND 'libusb' equivalent for Windows"

Sounds a bit like WinUSB, which has existed for about a decade, but the story specifically for USB/RS232 devices is even more interesting. There's an official way to do RS232 over USB which non-Windows platforms have supported for ages and which Win10 now finally supports out of the box. So, if that's what you are using your FTDI chips for, then on Win10 you won't actually be using FTDI's drivers.

On older versions of Windows, of course, you are a bit stuck and nobbling the end-user's hardware when the counterfeiting offence was probably committed *way* up the manufacturing chain strikes me as very unfair on end-users. Fortunately, taking the law into your own hands like this is almost certainly contrary to computer mis-use laws and courts would in any case take a dim view of a vendor declaring themselves to be judge and jury like this.

Apologies for the long post, but the list of things that are wrong about this story is just boggling.

2
0

Samsung trolls Google, adds adblockers to phones

Ken Hagan
Gold badge

Not the most urgent job

Er, Samsung, any chance of pouring some of those development resources into shipping *updates* for the phones that you've already sold? If not, then frankly it isn't going to matter whether you and Google come to any agreement over ads -- the phones will end up rooted and displaying whatever their new owners want.

4
1

What’s new in Hyper-V in Windows Server 2016?

Ken Hagan
Gold badge

Shielded VMs

Have I missed something? Whilst it is fairly obvious that one can encrypt files and then physical access to the media doesn't help, it is much less obvious that one can encrypt computation. If you cannot encrypt computation, then everything your shielded VM does must actually happen on the physical CPU. An attacker with physical access to that CPU wouldn't need much in the way of snooping tools to duplicate that and turn it into a "live show" (fully decrypted) of your VM. Since *you* have no physical access to the machine, you have no way of knowing that they aren't doing this.

(Edit: Also, once they've got that, all your encryption keys are presumably in plain text at some point during the boot process, so they only need to do it the hard way once.)

0
0

Oracle kicks Amazon after Glacier download bill shock

Ken Hagan
Gold badge

Re: Archive != backup

"/dev/null is cheaper."

As Voland's appendage notes, that's not true if you later need to read the data *back* from /dev/null in court.

(Or maybe it is. Presumably the courts have already seen cases where someone made efforts to keep the records that they are obliged to keep, but lost them in some disaster. There must then have been some decision by the court about how much effort is reasonable and how bad a disaster has to be for it to truly be beyond someone's control. So if you spew all your "legal /dev/null" data in the direction of a cheap cloud provider who then goes titsup, have you met your legal obligations? If you use two cheap cloud providers, is *that* reasonable? What if one then buys the other and then itself goes titsup? None of this is IT-specific, of course. We've had storage providers for paper documents since whenever and all the same scenarios apply.)

0
0

Cops hate encryption but the NSA loves it when you use PGP

Ken Hagan
Gold badge

Re: So the next logical question...

With NAT, one IPv4 address nearly always means one property (home or small business). NAT at the ISP level is not widespread and not an obstacle if you are the local intelligence agency. If you've pinned it down to a single house, pinning it down further to a single keyboard isn't worth the effort. (If, on the other hand, you are an advertiser trying *not* to send the inappropriate ads to your customer's children, targetting down to the level of individual logins on a particular machine might be prudent, or even a legal requirement. Cookies still have their place, even with IPv6.)

Now if you'd made the point that some ISPs dynamically re-assign IPv4 addresses to different customers then you might have a point, but even here the "always-on" nature of an ADSL or cable connection means that the addresses remain associated with a single end-point for long periods.

0
0
Ken Hagan
Gold badge
Happy

Re: RE: Start encrypting every bit of Internet traffic

"Or is this that dry English humor that goes far over my head?"

Yes, I think it was. Would you like a whooshing sound now, or can we leave you to fill that in yourself?

0
0
Ken Hagan
Gold badge

Ssshhh!! Don't tlet on that there are people *outside* his circle of friends who can produce this stuff. It will make him sad.

0
0
Ken Hagan
Gold badge

Re: Ah, Traffic Analysis

"No evil secrets but encrypted regardless due to ssh."

In fairness, the article was specifically referring to PGP rather than any other encryption and (as noted by earlier comments) the decision to use PGP to protect a given email is a far more conscious one on the part of the "target" than (say) simply using SSH for remote connections. (Indeed, the latter is almost de rigeur even amongst n00bs for remote terminal sessions simply because there are no examples on the interwebs for running a telnet connection anymore.)

But I think I'm right in saying that if that email is sent to a foreign (**) email server via a STARTTLS-ed SMTP session, the spooks probably can't even tell whether it uses PGP or not because the metadata was encrypted in that case too. (**Foreign in this context means not in a country where the spooks can ask their friends to issue a warrant to the owner of the server.)

0
0
Ken Hagan
Gold badge

Re: The more, the merrier?

If every man and his gran were to use it then yes, the information value of its being used in any given circumstances would fall to zero. That would rather destroy the value that the NSA guy claims he currently gets out of it. So, no, he certainly doesn't want everyone to start using it, which is why he immediately tried to taint "PGP use" with the brush of"only bad guys use it".

It seems to me that that what we have here is some FUD disguised as a "Well I never!" news story.

3
0

Israeli drones and jet signals slurped by UK and US SIGINT teams

Ken Hagan
Gold badge

Re: Yes, but can the NSA get free HBO using this technique?

The "spying on their own citizens" bit was the justification for Snowden's slurp. Since these disclosures appear to be cases of spying on foreigners, why are they being published? Is it *now* the case that those with the data are now merrily publishing everything for the lolz rather than picking out just the examples that might apply pressure on the US government to rein in their spooks? Would those opposed to the NSA's internal spying now be better served by fewer Snowden-related disclosures? Are the Snowden archives now being used to discredit Snowden? (Let's face it, today's story is hardly a big deal. Israel isn't going to get hot under the collar about it and Iran probably expects it.)

8
3

'Printer Ready'. Er… you actually want to print? What, right now?

Ken Hagan
Gold badge

Re: A0 printing

Replying to myself (I know, but...):

How do they make e-Ink screens? Does that process scale to the point where you could roll out an A0-sized poster?

(Yes, I can google. From http://www.eink.com/faq_matrix.html: "The size and shape of an E Ink Matrix display is totally dictated by the size of the electrical backplane that the FPL is laminated to. Displays can be very small or very large. E Ink has standard display modules. Almost any size and shape can be made depending on the volumes. ". That would suggest that the idea isn't completely mad. Perhaps I'll live to see a proper display after all.)

1
0
Ken Hagan
Gold badge

Re: A0 printing

In this context, it is worth remembering that you can buy a 600dpi A4 printer for less than the cost of the ink to print your first test page, whereas a 600dpi screen of similar size is (to the best of my knowledge) not yet a Thing. I have trouble even estimating a date by which we might expect widespread availability of 600 DPI A0 screens, but I hope I'm still around then.

(Note: A0 is 33.11 x 46.81 inches, so that's about 20000 by 28000 pixels. The video industry will have to invent a whole new alphabet to prefix the "...-HD".)

4
0

Ginni Rometty to pocket $4.5m bonus for IBM leadership

Ken Hagan
Gold badge

They're probably pleased that it means only one set of ridiculously inflated bonuses. A one-person board would probably do less damage (there's only so many hours in a day) and cost millions less. (Also, if you look only at the inspirational examples (as gurus so often do) then you'd probably conclude that having a single person wielding absolute power like Gates or Jobs is utterly fantastic.)

But seriously for a moment, I think that no-one ever looks because it is no-one's job. The shareholders are either mega-corp pension funds who know nothing about the business except its stock price or individuals (in IBM's case, many employees and former employees) who are too small to count. The result is that the board's only incentive is to manipulate the share price for short term gain. Actually running the company isn't anyone's job either.

No-one knows how to run a company. No-one knows how to run a country. Once you get larger than the proverbial whelk stall, you are beyond what humanity actually understands. Fortunately, as long as everyone else doesn't understand either, you mostly get away with it if you do nothing.

8
0

Two-thirds of Android users vulnerable to web history sniff ransomware

Ken Hagan
Gold badge

Re: Building their own coffin

"We wouldn't have given MSFT a pass for telling us in 2009 (8 years after XP) that security patches have been available since Vista so "tough luck"."

Er, we would if Vista had been a free upgrade.

If I am able to upgrade to the latest Android, then having patches only in the latest Android is fine by me. The problem (as noted further up) is that even when patches are issued by Google for the version I am actually running, it is still touch and go whether my phone vendor will ever pull their corporate finger out and give it to me. (Er, the patch, that is, not the finger.)

0
0

Can't upgrade, won't upgrade: Windows Mobile's user problem

Ken Hagan
Gold badge

Re: Needs 1GB RAM?

Desktop Win10 runs in 1GB RAM fine. It insists on quite a lot more before it will let you install it, but after installation you can remove some of the RAM without penalty.

Microsoft's minimum system requirements are increasingly just fluff to encourage you to buy a new computer. It is a big change from 20 years ago when you had to double almost every parameter in the min spec to have a usable system.

Oh, and that "Program Files (x86)" folder would come in very handy if they ever dusted off their x86 emulator, written for RISC processors back when a top-end CPU had, er, some modest fraction of the CPU power of a modern low-end phone. ;)

0
0

UK Home Sec wants Minority Report-style policing – using your slurped data

Ken Hagan
Gold badge

That Minority Report reference...

I thought the point of MR was that you were prosecuted and punished for the crimes that you hadn't comitted yet. In fairness to the Home Secretary (yeah, I'm posting this just because I've never had a chance to write those words in that order before) I think she is still minded to wait until you've committed it. (If not, then we'll have to rely on the judges insisting on the correct chronological sequence.)

7
1

Boffins celebrate 30th anniversary of first deep examination of Uranus

Ken Hagan
Gold badge

Re: ice giant?

Back then, it was. The term "Ice Giant" was introduced in the 90s (after I, and probably most of you lot, had learned most of what we know about spaaaace). I sometimes wonder how much of my degree course is actually still true. (Most obviously, but surely not all.)

3
0

Sainsbury's Bank web pages stuck on crappy 20th century crypto

Ken Hagan
Gold badge

Even if that is the case, it is quite a drop because Lloyds currently score an A.

https://www.ssllabs.com/ssltest/analyze.html?d=online.lloydsbank.co.uk%2F

0
0

Docker bags unikernel gurus – now you can be just like Linus Torvalds

Ken Hagan
Gold badge

Re: So a unikernel

"Sounds like a ROM based 8 bit computer."

Assuming it is running on some kind of hypervisor, a better analogy would be a process on an operating system that properly isolates processes from each other. See also http://www.catb.org/jargon/html/W/wheel-of-reincarnation.html for other examples.

2
0

India just about accuses Facebook of faking Free Basics fandom

Ken Hagan
Gold badge

Re: Fakebook, er, Facebook needs to understand

Debatable. There's plenty of evidence that the education of women is at least as much a cause as a consequence of raising a country out of poverty and the internet is pretty effective at spreading new ideas to populations that are ready to receive them. (Ask any totalitarian dictator.)

0
2

It's 2016 and idiots still use '123456' as their password

Ken Hagan
Gold badge

Re: Nothing wrong with insecure passwords

Actually there *is* something wrong. Sites with no sensitive data should not ask for a password. Doing so trains the general population into believing that a password is an annoyance and the easiest way to deal with it is to use 123456 for all sites.

Then they are asked to choose a password for their bank account...

Sadly the commercial incentives are all wrong here, since sites that insist on registration (which is the usual excuse for demanding a password) can then spam your email address or flog it.

4
0

Waving Microsoft's Windows 10 stick won't help Intel's Gen 6 core

Ken Hagan
Gold badge
Facepalm

"The thrust is very much the business user, with Intel citing one Gartner analyst claiming the chips make PCs part of businesses’ "overall security solution" with users "more secure and productive than ever"."

It must be really annoying to be a Gartner analyst who isn't a fucking moron. The chip just executes instructions. Security comes from the software you run on the chip. The last time the hardware actually made a qualitative difference to security was back in the 1980s when Intel moved away from real-mode. Even then, it took Microsloth half a decade to produce an operating system that actually exploited the new feature properly, and then another full decade to make that OS the standard version of Windows.

6
1

How to get root on a Linux box, step 1: Make four billion system calls

Ken Hagan
Gold badge

Re: "...because you have to cycle a 32-bit integer in the kernel around to zero."

"Suppose you pick a fast syscall and it takes 1us or so, and then the calling programme continues."

My reading of the article is that only specific syscalls cause the "usage" variable to be bumped, so you can't just pick a cheap one. I don't think the article actually says that explicitly, so I may be wrong, but it seems quite implausible that a 32-bit variable would be touched by every syscall and cause a problem when it wraps. Linux systems stay up longer than that.

1
0

The planets really will be in alignment for the next month

Ken Hagan
Gold badge

Note for northern readers...

In our hemisphere, the arc goes the other way. Ta for the picture that made me stop and mentally stand on my head for a moment.

2
0

Microsoft herds biz users to Windows 10 by denying support for Win 7 and 8 on new CPUs

Ken Hagan
Gold badge

Re: Question to Supplier of hardware...

You seem to have missed the bit where Intel and AMD promised to stop making such hardware.

1
1
Ken Hagan
Gold badge

Re: The more they push

"...coming to me to install/learn Mint."

Still a modest barrier to exit then, at least in the minds of the would-be apostates.

Microsoft are presumably betting that most people won't have a Linux-y friend that they can go to. Based on today's market share, they might be right, but the internet can help you find friends so what we're (they're) really dealing with here is the growth of an invasive species in an ecosystem (non-business users with little or no legacy software to worry about) that has no natural defences against it, and that can undermine such cosy assumptions at exponential speed.

34
1
Ken Hagan
Gold badge

You *will* allow Win10 on your domain !!

So if a business hires new staff and needs a new PC or two for them to use, the choices are either to use an officially (and rather pointedly) unsupported OS or get used to managing a mixture of Win7 and Win10 machines on their domain.

Clearly MS were *very* upset by the XP experience where everyone vaguely corporate elected to downgrade their licence on a new PC. It will be interesting to see how poor the unsupported experience turns out to be. Since modern silicon tends to include an entire GPU (and cheaper machines tend to depend on it), there's scope for it to be "pretty poor indeed" if that GPU gets no support.

Still, it's no different from any other service pack.

13
0

Learn you Func Prog on five minute quick!

Ken Hagan
Gold badge

Re: No mention of Prolog?

I think Prolog is usually reckoned to be in a class of its own. My recollection is that you just say what you know about the problem and let the compiler write the actual program for you. Sadly, the only known implementations are people.

5
0

Nvidia GPUs give smut viewed incognito a second coming

Ken Hagan
Gold badge

Re: I imagine NVIDIA are in the clear

"I cant see any reason why the NVIDIA drivers should go round randomly clearing frame buffers just in case."

Because if they don't, someone can write a low privilege application that just goes around allocating frame buffers and saving the "uninitialised" contents as a bitmap and posting the bitmaps off to the NSA. For the OS (or driver) not to wipe memory before passing it to a new process is a COLLOSAL security failure that has been LAUGHABLE since the 1960s.

All modern operating systems handle this problem for RAM by maintaining lists of dirty pages and having a "zero fill" task that wipes them clean before transferring them to the free list. It happens whenever there is free time (waiting for I/O perhaps) or, as a last resort, at the point of allocation. Since the last resort is hardly ever reached, the cost to the interactive end-user is effectively zero.

A GPU driver could use a similar scheme and (as already mentioned) certainly has the bandwidth to make it affordable.

1
0
Ken Hagan
Gold badge

Re: Video driver clearing memory

"IMO in this case the bug lies squarely with Chrome: if you go out of private mode, you erase ALL of the stuff you did until then."

Chrome probably did. If the OS (driver land) lies to you about having wiped and discarded frame buffers, there's not much an app can do. Drivers should never give a buffer to a new app without wiping it first. Apps should not have to write code to work around the possibility of the OS not doing its job. I put the blame entirely on the GPU driver.

1
0

Come in Internet Explorers, your time is up. Or not. Up to you

Ken Hagan
Gold badge

Re: What kind of survey?

There is not the slightest possibility that the sampling is not skewed. For starters, it is skewed in favour of those with nothing better to do with their time than answer a survey, unless they paid for the data in which case it is skewed towards those for whom that level of payment is higher than their normal hourly rate and towards those who don't know what "hourly rate" means.

This line of argument, of course, applies to all surveys. Doesn't mean it ain't true.

0
0
Ken Hagan
Gold badge

Re: Stuck with old IE?

I don't see anything here asking for continued support. I do see one or two people trying to explain why that is an issue. Specifically, they are trying to explain it to the holier than thou fuckwits who reckon that because you took a sysadmin's job that involved MS kit you are also taking on moral responsibility for the state of that kit.

For most of the techy population, turning round and getting another job isn't the easy option that some would like to believe.

6
0
Ken Hagan
Gold badge

Re: If

What tying? FWIW, the "oddity" you mention is the only case where it was necessary to upgrade the OS in order to get the latest IE and the fact that Microsoft's HTML support is part of the OS has never prevented third parties from offering alternative browsers with their own rendering engines.

Oh, and it is hard to talk about Microsoft's "mistakes" in this area when their strategy of turning the browser into a platform succeeded so well that it knocked every other browser vendor out of the market for several years.

They may be evil but give them credit where it's due -- they are (or were) good at being evil.

2
0

Microsoft’s Get Windows 10 nagware shows signs of sentience

Ken Hagan
Gold badge

Re: GWX isn't the problem.

"the 10 years of support pledge"

That support was only ever for the latest service pack.

The latest service pack is called Windows 10.

Now if you don't *like* the latest service pack, or if it breaks a load of your stuff, that's a completely different issue...

16
3

Discworld fans stake claim to element 117

Ken Hagan
Gold badge

Re: Because 117 is a halogen...

118 probably ought to end in -on for similar reasons. Skipping over helium, we have neon, argon, krypton, xenon, radon and <118>.

1
0
Ken Hagan
Gold badge

The rules had better not say that. Walking down the group we have Fluorine, Chlorine, Bromine, Iodine, Astatine and <this one>. The "ium" ending is traditional for metals and most of the trans-uranic elements to date have been metals, but 117 is a halogen and any self-respecting chemist would insist on a name ending in -ine.

7
0

Smartphone hard, dudes, like it’s the end of the world!

Ken Hagan
Gold badge

Re: "Next week, I shall review the Large Hadron Collider for Gizmodo."

Rather more useful would be a review of the next generation collider, including details of what particles it can find, so that we know whether it is worth buying one.

3
0

Use of big data can lead to 'harmful exclusion, discrimination' – FTC

Ken Hagan
Gold badge

GIGO ?

I've always understood this to include "bias in, bias out" as a particular case. Students in the hard sciences are taught about systematic error which is similar. Do the business studies crowd have nothing similar?

6
0

GCHQ mass spying will 'cost lives in Britain,' warns ex-NSA tech chief

Ken Hagan
Gold badge

Re: Right answer, wrong reasons

"collecting everything then applying the rules retrospectively"

I took his argument to be that the useful intelligence is not in the stuff that can be collected en masse. You get it only if you pull resources away from the mass slurp and put them into picking targets and following them more closely. If that is the case, there can be no "retrospectively" and the mass slurp costs lives because (believe it or not) the spooks' budget is finite.

2
0
Ken Hagan
Gold badge

Re: The man is absolutely right!

Given the increasing public disquiet at mass snooping, it won't be long before the needles are indistinguishable from the straw. That, surely, is the worst aspect of this policy direction -- it creates far more dissent and mistrust than it uncovers.

2
0

Firefox will support non-standard CSS for WebKit compatibility

Ken Hagan
Gold badge

It would be far better if they added such support *conditionally* on the browsing machine's DNS suffix *not* matching the website under view (at least to some level in the hierarchy).

Real end-users get the support they need for broken sites. The authors of those sites get a slap in the face. Everyone's happy.

3
0

Periodic table enjoys elemental engorgement

Ken Hagan
Gold badge

Re: It is SO Obvious: Unobtainium...

"onethirteenium, onefifteenium, oneseventeenium, and oneeighteenium"

But they are already called those names (albeit in Latin). We're looking for ones that aren't crap.

15
0

UK says wider National Insurance number use no longer a no-no

Ken Hagan
Gold badge
Unhappy

Hmm. You make a statement of fact and you (currently) have one downvote but no explanatory reply. The possibilities would seem to be:

1) The fact is considered to be false, in which case some supporting evidence would appear to be in order since your claim is one I've heard before and I rather suspect you are correct.

2) The fact is considered to be irrelevant, in which case someone really needs to learn about primary keys before voting.

3) Citing facts is considered to be something one simply doesn't do, in which case someone is on the wrong site.

OK, number 3 isn't very plausible, but I was really struggling.

2
1
Ken Hagan
Gold badge

Re: Pros and Cons

"It does however illustrate the fact that from time to time there is a genuine need for the state to identify its citizens..."

Equally it suggests that such times are rare. In addition, it suggests that a population that had just spent the best part of a decade battling against fascists were extremely keen to put such mechanisms beyond use.

2
0

Forums