Feeds

* Posts by Ken Hagan

4071 posts • joined 14 Jun 2007

Lavabit loses contempt of court appeal over protecting Snowden, customers

Ken Hagan
Gold badge

Re: living a lie

"In the UK, it emerged that Prince Charles actually has special powers, largely secret, to lobby and veto policies by the democratically elected government."

I call bollocks. If these "powers" are secret then they don't exist. Logically, the act of using them would require that they be made public, or else no-one would know what they'd been compelled to do against their will. Since that hasn't happened, we can conclude that they haven't ever been used. They are a figment of the Graun's over-active imagination.

It is true that Chaz has the ear of ministers, like many other lobbyists. However, the blame, er, responsibility, for the actual decisions rests entirely with the ministers involved. That's why we spit contempt for the ministers whenever they roll over for the lobbyists. We don't say "Oh, you cruel lobbyist forcing the nice minister to be a complete pratt.". We say "You complete pratt, listening to a pathetic lobbyist.".

And then we vote them back in for some reason, but I digress...

2
0

Microsoft's Nadella: SQL Server 2014 means we're all about data

Ken Hagan
Gold badge

Re: an application he said had been "born in the cloud,"

It means the waiting is over. We now *know* that Microsoft's new CEO has no more of a clue than the last one. Win9 will be more window dressing, the next version of SQL Server will be a subscription model with all your data held in the cloud, and there's going to be a major new platform announcement as they reveal "WinBS", the successor to the legacy WinRT platform.

0
0

NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS

Ken Hagan
Gold badge

Re: Maybe I'm naive,

"How the heck do you expect the NSA to find every security flaw before the rest of the entire planet?"

I don't, but...

There are relatively few SSL suites in widespread use and pretty much all secure communication on the internet is built on top of them, so they are pretty important. OpenSSL happens to be open source, but that's probably not an issue since I'm sure the necessary arms can be twisted if the NSA want a look-see at Microsoft's crypto libraries. If the NSA, with a budget in the billions, doesn't have a team poring over these suites then someone needs to have their employment contract reformatted.

I expect that team to find a buffer overrun vulnerability in a codebase that lies square in the middle of their competence with a couple of years of it being published. Whether that is before the rest of the world is another matter entirely. I also assume that several other nations have teams doing much the same, so they might get there first.

0
0
Ken Hagan
Gold badge

Re: No proof but I wouldn't be surprised if it were true

"As is becoming increasingly clear, the NSA has done more economic harm to the U.S than any foreign actor in recent history, aside from perhaps China."

I don't wish to be too cynical here, but in peacetime it is generally true that the main damage to a country's interests come from the incompetence of its own government. They have so much more power than any other actor and yet they are subject to all the usual human frailties and incompetence.

3
0
Ken Hagan
Gold badge

Re: Did the NSA write this bug?

It is "elegant" in the sense that it does not adversely affect clients that send well-formed packets, it will never (for sufficiently small values of packet length) crash the server, is pretty unlikely to do so for larger values, and you can just set up a server farm hoovering up data from zillions of targets 24/7 for a few years and see what turns up. It costs you nothing more than the leccy bill.

Given their resources and their mission, they (and like-minded agencies in other countries) ought to have people reviewing the changes being committed to OpenSSL, as they happen. If they didn't spot the flaw within a week or two of it being committed then they should be asking themselves why.

6
0
Ken Hagan
Gold badge

"NSA isn't in the "protect your bank account[...]" because those functions aren't in the national interest no matter how important we think we are."

You must have missed the financial crash a few years ago. A way of pulling down small numbers of bank accounts is not a problem. A way of hoovering up credentials quietly until you have a million or so accounts that you can vaporise in one night of action would be untargetted but definitely a threat to the nation's well-being.

1
0

Obama allows NSA to exploit 0-days: report

Ken Hagan
Gold badge

Missing the point, surely?

It is no secret that the NSA exists and has a massive budget. Any moral outrage about its activities should either have been consistently expressed for the last few decades or, if only recently felt, should be based on revelations concerning who they target rather than how they do it.

I don't have a big problem with the NSA using a 0-day to spy on (say) North Korea.

3
0

France bans managers from contacting workers outside business hours

Ken Hagan
Gold badge

Re: Solution

I took the OP to mean "well regarded ... as a regular source of material.".

0
0
Ken Hagan
Gold badge

Re: Fine until

"They are either unique or they are not. Stop mangling a very useful word."

I sympathise, but I thought that "not as unique" was rather appropriate. It will, after all, come as a great surprise to those concerned to discover that they are replaceable. One must break these things gently, even if it pains your inner linguist.

0
0

Russian deputy PM: 'We are coming to the Moon FOREVER'

Ken Hagan
Gold badge
Facepalm

Re: title

Actually I didn't see the icon.

Sorry.

0
1
Ken Hagan
Gold badge

Since this is an IT site...

...let me be the first to point out that (with a round-trip latency of just a few seconds) only a complete cretin would populate a moonbase with fleshies. They need air, food, water, healthcare and a psychological need not to be boxed up in a confined space for months on end. You want drones.

2
4
Ken Hagan
Gold badge

"Its ok we can let the Russians paint the moon communist red..."

News just in: Russia hasn't been communist since 1917.

News update: Russia hasn't even been pretending to be communist since 1991.

But they like red almost as much as the Republicans, so I'll let you have that one.

7
1

OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts

Ken Hagan
Gold badge

Re: Its mostly C ....

"a serious beating with a Clue Stick"

Would a Clue Fork do? Based on what I've learned in the last week, I wouldn't be surprised if OpenSSL wasn't the only game in town in twelve months time. They could start by fixing the bugs that prevent the use of the standard allocator.

0
0
Ken Hagan
Gold badge

Re: health check?

I'm sure that FOSS developers all over the world will be asking themselves what they can learn from this, but since it is all volunteer work there is no authority or paymaster who could perform such a review or enforce such standards.

1
0
Ken Hagan
Gold badge

Re: The real problem is C

"How about bounds-checking in hardware?"

To be effective in this case, it would need to have byte granularity and be capable of tracking millions of separate allocations. Hardware bounds-checking at page granularity works well for keeping processes off each other's toes. It's impractical for tracking the millions of tiny allocations that a large server might have in play at any given moment.

On the other hand, there are languages that automate such things. They are frequently able to prove the correctness of a particular access at compile time. Where a run-time check is needed, memory latency and out-of-order execution often means that the check costs no time. Either way, these methods are practical at whatever granularity and whatever scaling you care to mention.

1
0
Ken Hagan
Gold badge

Re: The problem isn't C

"No, the problem is C. In a reasonable language, declaring an array of byte data[P] would result in an *empty* array of bytes."

and that is what would have happened in OpenSSL if the writers hadn't chosen to write their own allocator. The most fascist bounds checking language out there won't help if you write your own allocator on top, particularly if you write one that permits use-after-free.

9
0
Ken Hagan
Gold badge

Re: Short-handed? Not bloody likely

Perhaps working on cryptography software requires a particular (and rare) combination of skills. It's all very well pointing out that this bug is a novice error, but when it is buried within a lot of code where even fixing valgrind errors has catastrophic consequences, most of us are too aware of our own limitations to even step forward.

3
0
Ken Hagan
Gold badge

Re: The real problem is C

"... D. It's a lovely language - essentially a rebuild of C++ with an "if we knew then what we know now" approach."

A bit like C++11 then. Both would be perfectly reasonable replacements for the C that (inexplicably to my mind) appears to be the preferred choice for several rather important FOSS endeavours. Seriously guys, it has been a quarter of a century since we learned how to make C safer without any loss in performance (or one's ability to twiddle bits or map brain-dead structure layouts). Memory management in particular is a solved problem.

3
1

US taxman blows Win XP deadline, must now spend millions on custom support

Ken Hagan
Gold badge

Re: Another win for closed source software.

"I can't imagine any government agency trying to support an OS themselves."

The OS almost certainly isn't the problem (and if it was then the USG already has the source code and could probably use its waiver on copyright protection). The problem is probably half a dozen "critical apps". The company may have ceased to exist, or failed to keep the source code, or simply be too incompetent to product a working Win7 version. In those cases, source code escrow would be a useful insurance. We're probably talking about fairly small amounts of code, too, compared to an OS.

10
0
Ken Hagan
Gold badge

Re: The MS plan advances...

"You just described Win 8 System/360."

FTFY

13
0

Not just websites hit by OpenSSL's Heartbleed – PCs, phones and more under threat

Ken Hagan
Gold badge

why malloc doesn't nuke

It's because it serves no purpose to do so.

An OS will certainly zero pages before giving them to you because those pages could have come from almost any previous process and the security implications of that have been known since the 60s. However, all sane runtime libraries ask for big blocks from the OS and then implement their own sub-allocation scheme on top. Doing it in-process is a big performance win (because you don't have to cross privilege boundaries) and omitting to zero the sub-allocated memory in your own address space is not a problem because it was already visible to any thread in your address space. It's not a problem until you then squirt the dirty memory out of a socket.

Yes, it could have been avoided by using calloc() rather than malloc() everywhere, but it could also have been avoided by sanitising your inputs before responding to them. The former would pointlessly double the number of writes to memory. The latter is simply "correct". My vote goes for the latter.

Note also that debug versions of malloc nearly always do pre-fill the memory (and the matching version of free post-fills with a different pattern) but this is *because* it is pointless to do so. Or rather, because it bloody well ought to be pointless and therefore doing it is a simple way of flushing out a certain class of bug.

6
0

AMD unveils Godzilla's graphics card – 'the world's fastest, period'

Ken Hagan
Gold badge

Nothing *particularly* remarkable, except that the only appliances in my house that eat more than 500W are the ones with heating elements in them. In other words, they were designed specifically to warm stuff up.

0
0

Honeybee boffin STINGS OWN WEDDING TACKLE... for SCIENCE

Ken Hagan
Gold badge
Paris Hilton

Re: "he doesn't think his data is particularly useful"

Well he obviously needs a female subject to complete his data set, but I'm guessing there aren't any women out there who are that stupid.

4
0

Microsoft: We've got HUNDREDS of patents on Android tech

Ken Hagan
Gold badge

What would you bother? ext2 is adequate for most purposes and already exists. You'd need to bundle the Windows ext2 implementation as part of the "PC tools" for your phone, and persuade your customers to actually install those, but once you've done that you've broken the FAT licensing gravy train forever. *That* is what Microsoft are worried about.

7
0

Microsoft's Windows 8.1 updates also tweak Windows Server 2012

Ken Hagan
Gold badge

"Mind you, I'm capable of learning a new GUI, which sounds like it's a massive problem for some people.

It's an even massiver problem for the IT staff who have to support those people. Fortunately, if MS have *any* corporate direction right now, then it seems to be "baby steps every six months back to Win7". IIRC, there are two more 6-month cycles until Win7 drops out of normal support. They'll need to hurry up.

0
0

Torvalds rails at Linux developer: 'I'm f*cking tired of your code'

Ken Hagan
Gold badge

Re: Torvalds's attitude

" I strongly suggest you follow the Linux Kernel Mailing List (LKML) thread a bit..."

Interesting. "what Andrew said" was that the rate limiting should be applied per-file-descriptor and this was in contrast to per-user. It was then noted that per-user would be more effective against someone who tried to get around the per-file-descriptor restriction by opening several FDs, to which Linus responded:

"I don't think we should try to protect against wilful bad behavior unless that is shown to be necessary. Yeah, if it turns out that systemd really does that just to mess with us, we'd need to extend it, but in the absence of proof to the contrary, maybe this simple attached patch works?"

And indeed it seems to work. Someone had one of the previously afflicted systems booting by Thursday. So it's all remarkably boring and grown-up and productive over there.

And elsewhere in the thread it is noted that the systemd people have fixed their side of the bug, too.

3
1
Ken Hagan
Gold badge

Re: Odd timing

Two points in mitigation:

"You did not read the Reg article properly, you certainly have not looked at the linked material"

Well, I think quite a lot of readers don't look at the linked material. We rely on El Reg to summarise enough of it so that we have a balanced view of the situation without doing all the research ourselves. Thanks, at least from me, for the additional summary.

And in any case:

If the kernel can't protect itself against bugs in user-space programs, it isn't a very good kernel. Linus is free to have as low an opinion as he likes of the systemd people concerned, but he does need to change his kernel to address this. It's a DOS attack vector and if it was in Windows then we'd be queueing up to explain how it proves Microsoft's inherent shit-ness.

35
7

Too late, Blighty! Samsung boffins claim breakthrough graphene manufacturing success

Ken Hagan
Gold badge

Re: This will not be good

On the bright side, a similar cloud would probably be equally fatal for all the drones and robot soldiers they are building, which makes it less immoral than biological.

And historically, the evidence is actually in favour of developing such weapons. As a species, we've used all-out chemical weapons once (WW1) and thereafter only in pretty desparate conflicts where one side thought they wouldn't be noticed. Bio-weapons were certainly developed during WW2 but none of the sides were actually willing to use them for fear of retaliation. Atomic weapons were used once, when the US was certain that no-one else had them. As soon as that certainty was overturned, the willingness to use them (eg, in Korea) disappeared.

Slowly, the politicians and generals are learning. Our technical prowess makes all-out war indistinguishable from suicide. Therefore, all future wars will be fought with both sides pulling their punches and if one side looks like losing everything, it will stop pulling its punches and the "winners" will wish they hadn't.

4
0

Microsoft in OPEN-SOURCE .Net love-in with new foundation

Ken Hagan
Gold badge

Re: Call me cynical but…

Indeed. Let me join you in your cynicism.

If the article is to be believed, all the freed software is compilers and language tools. Given the maturity of this branch of software engineering (yacc and lex are as old as I am), I'd have thought writing a C# compiler was the least of your problems in trying to make C# or .NET useful on non-Windows platforms. Even if it weren't, Microsoft already give away a perfectly usable C# compiler.

Have they also released the extensive framework libraries that you need to do anything useful? Is this the same .NET that was pushed into the sidings with the announcement of WinRT a year or so back? Is there anyone at Microsoft who would be excited to be moved to the .NET team today?

4
0

Organic food: Pricey, not particularly healthy, won't save you from cancer

Ken Hagan
Gold badge

Re: If food is not "organic", it logically must be "inorganic"

"He would have used whatever poison or killing mechanism possible to murder slugs and the like (table salt, for example). (They still tasted good though!)"

Well obviously you wouldn't eat one without *any* seasoning...

4
0
Ken Hagan
Gold badge

Re: Agenda here?

"Yup square root of fuck all."

Maybe they just don't like you. It's not like I'm counting, but when I'm visiting vegetarian friends I quite often get offered something meaty.

1
1
Ken Hagan
Gold badge

Re: risk of cancer

Well, if you live such a healthy lifestyle that you fail to die of anything else (like, heart disease) then you will eventually die of cancer. This is organic veg we're talking about, not the freakin' Elixir of Life.

A more meaningful metric would be the risk of dying *early* of cancer. In fact, this would appear to be a general weakness of all "X gives you Y" type studies that end up in the popular press, but it is entirely possible that grown-up medical researchers routinely allow for this in some clever and standardised way that goes straight over the newspapers' heads and so never gets reported. Does anyone here know?

9
0

In three hours, Microsoft gave the Windows-verse everything it needed

Ken Hagan
Gold badge

Re: I hate to bang on about this AGAIN

"Ah. Silly me (and one or two others) then, for spending all that time creating a responsive design for my web site."

If your website tries to look the same on all these platforms then yes, you've wasted your time. If it adapts to the target device and offers different layout, different facilities, different navigation, then you've done just what the man said and created different UIs for each case. Well done.

9
3
Ken Hagan
Gold badge

Multi-threaded, eh? Gosh, how modern.

"Microsoft demonstrated a new Windows RT sync app that talks to some old database code using synchronous calls, but without blocking the user interface thread as synchronous calls used to do in the Victorian era (eg, 1995)."

I think you need to explain this a little more. As it stands, it sounds underwhelming.

4
0

Boffins make noise about D-Wave chip: it seems quantum

Ken Hagan
Gold badge

Doesn't really help me, I'm afraid. The phrase "more quantumly" rather goes against the grain of quantumness in my book. Either something is quantised or it is continuous, surely?

1
0

Microsoft in 1-year Windows XP survival deal with UK govt

Ken Hagan
Gold badge

Re: Upgrade cycle

"Most of the documents I've thrown at OO and LO have been well and truly mangled."

And if you are on the bleeding edge of the feature set then you'll have similar troubles moving documents between Office 2003 and 2007. The morals of the story are that Office formats are not a safe place to put your work, you need to stop using them, and it's only going to get harder the longer you put it off.

3
0
Ken Hagan
Gold badge

Re: Wasting taxpayer's money again

"I work at Nottingham Trent University, but any other UK university will be the same. As has been pointed out before in this thread, the majority of students use IT as a means to an end, mainly to write up their work and ultimately their thesis."

I'm rather surprised that everyone isn't just expected to bring their own device for such purposes. Back in the day we wrote up work with pen and paper and we were expected to buy our own. Students at secondary school are now expected to have access to a computer at home. (I don't know what the kids from deprived backgrounds do. I expect it isn't good for their education.) If you are paying several thousand in tuition fees, a cheap laptop is the least of your worries.

Now if there's some expensive software package that they need access to, that's different, but you didn't say that.

0
1

Is this photo PROOF a Windows 7 Start Menu is coming back?

Ken Hagan
Gold badge

Re: To be fair...

"The only problem is they need to get this released now, not in Windows 9 in 2015."

From the article...

"Myerson didn't say when this next Windows makeover would ship to customers, but he did say that Microsoft "will be making this available to all Windows 8.1 users as an update.""

So that's before Windows 9. I expect they will roll it out in six months time. They'll call it something daft. Everyone else will call it 8.3 (coz next week's offering is clearly 8.2), and *if* there is an API actually willing to admit to the true kernel version number (which is looking increasingly unlikely) then it will be something like 6.5.

1
0

How Microsoft can keep Win XP alive – and WHY: A real-world example

Ken Hagan
Gold badge

"many apps would be crippled by being restricted to 32-bit (more and more *need* 64-bit to function)."

Christ on a fucking bike, mate! What are you smoking?

Outside of database servers, video editing and weather forecasting, hardly anything is *crippled* by being squeezed into 2GB of working memory.

4
1
Ken Hagan
Gold badge

Re: Keeping Windows XP alive is not good for anyone

"As HiDPI screens finally appear, Microsoft needs programmers to switch to APIs that work well with these displays."

Actually no. Programmers don't need to use new APIs at all. If you followed the guidelines laid down 30 years ago in the Book of Petzold, using GetSystemMetrics() and the like, the only thing stopping your XP application from scaling perfectly on a Hi-DPI system is the fact that later versions of Windows deliberately lie to you when you call these APIs. The "fix" is for you to recompile your application with a manifest containing GUIDs that were only published in the years after Vista was released.

6
1
Ken Hagan
Gold badge

Re: Irrelevant Here.

"The article (please, read it) shows that it is [viable], even at the worst pessimistic scenario."

Er, no. The article's analysis is pretty flawed. People who are stuck with XP talking to old hardware have the option of isolating the XP boxes from the internet and carrying on as before, indefinitely, at zero cost, and zero risk.

The only people who need to pay for XP support are idiots in government who tethered themselves to IE6 and then went to sleep for a decade. Microsoft saw them coming and are charging three times Trevor's "viable" rate (initially, jumping to even larger multipliers in the next few years). MS will get their fee, too. The problem with the article is that there's no *larger* market for paid support if MS drop the prices to the levels suggested here (because you can isolate the machine and pay nothing), so there's no reason for MS not to gouge the small number of idiots for all they can.

1
1
Ken Hagan
Gold badge

"If it works initially then why should it not continue to work"

Quite, and I confidently expect isolated systems running XP to carry on working until the hardware fails. I've heard no credible claims that XP is going to stop working next week.

It's obviously different if you want to use your lathe to surf for porn on the internet. If that's what floats your boat, I suggest you get a new lathe with Windows 8 on it. (It'll serve you right.)

1
1
Ken Hagan
Gold badge

Re: Re:Linux running most of the world's servers

"Some devs have written a driver in a day."

But probably not in cases where the original hardware vendor either no longer exists, or no longer has any technical records for that particular model, or just wants to sell you a new lathe and is therefore unwilling to provide documentation.

And once your dev has reverse engineered the hardware spec, they are unlikely to be willing to guarantee the correct operation of their driver. At least, they won't be willing to sign a piece of paper that lets you recover losses from them if the driver turns round in a month's time and refuses to talk to the lathe that your business depends on. You might argue that the lathe vendor signed no such paper either, but you have a decade or more of experience to build your confidence in the original driver. The new one is a leap in the dark.

7
1

US Supreme Court Justices hear arguments in game-changing software IP case

Ken Hagan
Gold badge

Re: Similar programs and Copyright

"If it does precisely the same thing in precisely the same way there is a prima facie issue of copying."

Or it is a pretty obvious idea with one particular expression that would be considered idiomatic by a large number of experienced programmers. I reckon quite a *lot* of things fall into that category, particularly if you spend time refining the spec so that it is mathematically minimal and then spend time refining your implementation to match, and then feed it to one of the fairly few compilers in widespread use, only for its optimiser to eliminate (in its own code generation style) the remaining differences between your code and the other guy's.

3
0

No, Minister. You CAN'T de-Kindle your eBooks!

Ken Hagan
Gold badge

"If you bought a good old fashioned dead tree book written in English, would you expect to be able to translate it into a dead tree version in French for free?"

If you were French, it is hard to see how you could stop yourself doing just that. It wouldn't violate the author's (or the translator's) copyright unless you happened to render exactly the same translation, and they'd have trouble proving that in court.

By the same token, reading a book out aloud doesn't violate the copyright on the publisher's audio-book version, unless you have an audience that is wider than your immediate family. (I'm assuming the law doesn't prevent parents from reading bedtime stories. Perhaps that is naive of me.) Playing sheet music doesn't violate the copyright on someone else's CD. I could go on. Format shifting is an inevitable part of the personal use of copyrighted material.

2
0
Ken Hagan
Gold badge

Re: Parody

The sort of Dan Brown parody suggested in the article wouldn't be purporting to add to the canon and wouldn't constrain what Mr Brown was able to do with his characters in the next real book. I don't see that it reduces his ability to make money from his creation or even de-values the existing books in the minds of true fans. His style has already been through the wringer of the critics and emerged in best-selling glory.

In fact, parody almost certainly means "you've arrived", in the same way that everyone using hoover, google, biro and portaloo without little trademark symbols is just something that grown up brands have to deal with.

2
0
Ken Hagan
Gold badge
IT Angle

Re: Given the amount of practice they've had...

You'd think so, but actually the economics has gone the other way.

When I write bad code, my paying customers suffer the bugs and whinge a lot and demand that I fix it at my expense or give them their money back.

When lawyers write bad code, their paying customers have to suck it up, or pay yet more money for another lot of equally bad code which might (by chance) have bugs that suit them rather than antagonise them.

Consequently, legal code appears to prefer no punctuation, long and rambling sentences running at times over several pages, and arcane vocabulary. The situation in IT, where the code has to cause the right thing to happen even when a dumb machine is reading (executing) it, strongly favours *lots* of structure (punctuation), short functions, meaningful labels for intermediates and even test cases with expected results where necessary both to ensure clarity of intent and correctness after subsequent modification.

In short, I find it *very* hard to imagine what the legal system would look like if it was implemented according to the almost-infinitely-higher standards that are commonplace in IT. And I'm one of those who don't think IT is yet up to the still-higher standards of mainstream engineering.

Words scarcely do justice to describing how totally fucked up beyond all belief the legal system is.

6
1

GNOME 3.12: Pixel perfect ... but homeless

Ken Hagan
Gold badge
Pirate

YOU CALLED?

10
0

Apple vows to add racially diverse EMOJIS after MILEY CYRUS TWITTER outrage

Ken Hagan
Gold badge

Re: Wait a minute there......

"All the letters I've just typed have come out black."

...and monochrome is exactly how all the emojis *should* have been rendered (and *that's* assuming they were ever worth adding to the Unicode standard in the first place).

4
0

Middle England's allotments become metric battlefield

Ken Hagan
Gold badge
Trollface

Re: Enter the metric pole?

"But somehow I just can't see it working in Tunbridge Wells…"

I can. The sort of people who make a big fuss about Imperial units tend not to be terribly technically minded, so if you change the size of their "pint" or "pound" then they probably won't notice. You could probably swap their miles for kilometres and they'd be pleased about getting better mpg.

1
0