Why should I read up on it? What difference would that make to the point that these comments are being made by people who claim to have understood its complexity.
4433 posts • joined 14 Jun 2007
"Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together."
"Extreme complexity"? This from people who have just reversed engineered both of them. Modest, huh?
OTOH, it is to be hoped that their claim is correct. Part of GCHQ's job is to develop stuff like this so one would hope that they were investing at least some of their budget in such things and getting usable products out of it.
Re: Perhaps if Microsoft stops treating developers like dogshlt...
"they should just release some open source platform that works with all of it products and leave the rest to the developer community. Java-ize it."
Without wishing to dispute the possible merits of open-sourcing some platform, I don't think you are wise to describe that as "Java-izing". There's been this little court case recently about just how open Java actually is.
I don't suppose this will have any effect, but can I just mention that "hologram" and "holographic" already have long-established meanings in the field of imagery and display and (here's the rub) ONE MORE FUCKING DIMENSION THAN YOUR HEAD-UP DISPLAY.
The innumerate tosspots in Microsoft's marketing department may not care about this small detail, but I do. So, Microsoft, when you produce a working 3D display technology, you can call it holographic. Until, then, I suggest you stick to the established meanings of words.
If you don't, we may decide to start calling your displays "wanky". Yes, I know the word "wank" already has an established meaning which doesn't accurately describe your new display technology, and our choice naturally leads on to an even more unfortunate nomenclature for the applications that use it, but it's OK to appropriate existing words because language evolves, right?
Re: Read privacy statement
"Examples of data we may collect include [...] phone call and SMS data; [...] voice, text and writing input; [...]"
I really can't see *that* surviving in the EULA of the final release. How would Microsoft ever hope to sell a single copy into the business market with a threat to record pretty much everything you do on the device?
OTOH, I'm not concerned. Participation in the beta program is optional and I will read the EULA for the final release. (Microsoft ought to be a little concerned that the population of their beta program might be heavily skewed towards those who don't care about privacy (or, equivalently, towards those who aren't using the product realistically or with an honest ID). If MS are using beta program stats to guide design decisions for privacy-related features, they'll be getting the wrong answers.)
"here's not a chance in hell that I'm going to touch another MS OS at least until it's second or third SP."
This *is* Windows 8 Service Pack 4-ish. In fact, if you can see your way past (or disable) Metro then it is Windows 7 Service Pack 6 or Windows Vista Service Pack 9. Under the hood, MS have done sweet FA for the best part of a decade, except slowly scrub out the warts in Vista that weren't intended.
Re: RN "shitting themselves"
Relax. We're a rich country and 6bn probably wouldn't even pay the consultancy fee for the next round of NHS reforms.
Oh, hang on...
If someone downvotes without explaining why, it is probably futile for you to try to guess what they are thinking. These forums have plenty of examples of people downvoting purely factual statements, so it is unclear whether they were thinking anything at all.
Re: Security is going to be a big feature...
"Who spends as much on securing their products as MS? "
Probably no-one, but a fair proportion of that cost results from the fact that it is always an afterthought.
Security *is* an inherent part of most OSes, even Windows. The problem with Windows is that every time someone comes along with an existing app that depended on a small hole in the design, Microsoft reason that *their* customer is the end-user, who buys a Windows upgrade and expects everything to carry on working. Therefore, every version of Windows must be backwards compatible with every security hole ever used (even accidentally) and a second layer of attempted security has to be poured on top.
Contrast this with the Linux approach which consists of Linus bawling out the "f*cking cretin" who made the "buggy pile of shite" and then issuing a new kernel that plugs the hole.
Lastly, for extra points, compare and contrast the market share of the two approaches. Then explain to me why it is worth caring about security in the current business environment. :(
Re: I'm free!
Since Win8, the kernel has required CPU features that didn't exist when XP came out and which weren't universally available until the middle of the last decade. I imagine that offering a free upgrade to a load of consumers with XP-era hardware would have been a support nightmare. Yes, you would rig the upgrade process to check before changing anything, but you'd have to tell the ineligible users that they weren't in fact eligible, contrary to what they'd read in your adverts. Good luck with trying to explain instruction set extensions to Joe Public.
Also, they probably figure that anyone still using XP after last years doom-mongering is unlikely to have done so purely on grounds of price, and Win10 won't actually run all those IE6 intranet apps.
Re: What about new computers?
I doubt it. The cost of upgrading an old PC has been in three digits for the last version or two. Lowering it to zero will make a big difference to how many people bother. The cost of buying that same version on a new device is about a tenth of that and is in any case hidden in the cost of the device.
Re: Where's the profit for Microsoft then?
We'll know soon enough when we see the EULA for the upgrade. (At that point, we'll also discover whether all forms of Win7 and Win8 licence are equally eligible for the "service pack".) However, my guess (hope?) is that even Microsoft aren't so clueless as to opt for your "pay after one year" model, not least because it might turn out to be unenforceable in those jurisdictions where EULAs have been deemed "not as enforceable as a real contract".
Since Win8.1 is just a lean version of Win7 once you've put a decent shell on, I reckon this may be how MS intend to get around the end-of-life issues around Win7. (It is clearly easier that adding SHA-1 support to the Win7 kernel.)
It also raises the interesting question of how long software developers will continue to support Win7. In the past, the answer would be "as long as we have paying customers" and this tends to be a block on using features that were only introduced in later versions. However, that logic has never applied to (free) service packs. (Plenty of vendors will expect you to have installed all applicable updates.) Maybe Microsoft are trying to convert their 7+8+8.1 market shared into a 10 monoculture, so that they can push the platform's new features.
Re: Theoretical limit
There's a fairly well defined point at which the solar wind ceases to be supersonic. I think that's the official edge. Outside of that, you can argue that you've left the region of space where the Sun dominates the physical environment.
Re: Achievement unlocked: The Scientist!
I doubt that an employment tribunal would reckon you had reached the required standard of proof there. "#scary!" is a comment and therefore non-executable. It proves nothing except that the author has a different sense of humour from you.
Legend has it there was once a comment in the UNIX kernel that said "You are not expected to understand this.". See http://cm.bell-labs.com/who/dmr/odd.html for an explanation by one of the authors. Would you sack him?
"Research revealed I needed: [...] rm -rf /tmp/.??*"
Thanks. I'll bear it in mind.
However, is there a sane use-case for the rm command accepting ".."? (For that matter, accepting any path that is either the current working directory or one of its parents would seem to me to be overwhelmingly likely to be a pilot error rather than a really clever piece of scripting.)
Re: ...everyone follows all the laws
Even better would be a system whereby an MP's vote in the legislature was weighted according to the number of people who voted for them relative to the total turnout. Voting for none of the above would then weaken whoever won. Not turning up, however, would achieve nothing.
Weighting MP's vote would of course require rather more hi-tech than the UK Parliament uses in votes, but most other legislatures seem to have electronic tallying these days.
Are you French or something?
" the little-debated Defence Trade Control Act (DCTA) "
Was it so little debated that no-one noticed the acronym was wrong way round?
"I haven't used Windows in years: have Microsoft fixed the laughably slow file copying yet?"
Yes, but they haven't fixed the bug whereby the two pane of Explorer (folder tree on the left, folder contents on the right) can be pointing at (ie, have selected) a different folder. On the other hand, they do claim to have UI tested every version of Windows in the intervening period with millions of real end-users, so maybe it's just me who thinks that is bonkers.
Re: Oh noes! We've only got 5 years!
Actually you may have fewer than that. See http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx.
Starting in 2017, MS may stop accepting code signing certificates using the SHA-1 algorithm. Now, whilst Win7 is happy to support SHA-256 for applications, its kernel only recognises SHA-1. Consequently, if you want to sign a driver after 2016, you will need a certificate that was issued (using the SHA-1 algorithm) before 2017.
I assume that MS will issue themselves a signing certificate soon (if they haven't already) that has a decade or so of validity, but third-party vendors will be affected. Since certificate vendors variously offer 1, 2 or 3-year validity on their stuff, driver vendors who don't notice the date may find that their last remaining SHA-1 cert has expired (in Jan 2018, say) and they are therefore *unable* to issue driver updates for Win7. (At least, not without also explaining to end-users how to fiddle with their system to tolerate unsigned kernel code.)
The security landscape for Win7 could start getting interesting well before the 2020 cut-off.
(Edit: I'm assuming MS can't/won't retrofit SHA-256 to the Win7 kernel, since if that was possible/economic, it would have made sense to do so before they announced the deprecation of SHA-1. I also note that the same argument applies to Server 2008 R2.)
Re: No new features for Windows 7...
Quite. MS adopted a policy part-way into the XP era of not slipping new features in with service packs and as far as I can see they've followed it quite religiously, introducing no new features with anything ever since. I would guess that the last new feature added to Win7 was Win7.
Memo to MS, a service pack with the last few years worth of patches rolled up would be nice.
Re: Never forget
"To be fair, Win7 IS more stable than XP"
To be fair, that isn't my experience. I've run a number of VMs and Ghosts with XP and Win7 (and others) over the years and the only XP system that needed to be tossed and rebuilt was XP64, whereas several of the Win7 ones (and all of the Vista ones) have eventually died of old age. (That is, eventually, the monthly cycle of updates left them unbootable.)
That correlation with the New Year...
...wouldn't be more to do with the typical weather conditions in the first two weeks of January, would it?
Re: More evidence that Microsoft have finally caught up to the 1980's
Poor choice of target, since NT 3.1 had multiple desktops back in 1993. The fact that MS have never bothered to make it a standard feature of their shell simply reflects how useless the feature is. (Multiple monitors are useful. Multiple desktops on a single monitor are no more useful than the ability to minimise a window. I tend to switch the feature off on my Linux desktops, since for me the only effect of leaving it on is that I can have all my screen contents disappear if I accidentally hit the wrong key combination.)
Re: Routers... in Space!
" Interplanetary comms relies on a massive dish/array at one end (for ease of logistics, we tend to keep that one on earth), and a small dish at the other "
To elaborate, the distance to Neptune (Pluto's orbit is irregular) is about 30AU. A dish near Jupiter (5AU) would spend roughly half of its time on the wrong side of its orbit and would actually be further away than Earth, so let's assume you have several. Even at its closest point, it is still 25AU from Neptune and to be worth doing, the dishes around Jupiter would need to be at least 5/6 of the diameter of the one on Earth. (They need to subtend the same solid angle.) Then they have to re-transmit the message back, but that's a much easier problem because the transmitter can be only 1/36 of the power of the one near Neptune and still deliver the same signal strength to Earth.
Move the intermediate to Saturn, at 10AU, and you need only 2/3 of the diameter of a dish on Earth, but you've got to get all the dishes out as far as Saturn *and* the retransmission needs to be four times more powerful.
It would appear that the economics are overwhelmingly weighted in favour of a single hop to a bloody enormous dish on Earth, where construction costs are essentially free (by comparison), power consumption (for transmission back to the craft) is no object, and there's always the options of technological upgrades and repairs whilst the mission is in progress.
"without leaving an audit trail"
In that context, the fact that it disappears on reboot might be seen as a plus.
Re: Am I a wrung'en?
The security for my online banking serves two purposes. Firstly, it stops others from seeing what transactions I am carrying out. If, as you suggest, the authorities are able to demand that banks hand over the transaction details afterwards, this still means that no-one else can spy on me. The banks probably don't care one way or the other.
Secondly, it stops me from turning round to my bank and saying "I didn't do that". I really, really doubt that the banks would be happy with that. If Dave really did manage to enforce a ban on encrypted connections within the UK, the City of London would have to find another country to exist in. I really, really doubt that Dave would be happy with that.
Re: Is Microsoft watching this case?
And anyone implementing some kind of VM for x86 is infringing on Intel's instruction set and IBM's PC architecture, large chunks of both of which have to be emulated with precision for the VM to actually work.
Fortunately, my understanding is that over in Europe it is expressly legal to implement an API for the purposes of compatibility, which is exactly what Android does, so whilst it is hugely entertaining for us to watch the lawyers slag it out, the reality is that if the US really is in two minds about this then they'll probably elect to follow the EU lead because it would clearly be daft to gratuitously differ on such an important issue.
Re: So ...
"The current setup involves a huge number of participants. [...] It's a sodding huge and actually rather delicate pack of cards - do you have any idea what a gentleman's agreement BGP is?"
So what you are saying is that ICANN haven't actually ever been in control. So it hardly matters if their oversight passes to a different body who isn't ever in control either.
Re: Antivaxers and Y2K deniers
Any departures and reservations system that couldn't cope with Y2K would have spent most of the final few months of 1999 increasingly unable to accept "new" bookings. The same goes for most other time-dependent software. If you are tracking time, you usually need to be able to handle the near-future as well as the present or the recent past. Y2K was never likely to result in a midnight shutdown and always likely to be a case of systems showing their inadequacy a (short) while before they became totally unusable.
In addition, the vast majority of genuine Y2K bugs could be easily tested for in advance, once it had occurred to you to do so, just as it is already possible to test systems for leap-second compliance or Y2038 compliance.
Y2K wasn't *all* hype and smoke, but Gartner's 11-digit dollar estimate for them to solve the problem most certainly was, and they weren't alone in brazenly trying to cash in.
Re: Desktops are becoming a niche product
"there can only be one reason for such market share growth"
Or ... the numbers just aren't that accurate.
Re: @ TkH11
"Which is a nice way of saying "guessing your way to the answer"."
Actually, no. It's a nice way of saying "guessing your way to the original question", since the hardest bugs will turn out to be the ones where you were given the wrong spec in the first place and enshrined that in the architecture. If Agile promotes "letting the customer use something as early as possible", then it probably avoids quite a lot of that kind of problem.
I say "if" because I confess I lost interest in software methodology when it suddenly became trendy enough for marketing folks to get involved and it became a tool I could buy (and keep on my shelf) rather than a method I could use on my own.
Re: Red grass?
Also note that the window for the visible spectrum on Earth is actually dictated by the molecules in the atmosphere, and the chemistry of any photosynthetic pigment is dictated by the same laws of physics and chemistry as here on Earth. Life on other planets may be very similar to life on Earth, at the cellular level.
"GCHQ should be able to reverse engineer out any backdoors in the pile of circuits and firmware, if they can't what is their reason for existence?"
Indeed. In almost any other context, commentards would be repeating the mantra that physical access trumps all security, so it should be impossible for Huawei to include a back door without us noticing.
I suspect the real reason for the scare stories about Huawei is that they are now making stuff that is good enough to put Western suppliers out of business. It's protectionism masquarading as security, and it makes it less likely that we'll believe the real security issues when they come up.
" "You know MySQL is free right?"
If your time has no value."
To judge from the article, the cost of using Oracle will include someone whose full-time job is tracking Oracle's latest licensing regime and making sure that you don't get screwed. So I suppose the real question is, do you want to hire someone full-time to manage your DB or hire someone full-time to manage your DB vendor?
Is the EU an interested party?
The sovereignty in question is Irish and the Irish government has already replied (if only to rather snarkily remind everyone that they needn't have done). So maybe the EU doesn't reckon that it has anything more to contribute. Or maybe it is replying through diplomatic channels and saying "Look guys, we know you can't tell the judge what to say, but you *really* don't want to push this one much further.".
Perhaps the scariest thing about this feature is that it got the green light from Microsoft's management to develop in the first place. Is Visual Studio really so good that this kind of inane crap is all that is left to add? Er, "no, not even close" would, I suspect, be the answer from just about everyone who has to use VS.
Which part of the article suggests that? They're forming some sort of talking shop to increase the amount of 4K content. That should help avoid a standards war. Moving all their own screens to a particular implementation doesn't actually hurt, unless they start requiring that content demands the additional features.
If you want a proper standards war, I think your best hope is that some disagreement will emerge surrounding HDR.
Re: Only for Windows 10?
The logical fix for that is for everyone who benchmarks (or otherwise reviews) "Internet Explorer" to measure the performance of the highest version that runs on the oldest widely-used version of Windows (which at the moment is Win7) and quote that figure, instead of the (presumably better) figure for Microsoft's preferred version.
It seems perfectly fair to me. If Firefox and Chrome actually run on the most widely used Windows version and IE12 doesn't, IE12's score is zero for anyone who isn't prepared to fork out for the OS upgrade.
Re: Driverless. It's the future don't you know.
There are a fair number of two-car households in the UK that could meet your "freedom" requirement with one car and a reliable driverless taxi service. There are also a fair number of households who fly to their holiday destinations and hire a car there because they prefer to have their holidays further away than a reasonable drive.
I accept the freedom argument, but I don't think it is a clincher.
Re: From the user's POV, cars are awesome
" A municipality could run (Note, I dont' say 'own') a fleet of minibuses and operate more or less door-to-door on demand, given an intelligent demand management system."
A minicab company could run a variation on the usual service whereby you get a reduced price but may have to stop to pick up the taxi's next fare(s) before actually delivering you to your destination. The reason we don't do it that way is probably because the scheduling problem was/is beyond your average taxi company. That might not be the case these days.
Re: Control your media better.
"The guy said that after they are delivered to the theater, he had to get codes entered by a techs at a remote support network."
I imagine each theater gets a differently watermarked (and differently coded) movie, so that if it *does* escape then the studios know who to kill.
Re: IMHO, we need more old people using computers.
" If this had been done repeatedly for a year with UI designers actually paying attention..."
Whoah, there buddy! What are the chances of that happening? Be honest, if UI designers were paying attention, they wouldn't even need the testers. They could just sit back, take a look at their work and thing "Bloody hell. What was I thinking. Hmm. I'd better get rid of that before anyone else sees it.".
US Supreme Court demands that MS hand over the data.
Irish court demands that they don't.
MS hand over the data.
Irish court declares them in contempt and demands action.
MS takes no action, coz it can't.
Irish court seizes MS's European assets, mainly IP.
Windows becomes open source and free in the EU.
The US complains.
My heart bleeds.
An earlier poster was right. This is about obeying the domestic law of the country you are in. So Microsoft in Ireland *must* ignore the US court and if the US court throws a hissy fit then that's something for US business folks to take up with their political representatives. That *appears* to be roughly what is beginning to happen.
Re: Please think about the poor backups...
I thought about them. ADSL2+ can apparently manage about 1.4Mb/s upstream, so that's perhaps 160KB/s. That's about 5TB/year, unless I've dropped some factors of ten, and assuming that you don't use the internet connection for anything else between now and 2016.
"Governments across the world have been concerned that the US government could theoretically knock their individual internet registries offline."
The US has had this theoretical power for the last 30 years. They've never used it. Even if they did, it wouldn't stop dotted IP addresses from working and wouldn't stop people setting up alternative DNS nameservers that continued to dish up names for the blocked TLDs.
During that period they have invaded several countries and rattled sabres with several nuclear powers, so I think we can conclude that their reluctance to pull the plug on DNS is not simply a case of "We haven't been angry enough, yet.".
Re: if this is what rain does..
I think it is generally agreed that there is no way to survive the big one (even now, and it will be a bigger big one the longer we have to wait) so the game is to make as much money as possible before it strikes.
Have we reached the de facto "end of life" for Windows 7?
This is hardly the first time I've had a Win7 box nobbled by updates and that's something that I could never say about XP, despite running the latter right up to its termination date. My impression is that the management at MS just don't regard Win7 as being "current". They'd much rather you upgraded and so if patches occasionally bork your system then so be it.
I feel a little sorry for folks who have only just migrated to Win7 from XP, in the reasonable-but-now-apparently-erroneous belief that they'd have five years of support ahead of them. My advice to anyone now would be to go all the way to 8.1. It's not that much harder and at least MS seem to be supporting that platform effectively.
Ah, no. The *sadest* thing is that there are a lot of Americans who think the current US form of government is the one put together by their Founding Fathers.
Wouldn't it be funny if...
...the US lost all its influence on IANA simply because it was too clueless to retain it.
It's only a set of numbers and a few root servers, so the implementation isn't hard. Prior to ICANN's existence we just used Jon Postel's common sense as a policy framework. If we get to the end of next year and the US hasn't actually produced a credible option, control will pass to any entity that can persuade the rest of the world that it is vaguely accountable and responsible.
Re: Is there a legal advantage to your neighbour ...
It depends where you live. In the UK, you'd probably be busted for negligently helping terrorists in some way.
Joking apart (hey, Mrs May, I *was* joking, whatever you might think) the main downside of this approach is that your neighbours will use up your monthly bandwidth allowance downloading stuff.