* Posts by Ken Hagan

5182 posts • joined 14 Jun 2007

Gartner: Brexit to wipe $4.6bn off tech spending in Blighty

Ken Hagan
Gold badge

Re: In truth they haven't a clue ...

I can't remember any they've ever got right, but I expect that's selective reporting. I'm *assuming* that the ones we read about here are wild and wacky ones they issue to keep their profile up (a case of "there's no such thing as bad publicity"), and that the more boring reports that make their money (and which are only released to the people who paid for them) are sane.

1
0

Intel's Knights Landing lands

Ken Hagan
Gold badge

Re: Threading model is the biggest difference

Upvoted for managing to stay on-topic despite the splendid trolling.

0
0

Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

Ken Hagan
Gold badge

Re: Hardware

"Both Intel and AMD current x86 chipsets are backdoored"

Let's assume that is true. Does it matter? If the chips continue to give the right answers to numerical problems, they can still be used to break your encryption, and they can still be used offline to encrypt stuff without you ever knowing. (Yes, you don't *have* to be connected to the internet to perform arithmetic.) IOW, that back-door opens out onto a brick wall built by your enemy.

Back-dooring a chip to the extent that it gives all the right answers *except* when fed problems that you don't want your enemies solving sounds like it will take more transistors than Intel have ever manufactured -- and I don't mean on a single die.

2
2
Ken Hagan
Gold badge

Re: What's an encryption product (in this context)?

I was thinking a bit more tinfoil than that. I was wondering to myself if a sufficiently clever intelligence organisation couldn't sneak in a bug in a FOSS offering that would weaken the product in ways that only they were aware of, for however long it took before others spotted it. No, it's not a back-door, but it might be worth the effort anyway.

Note also that it wouldn't have to be in an obviously sensitive place. It might suffice to fiddle with the memory allocator (which may not seem like it is even part of the product) or make a trivial patch to remove a compiler warning.

But although this will probably be upvoted by the paranoid wing of El Reg's readership, I must say it seems a bit unlikely to me.

1
0
Ken Hagan
Gold badge

Re: What's all this then?

@RIBrsiq: But Occam's Razor applies and on any matter requiring understanding of law, economics, science or technology, the politician is out of their depth and probably motivated far more by what they want to be true than by any advice they might have had from experts.

10
1
Ken Hagan
Gold badge

What's an encryption product (in this context)?

Because I'm pretty sure that things like OpenSSH would be Hard for the US to stick a back-door into. (Not impossible, looking at recent history of subtle bugs, but certainly Hard.) IOW, the man is clearly an idiot who thinks the people he is trying to talk to are also idiots. (If I were one of the people he was talking to, I might take umbrage at that.)

6
2

Friends with benefits: A taxing problem for Ireland in a post-Brexit world

Ken Hagan
Gold badge

Re: Amsterdam...

"I can hear Nigel Farage now "We'll build a wall and make the Scots pay for it""

Why would it just be the Scots paying for a wall round the Home Counties? I'm sure the rest of England and Wales would want to chip in.

3
1
Ken Hagan
Gold badge

"no one can provide a good reason to stay in the eu. Just lots of FUD about leaving."

You don't need to believe that option A is good, just that it is better than option not-A. It's like running away from a crocodile.

Quite a few people have said to me that they'd like an option C of "an EU not run by clueless twats". These people tend to have a fairly dim view of Westminster as well. Perhaps we all do, and simply disagree about whether A or B is more likely to get to C in the end.

7
0
Ken Hagan
Gold badge

Re: parliamentary sovereignty

"Yup, that's long puzzled me too."

Here's the explanation. The Leavers actually believe in democracy, not parliamentary tyranny sovereignty, and so a referendum result clearly overrules any vote in parliament.

Leaving may be the wrong choice, but it is internally consistent.

6
0

E-books the same as printed ones, says top Euro court egghead

Ken Hagan
Gold badge

Re: Not translaed into English

"the UK does not own the English language."

But ... but ... but ... we nicked it fair and square from a whole shed-load of other people.

18
0

Boffins decipher manual for 2,000-year-old Ancient Greek computer

Ken Hagan
Gold badge

Re: Does it start with

"However I'm still at a loss to discover why he was called 'Top Thinker' from birth!"

He invented a time machine, came back once to change his own name, and came back a second time as a Roman soldier to dispose of the evidence.

0
0

Admins in outcry as Microsoft fix borks Group Policy

Ken Hagan
Gold badge

Re: Testing?

"Their argument is that the latter introduces too many unknowns."

Is it? Surely the killer argument is the combinatorial explosion. Win7 had hundreds of patches over its lifetime (perhaps over a thousand, I don't know). Factorial 1000 is a *very* big number, implying a prohibitively extensive/expensive testing program.

As the other guy said, eventually you have to start relying on structure within your software to isolate things that *shouldn't* depend on one another, so that you can cut corners in your test cases.

5
0
Ken Hagan
Gold badge

Re: Testing?

It's probably safe to assume that it was tested and didn't show up because of some obscure difference between these customers and the MS test setup.

Testing is hard.

19
2

Microsoft releases open source bug-bomb in the rambling house of C

Ken Hagan
Gold badge

Re: ASN.1 and PADS

The experience with parser generators in the 60s/70s was that languages that were originally designed in the "hand-crafted era" were a real bitch to write a grammar for and the real power and convenience of these tools was only seen with languages where the convenience of the grammar was influential in the language design. I imagine you'd see something similar with PADS, so you'll find that most of your existing protocols are a nightmare to specify.

But interesting, nonetheless. In the long run, these more declarative approaches to programming are usually far less buggy, far easier to write in the first place, and amenable to formal analysis in the long run. (I wonder how many of the security holes found in SSH over the years could actually have been found by an automated tool if you could have described the protocol to it.)

3
0
Ken Hagan
Gold badge

Re: C is not an applications programming language

"As a sidenote, I'm wondering of a lot of the Windows/IE issues stem from this. "

Unlikely, since Windows and IE are almost certainly written in C++ and whilst you /can/ write push old-school C code through a C++ compiler (*), you don't have to because bounds-checked and non-leaky alternatives exist.

(* Bootnote: MSVC is a C++ compiler and, much to the annoyance of C fans, MS don't actually *do* a C compiler, so it is slightly odd that MS Research are issuing tools aimed at C code.)

2
0

Linux devs open up universal Ubuntu Snap packages to other distros

Ken Hagan
Gold badge

Re: It's a stupid idea

"Anybody running "apps" from untrusted sources probably deserve whatever mess they end up in."

Yes ... but no. Snap makes it more likely that the app will work, so it lets the (clearly naive) user get further into trouble before the symptoms start showing.

4
1

The Microsoft-LinkedIn hookup will be the END of DAYS, I tell you

Ken Hagan
Gold badge

Re: Just closed

I'm sure they will reckon that the list of people who closed their accounts after the take-over was announced is a particularly interesting dataset.

0
0

Microsoft buys LinkedIn for the price of 36 Instagrams

Ken Hagan
Gold badge

Re: How much !!!

"I can't even remember how many times I created throw away accounts because I wanted to look at someone."

Conversely, there are certainly people out there whose "links" have been accumulated purely because their real job is the sort of public-facing activity where it is helpful to have a significant presence in social media. It's not *used* for anything. It's just something that people in certain professions need (apparently) to have these days.

Like all social media, the data in LinkedIn is worth what the people who contributed it have spent gathering it.

1
0
Ken Hagan
Gold badge

Re: Money burning a hole in your pocket Sat Nad?

Well, to be fair the article did mention that ... "Microsoft’s investments haven’t always paid off."

Actually, can anyone here think of one that did? I'm struggling to think of anything that MS have ever bought that wasn't just money down the drain. I'm sure that there were some products that they bought and re-badged which have earned nicely in the years since. (I think SQL Server was originally bought in and I think it makes money for MS these days, so I'll allow something like that.) However, these are all surely ancient history by now and several orders of magnitude smaller than the cash-spunks we've seen since billg stepped down (and MS lost its way).

1
0

NHS e-prescription service goes TITSUP: Problems since Monday

Ken Hagan
Gold badge

Re: Patient? What patient?

That might be partly because it is almost infinitely easier to get the opinions of the clinical staff than it is to get the opinions of patients. I'd also take issue with the 9/10ths estimate, since (echoing a previous comment) there does also appear to be a significant problem with "assuming that all will go well, all the time".

0
0

FFS, Twitter. It's not that hard

Ken Hagan
Gold badge

Re: The B Ark isn't going to be big enough ...

The B Ark doesn't have to get off the ground. It can be as big as you like and Oooo! What's this? A vast entrance hall with a blue ceiling! Awesome, darlings!

0
0

Brexit threatens Cornish pasty's racial purity

Ken Hagan
Gold badge

Re: Trademarks?

"Trademarks are for large companies not regional dishes."

I think the FairTrade mark demonstrates that you can use trademarks to protect pretty much anything you want, just as (obligatory IT reference here) the GPL manages to use copyright law to protect a lack of protectionism.

0
0
Ken Hagan
Gold badge

Re: [citation needed]

I think it is what the young things call a meme. A loose translation is "Bollocks!". If you stay awhile on this here interweb thing, you'll find it crops up quite a lot.

1
0

Berners-Lee: WWW is spy net

Ken Hagan
Gold badge

We do have a technology problem

"The problem is the dominance of one search engine, one social network, one Twitter for micro-blogging. We don't have a technology problem; we have a social problem."

Many of us manage quite nicely without the "social" network or a place to micro-blog. Those are indeed social problems inas muchas so many people seem to believe that their private lives have to be managed by a third party and managed in public.

However, using the internet without a decent search engine would be hard and it does appear that building a decent search engine is a bit of a technology problem, because all the alternatives are either shit or re-badging Google (or both, in the most depressing cases).

1
0

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Ken Hagan
Gold badge

Re: Would also bork legitimate code

By "modern", I assume you are referring to anything with out-of-order execution and branch-prediction, which means almost every x86-class CPU designed since the mid-90s. (If I remember correctly, Intel made a few in-order Atoms about 10 years ago.)

This sounds like it would have been a nice optimisation for hand-tuned inner loops in the 1980s and possibly standard-operating/optimisation-procedure in the 1970s or before. It's 2016 now and you could probably run that 1970s code in a VMM that was written in JavaScript and still be faster than the CPU you originally optimised for.

1
0
Ken Hagan
Gold badge

The full proposal is quite complicated and has to resolve questions around indirect branches, FAR CALLs, privilege transitions and interrupts and other details of the Intel architecture that, although mostly unused, are still necessary to produce a working operating system. The proposal also works with existing code.

To summarise, if you had wanted to introduce this feature about 40 years ago, it would have been trivial and (quite probably) implemented purely as a compiler code-gen strategy. If you want to implement it now, it is "quite fiddly".

(Actually, implementing it 40 years ago would have been a little fiddly as well. Traditionally the heap grows upwards from the bottom of a segment and the stack grows down from the top. A second stack would have to find a third "end" to grow from. Not insurmountable, but enough of a headache that you'd optimise the solution by storing return addresses and automatic variables in the same stack.)

2
0

Chinese space station 'out of control', will do best firework impression

Ken Hagan
Gold badge
Black Helicopters

Re: I'm surprised

"Unless it looks like it may land in China somewhere"

...in which case it will be an excellent cover for the test of their home-grown ABM system.

1
0

Microsoft's BITS file transfer tool fooled into malware distribution

Ken Hagan
Gold badge

BITS is not "fooled"

Sure, that's the component that is actually downloading, but the malware needed full admin rights to get started. BITS was then "told" what to do and it went away and did it, as per design. I expect you could use the Task Scheduler in much the same way, or cron on a Linux box.

Surely the moral here is that once a machine has been compromised, the only way forward is to nuke it from orbit and start again.

17
1

EU referendum frenzy bazookas online voter registration. It's another #GovtDigiShambles

Ken Hagan
Gold badge

Re: Deadline

Registration has been open for about 400,000 minutes and yet some people left it until the last 20. Leaving something until the last 0.005% of the available time really isn't smart. At the risk of stating the obvious, it leaves you with very few options if your internet connection is down at the critical moment.

5
0
Ken Hagan
Gold badge

Re: Too stupid to vote

You could have registered months ago. Try catching a train or plane six months early and see how you get on.

4
0
Ken Hagan
Gold badge

Re: This is due to unprecedented demand.

To estimate capacity you only need an estimate of the current population and knowledge of how many have already registered. Which don't they know?

2
0
Ken Hagan
Gold badge

"The UK will simply be asked to continue voting until they give the right answer."

If I am asked to vote again after a clear decision, I will vote for whoever previously won, on principle.

6
0

Why does an Android keyboard need to see your camera and log files – and why does it phone home to China?

Ken Hagan
Gold badge

Re: That's yet another point caused by needless complexity

"You can keep your trivia apps, I just want vlc or mplayer, amarok firefox, kmail etc on a phone. I trust those guys more than I trust google."

That would be Ubuntu Phone then. I haven't used any version of x-buntu for a few years now, because I think there are better distros for just about any given purpose, but I'd trust their phone offering well ahead of anything else I've seen on the market.

Then again, perhaps running UP and sticking to the official repos is about as limiting and no safer than running Android and sticking to the Google-branded apps. In both cases you are intentionally cutting yourself off from all the third parties simply because you can't tell which ones are trustworthy.

2
0

UK Home Office is creating mega database by stitching together ALL its gov records

Ken Hagan
Gold badge

The database isn't the problem

If the only thing protecting you from government overreach is the fact that government is too incompetent to be nasty -- that's your problem.

Fix that problem and then a government that effectively and efficiently uses the data that you paid it to collect will cease to be a worry and might actually become a source of pride.

5
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Ken Hagan
Gold badge

Re: According to Mr. Orlowski

"you didn't implement the API, you interfaced with it"

I see where you are going, but even this is a grey area. An interface is a contract between two pieces of code and both have an equal obligation to conform to the contract. I'm sure VMware have a number of utilities that use their API. In fact, you might well find that for some parts of the API, far more of VMware's product offering was a client of that part rather than the implementation. If you were to write your own version of those utilties and offer them as drop-in replacements for those parts of the product, VMware might be miffed.

For larger APIs, there are frequently callbacks, where the client becomes the implementation and the implementation becomes the client. The device drivers in the average OS are split about 50:50 in terms of how they use and how much they implement.

3
0
Ken Hagan
Gold badge

Re: This article conflates two important issues

But "the actual text written to explain these rules" has no creative content. It is either an accurate statement of those rules or it is not the API. Does US law permit someone to claim copyright on facts? (Honest question, btw. The law is such an ass that it might well do. As far as I know, the law in the EU stems from a directive that specifically permits such reverse engineering as is necessary to permit interoperability. That would, by definition,apply to an API.)

On the other hand ... The rules may well have resulted from a huge creative effort on someone's part. Getting the API right might be most of the work on some projects. The wrong API produces a crap product and the right one produces something that everyone acknowledges to be a work of genius. The actual implementation might be trivial.

2
1

Who's to blame for the NHS drug prices ripoff?

Ken Hagan
Gold badge

Re: Who's to blame for the NHS drug prices ripoff?

Hmm ... that's an eye-watering amount of cash apparently (*) wasted on just this one issue. Perhaps the EU vote doesn't actually matter, because either way the country will still be administered by the same people. (Sigh!)

(* On the other hand, there are already plenty of comments to suggest that this waste is more apparent than real. Let's hope so.)

0
0

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Ken Hagan
Gold badge

@Roland6: I'll buy that theory. Whilst my test machines do get used, they also get rolled back to whatever state they were in at the end of the previous month's visit to Windows Update. As far as that disc image is concerned, the machine was installed many years ago but is only ever switched on once a month and left on long enough to pull down the latest Win7 updates and then (depending on my whim) it is either switched off again or it is subjected to a full disc clean-up and then switched off.

None of this would be conducive to downloading many gigs on the sly.

0
0
Ken Hagan
Gold badge

Re: Then again...

If you are running an OS that is eligible for the upgrade, you already have the spyware. It was retro-fitted last year.

If you just bin all the metro shit, the desktop UI still runs fine on large and multiple monitors.

I'll grant you the driver trouble, pausing only to point out that nearly all USB-based hardware shouldn't be using a kernel-mode driver anyway and so if (for example) your old printer doesn't run on Win10 then it is because your printer vendor is deliberately withholding the INF file (trivial for them to generate and sign with their keys) that would let any sane (ie, user-mode) existing drivers carry on working.

2
0
Ken Hagan
Gold badge

Re: Since you cannot say no to the upgrade, Is Microsoft user agreement for Windows 10 still valid.

The Win7 EULA probably has some language in it to permit MS to deliver "updates" to the system. Since they aren't actually charging money for Win10, they could probably argue that it is a service pack. Indeed, I've argued in these forums on several occasions that it should be treated as such and that MS will probably turn round in 18 months time and discontinue support for 7 and 8.1 (8.0 is already gone).

1
0
Ken Hagan
Gold badge

Re: Windows 10 Pondering

You still own the hardware. If Windows chooses to commit suicide, you still have the hardware and are free to install the OS of your choice. Presumably you have backups of all the data on the system that you consider important, and the installation CDs for all the applications to re-install on the new OS. (No, I'm not trying to be smug here. I know most people don't. I'm just trotting out a line of argument that Microsoft probably would use if this came to court. You *can* mitigate the cost by keeping backups, so the fact that you haven't done so shouldn't entitle you to compensation over and above the cost of setting up the machine again.)

I think what gets people's goat is that Windows 7 (or 8.x) doesn't need to commit suicide. It was working fine and re-installing everything just because Microsoft have made changes that you did not authorise (and in many cases explicitly refused) feels like getting hacked, by Microsoft. It kinda makes you want to chuck a brick through *their* windows.

6
0
Ken Hagan
Gold badge

Having lots of lawyers only helps if the case is arguable. If the situation is that the end-user expressed a desire to skip the upgrade, but was overruled and then the upgrade broke the computer, then that's a fairly open and shut case of hacking in most parts of the world. (The fact that a massive corporation used inside knowledge to hack into your system is not going to mitigate in their favour.)

The question is ... is that the situation? I've got quite a number of Win7 boxes that I keep for testing and they all have the GWX icon in their notification area, but none are forcing me to upgrade. As far as I know, I haven't done anything. (That's deliberate. I keep these as clean system images, for testing.) I'm just not getting the arm-twisting that I see reported elsewhere.

So what's the full story?

2
1

Get outta here, officer, you don't need a warrant to track people by their phones – appeals court

Ken Hagan
Gold badge

yyyy/mm/dd

You have to use a 4-digit year or else some numpty will confuse "16" with a day. Having done that, your choices are endian-ness. Putting the year at the end still leaves everyone guessing which side of the little pond you mean. However, as far as I'm aware, no-one uses yyyy/dd/mm, so by putting a 4-digit number at the front, everyone knows what you mean.

(If there is anyone out there using yyyy/dd/mm, please stop.)

0
0

Samsung: Don't install Windows 10. REALLY

Ken Hagan
Gold badge

"if you don't like Broadcom wifi card just buy Atheros or Intel off eBay"

Good luck teaching the average user to open up their "sealed unit" and replacing the card the machine was designed for with whatever you've bought off eBay.

22
4

Helium... No. Do you think this is some kind of game? Toshiba intros 8TB desktop drive

Ken Hagan
Gold badge

Re: Longevity

Helium is significantly smaller than air. (It's smaller and monatomic.) Being Helium-tight is therefore more of an engineering challenge than being air-tight. I don't know whether it is *hard*, but it is certainly harder and (as the OP notes) the drive depends on it not happening.

9
1

Don't panic, says Blue Coat, we're not using CA cert to snoop on you

Ken Hagan
Gold badge

Re: They aren't the only ones ...

Perhaps your friend was having second thoughts and wanted to see your unguarded reaction. If so, it sounds like he got the information he needed and didn't pursue the matter further.

Obviously I don't know your friend and he may be a thoroughly evil schmuck, but neither I nor you have to jump to that conclusion on the basis of the evidence presented. Working inside such a company, there's always the risk of peer pressure normalising things that you might otherwise question. Smart folks are aware of that and might try to find ways of getting an independent opinion.

0
0
Ken Hagan
Gold badge

Re: trusting Symantec

Nto really. I'm typing this in Firefox, which has around 200 trusted authorities and Symantec are one of the perhaps half a dozen who I've actually heard of. I also know that their name recognition means that *their* shenanigans are more newsworthy than those of (to pick one at random) "Chunghwa Telecom Co. Ltd.".

7
0

Systemd kills Deb processes

Ken Hagan
Gold badge

Apparently the show's over

A comment near the end (at time of writing) of the bug report states that the change has been reverted already, so there is no story here anymore.

I guess that's why they call it "unstable".

3
0

As US court bans smart meter blueprints from public, sysadmin tells of fight for security info

Ken Hagan
Gold badge

Re: Capable of encryption

"At least EON send an email asking you to read your meter - and send someone to read it once a year."

Not my experience. Never knowingly received an email from them. Once a year, someone posts a note through the door to say we were out and they've estimated the reading of the meter that is in a wooden box outside the property and could be read by anyone with one of those triangular keys. Recently they sent us a note to say they believed our meter was faulty and needed to be replaced. When the guy turned up, his version of the story was that there was nothing wrong with the meter but they replace them every decade or two on principle. Not obvious why EON needed to make up the story about a fault.

The new meter isn't a smart one. Presumably they'll rip it out in the near future because they need to install a smart one.

1
0

Forums