* Posts by Kevin McMurtrie

960 posts • joined 15 Jun 2007

Your jingle to take into the weekend: QuickTime security fixes to apply

Kevin McMurtrie
Bronze badge

Re: Quicktime

It defines a crappy file format too that, unfortunately, seeded the MPEG 4 container standard. QuickTime X was supposed to fix all of that but it seems that it was never finished much beyond AAC and one of the worst implementations of the H.264 codec. Upgrades since then have been in the form of poorly distributed codec plugins.

1
0

Star Wars BB-8 toy in firmware update risk, say UK security bods

Kevin McMurtrie
Bronze badge
WTF?

Pen testing fail?

Firmware updates don't use SSL because they're public information and they're digitally signed to prevent corruption/tampering. Until they update the article claiming that they've successfully altered the firmware, there is no vulnerability.

3
2

T-Mobile US boss John Legere calls bulls*** on video throttling claims

Kevin McMurtrie
Bronze badge
FAIL

Same quality as the TV you threw out 10 years ago

DVD quality isn't a benchmark to brag about. They were meant to power the final generation of analog TVs. 720x480 maximum with very low chroma bandwidth. Many discs were a blurry 640×360 to avoid anamorphic compatibility problems.

1
0

Got a Nexus? Google has five critical Android security fixes for you

Kevin McMurtrie
Bronze badge

Third party ROMs sometimes have patches before the Nexus line. The key here is to not buy phones with permanently locked bootloaders.

As for the Moto X Pure - boot without a SIM card and it becomes pure again.

0
0

Researcher criticises 'weak' crypto in Internet of Things alarm system

Kevin McMurtrie
Bronze badge
WTF?

beyond the capability?

Not all criminals carry a crowbar and sack. Some criminals might sell software that makes breaking into houses as easy as stealing a phone to run it.

1
0

iOS 9 kludged our iPhones, now give us money, claims new lawsuit

Kevin McMurtrie
Bronze badge

Re: Honest question here

A search of the intertubes says that you can not downgrade. The iPhone bootloader is locked and the iOS9 version does not recognize the iOS8 digital signature.

This is why I only buy phones with a bootloader that can be unlocked. Manucatureres don't like maintaing old phones when there's money in new phones. Once the phone is about a year old, third party ROMs start working better than manufacturer ROMs.

6
1

Google brews a fresh pot of Oracle's OpenJDK Java for future Android

Kevin McMurtrie
Bronze badge

Just in time

This is good news if it means Android will finally get an efficient JIT compiler.

1
2

Here – here is that 'hoverboard' you've wanted so much. Look at it. Look. at. it.

Kevin McMurtrie
Bronze badge
Trollface

Will use it to clear leaves from my walkway at 6 AM.

8
0

Boffins unwrap bargain-basement processor that talks light and current

Kevin McMurtrie
Bronze badge
Thumb Up

"thousands of picojoules for each bit"

Yea! Let picojoules per bit be the next meaningless benchmark race! Since joules and bandwidth both have a base interval of one second, the math comes out to simply (Watts / Bit rate) / 0.000000000001.

Yikes, my home Internet uses over half a million picojoules per bit! I'm going to start calling around to see who can do better than that.

0
0

Death Stars are a waste of time – here's the best way to take over the galaxy

Kevin McMurtrie
Bronze badge
FAIL

El Reg math fail

Volume expansion is cubic while surface expansion is squared. If you want to remotely blast planets with the least amount of mechanical material and the least amount of containment fields, bigger is better.

Bigger is better for big egos too.

0
0

Riddle of cash-for-malware offer in new Raspberry Pi computers

Kevin McMurtrie
Bronze badge

Just a few MB. U can spare a few MB.

It sounds more like a highly specialized form of malware often called shovelware. Linda probably does extensive business with cell carriers, smart TVs, and retail home computers.

0
0

YouTube puts T-Mobile US on naughty list for throttling all vids to 480p

Kevin McMurtrie
Bronze badge
Alert

Un-Un-Carrier

I juat discovered that after rejecting the requests to join Binge-On, it was turned on for me. If I was like John Legere I'd probably Tweet something like, "People hate your shitty #carrier feature so much that you have to turn it on secretly. #suckmycarrier #blurryslownetwork"

1
0

Oracle beefs up container credentials with Five Guys buyout

Kevin McMurtrie
Bronze badge

Re: Five Guys

I'm not liking the clickbait here. I like Five Guys burgers but I'm not going to hire team of consultants to place an order.

0
0

Oracle, looks like your revenues were down. 'Cloud! Cloud! Look at the cloud!'

Kevin McMurtrie
Bronze badge
FAIL

We have this list of e-mails worth billions

What does any dot-com do when collection agencies are checking resale values of the office furniture? Illegal spamming, of course, but with a dumb trick to make it seem legal. Create a new customer marketing preference, default it to "spam constantly", and open the floodgates. Recently I've seen these Oracle/Verizon addresses spewing:

mail01.info.mouser.com (142.0.163.126)

mail02.get.comcastbiz.com (204.92.21.44)

I guess Oracle is in worse shape than thought if this is their new plan for short-term revenue.

0
0

Congress strips out privacy protections from CISA 'security' bill

Kevin McMurtrie
Bronze badge

Traffic problems solved

I was just thinking that traffic here in Silicon Valley was getting out of control with so many tech companies popping up. Thank you to the government for fixing that. With all commerce becoming unsafe by design, the US will soon be too poor to use cars.

2
0

I can turn Yahoo! around claims hedge fund manager

Kevin McMurtrie
Bronze badge

Nice buildings, good location

There's probably not enough to salvage at Yahoo. Their accounts are constantly getting hijacked, they stopped having unique products years ago, the codebase is layers of legacy patches, the portal designs spew too many trashy ads to be functional, and a Yahoo e-mail address is a really good spam indicator. Yahoo could vanish and the world would get over it in a couple of days. The biggest losers would "customer loyalty" companies having millions of throw-away yahoo.com e-mail addresses that can no longer be claimed to be live customers.

4
0

Typo in case-sensitive variable name cooked Google's cloud

Kevin McMurtrie
Bronze badge

It's not an equality test that is involved. Headers, configuration parameters, and interpreter variable names are looked up by with a fast indexing scheme, like a hash. For that to work, all parameters must always be case normalized before use. It seems trivial but it can cause an even more trivial key-value lookup to take 1000 times longer.

0
0

No root for you! Google slams door on Symantec certs

Kevin McMurtrie
Bronze badge

Re: What's the problem?

Follow the link. Symantec generates fake certificates for testing, development, and other "non-public" uses. Those leaked once and Google is worried that they will leak again. If I read between the lines, I think that Google suspects Symantec of being forced to create them for covert spying. That would put Google's hard-earned hoard of extremely personal and extremely valuable data at risk.

14
0

Linksys routers vulnerable through CGI scripts

Kevin McMurtrie
Bronze badge
Mushroom

Most of the Linksys garbage needs a patch

Except Linksys doesn't do patches, maintenance, security, testing, etc.

0
0

Pirate Bay domain suspended thanks to controversial verification system

Kevin McMurtrie
Bronze badge
WTF?

Hold on...

First, you don't need to put YOUR personal information in the records. It only has to be an entity that can be responsible for the domain. Any number of anonymizing services will protect peoples' privacy and civil rights. Spammers have fewer options.

Second, there must be at least some TLDs with validated domain registrations. Feel free to use non-validated TLDs, but people might not give you their credit card number.

2
0

Work on world's largest star-gazing 'scope stopped after religious protests

Kevin McMurtrie
Bronze badge

Land rights

Hawaiians are familiar with land being taken away in the name of progress. Assurances that natives will remain welcome guests could help. (I'm in California, which is no stranger to municipalities and wealthy individuals fencing off large areas of public land.)

0
2

Now you can tailor Swift – Apple open-sources the whole shebang

Kevin McMurtrie
Bronze badge

Loopy

Maybe somebody can throw a proper GC at it now so it doesn't require weak references to break leaking reference loops? I don't want to think about how complicated reference management would become in a large multi-threaded application that needs to be maintainable through several years of new features. Such apps already have plenty to worry about in the source code. Java and Python have been able to blend native compilation, immediate deallocation, and GC for a very long time.

4
1

Apple pays two seconds of quarterly profit for wiping pensioner's pics

Kevin McMurtrie
Bronze badge
Trollface

Should have asked for two seconds of annual profit.

4
0

Correction: 220,000 kids weren't exposed in VTech mega hack – it's actually 6.4 million

Kevin McMurtrie
Bronze badge
FAIL

Shooting phish in a barrel

Chat logs were not encrypted? Carders will be phishing for the wallet, spammers phishing for the login, and some will phish for the children themselves.

2
0

So how do Google's super-smart security folk protect their data?

Kevin McMurtrie
Bronze badge

The irony is that Google Marshmallow considers rooted phones to be insecure, even though that's the only way to receive security patches quickly.

0
0

Some like it hot ... very hot: How to use heat to your advantage in your data center

Kevin McMurtrie
Bronze badge

Re: Data centers can be run much warmer

The efficiency of a datacenter is calculated as computational power per cost. Extra cooling makes that ratio worse and it's for nothing. Why would you want to extend the life of a system from 5 years to 20 years with extra cooling? Old systems use more power and space than they're worth.

0
0

Google takedown requests mushroom as copyright holders play whack-a-mole

Kevin McMurtrie
Bronze badge

Good News

No how do I take down all the "John David" GMail accounts?

0
0

From $6bn to $4.2bn to $2.9bn: Square's ever shrinking unicorn horn

Kevin McMurtrie
Bronze badge

Bubble 2.0

Bubble 1.0 was about pumping up the stock price with fraudulent claims of revenue and productivity, often from empty offices. The Securities and Exchange Commission won't be fooled by that trick again. Bubble 2.0 is scaring crusty old software companies into believing that they have one foot in the grave and new startups are taking over. Bubble 2.0 grows because the premise is true yet it will pop because spending billions to buy startups is an expensive way of feeding your disease.

0
0

Apple – it's true: iPad Pro slabs freeze when plugged in to charge

Kevin McMurtrie
Bronze badge

Can-do

This will get the usual modern electronics solution: Fix it in software no matter what. Use software even if it means saving the internal state to flash memory when you plug it in and rigging up some other chip to power cycle the board when the main CPU stops. Tell customers to that the device is becoming obsolete and it's time to buy a newer one that works better.

3
1

Microsoft chief Satya drops an S bomb in Windows 10, cloud talk

Kevin McMurtrie
Bronze badge

The new Web: Security is not letting anyone else have the creepy personal information that you've worked so hard to collect.

5
0

Apple's Faulty Powers moment: iPad Pro slabs 'temporarily bricked' during recharge

Kevin McMurtrie
Bronze badge

Theft

They stole the Oppo Find 7 firmware!

0
0

Hold on, France and Russia. Anonymous is here to kick ISIS butt

Kevin McMurtrie
Bronze badge
Mushroom

Re: Cloudflare's CEO is right about one thing

You're wrong in implying that it's OK to assist in illegal activity until a court order arrives. Businesses are obligated, by law, to know what they're doing. That closes a loophole where there's a massive asymmetry between initiating the crime and shutting down the crime - millions of dollars and thousands of man-hours to produce and enforce a court order every time a criminal runs a script to set up shop.

CloudFlare knowingly hosts phishing sites with fraudulent accreditation and certification badges. They knowingly host CAN-SPAM violators. They know they are hosting illegal telemarketers. They knowingly host sites making illegal calls for violence. The even blog about how they are assisting illegal activities with the stupid defense that somebody else will if they don't. For all the trouble I've had with their scammers, I won't shed a tear if lots of black trucks arrive and their whole operation and a few executives vanish.

19
2

California cops pull over Google car for driving too SLOWLY

Kevin McMurtrie
Bronze badge

Re: What's funny...

"One thing I don't quite understand is what Google get out of this project."

Are you kidding? The same thing Google does with their search engine: Knowing where you've been, where you are, what you might want, and then taking you to paid results. You get in the car and say, "I want a burger." It offers to take you to whatever local restaurants are paying for hits on burger searches. On the way home it mentions that some stores are having sales and offers to take you there too. Money, money, money.

1
0
Kevin McMurtrie
Bronze badge

They're making right turns from the left side of the road. Cyclists get cut off and other cars get blocked.

0
0
Kevin McMurtrie
Bronze badge

Googlers are, by far, the biggest collection of asshole and incapable drivers I've ever witnessed in the US. Their self driving cars have unfortunately inherited some of those traits. The reason for them not officially being at fault in a crash is because each one exists inside its own low speed traffic jam bubble. Here's where you can witness the self-driving cars screwing up every weekday around 5 - 6 pm: Plymouth St and N Shoreline Blvd - Self driving cars can not pass through stopped traffic yielding at an intersection. W Middlefield Rd at N Shoreline Blvd - Self driving cars make illegal wide right turns across bike lane.

2
4

Most developers have never seen a successful project

Kevin McMurtrie
Bronze badge

<ding> <dong> Do you have a monent?

It's only a matter of time before Agile evangelists start going door to door to pass out literature in support of their local scrum master and Tuesday morning standup. They're preaching the same doom, gloom, and salvation story as traditional profiteers of religion. This abuse is a shame because Agile is useful when applied in moderation to the right kinds of projects. Absolute, unquestioning faith in any process is a sure way to go out of business. ("Can Jesus make a rock so big he can not lift it?" == "Can a company be so Agile that it can not adapt to new methodologies?")

0
0

Apple's OS X App Store downloads knackered by expired security cert

Kevin McMurtrie
Bronze badge

Re: This is why the....

This happened to DIVX video discs when DRM owner Circuit City failed. It happens when DRM controlled electronics are given a forced update and the DRM controlled media/app is no longer compatible. Anyone using permissions based DRM should be forced to call it a lease or a long-term rental rather than a purchase. I believe this is a large driving force behind the race to the bottom in online purchases. The price that I will accept for DRM purchases is based on my expectations of a 3 month lifespan.

8
1

Boffins teach Wi-Fi routers to dance to the same tune

Kevin McMurtrie
Bronze badge

I thought 5 GHz was the solution to urban congestion by having lots of channels and poor penetration. I've never seen it get too crowded and I've never seen it travel through more than 3 walls.

3
0

Roamers rejoice! Google Maps gets offline regional navigation

Kevin McMurtrie
Bronze badge

Re: But then how will they track you

It will definitely be time to worry about offline tracking if Google changes their mind about storage cards.

0
0

So. Farewell then Betamax. We always liked you better than VHS anyway

Kevin McMurtrie
Bronze badge

Re: Can we finally settle this?

Lightness, chroma, and sync are encoded with different frequencies, response curves, and emphasis. There is noise and dropout masking because the tape signal is quite dirty. Later models encode a stereo signal into the drum head too. I'm not sure why, but there are always pots for tuning the horizontal and vertical alignment between even and odd frames.

I just took apart a Betamax to help digitize some tapes. It has one large control board, two large analog processing boards, an RF daughter card, some small servo boards, and a speaker driver board. Most of the boards have all wires exiting on the same side so that you can put the player on its side and fan out the boards like an open book. I honestly don't know why it drives speakers. That was a mystery even when it was "state of the art."

1
0
Kevin McMurtrie
Bronze badge

Re: Can we finally settle this?

For image quality - absolutely. Betamax was comparable broadcast quality on a 19" TV while VHS looked smeared and had almost no color resolution.

The opposite may true of mechanical quality. The Betamax tape path wraps almost completely around the drum head from one side, snaking through many polished pins and rollers. It would damage tapes with even the slightest misalignment and getting all those parts cleaned and calibrated for a good picture was pure magic. Players had slack sensors and multiple drive systems to regulate tension. Tracking was always fussy. Fast-forward and rewind were slow because the tape either had to unwrap and rewrap or it had to travel slowly enough to not fly off the path.

VHS pulled the tape straight out and pushed it against part of the drum head. The reduced contact path gave VHS a lousy picture but simplified mechanics.

Both systems needed fancy computers to convert encoded video signals that were at different resolutions between tape and TV. Early models literally had stacks of analog computer circuit boards filling those bulky boxes.

4
0

ProtonMail DDoS wipeout: Day 6. Yes, we're still under attack

Kevin McMurtrie
Bronze badge
Mushroom

Name and shame

Sort those IP addresses, do the lookups, start naming hosting providers, and start building blacklists. Call BS on every network that claims they're too important to need an abuse response team. I bet the blacklist attenuates the attack very well with only a handful of networks placed in it. It doesn't catch any hackers but it takes their toys away.

3
0

Stick a pin in a sales droid to avoid cable voodoo

Kevin McMurtrie
Bronze badge

Apple ][

It was indeed a stepper motor in the Apple ][ floppy drive. Head movement came from a spiral grove on a cheap plastic disk rather than the usual metal screw. The clacky-clacky-clacky boot sound was the calibration procedure - spin downward for a long time and let the needle skip. Track positioning and sector alignment was all performed in crude software so it needed massive physical padding. Spindle drive was your average cassette tape player motor - brushed motor and a simple negative resistance circuit to regulate speed. There was also the legendary bug where sector interleaving was wrong, resulting in throughput of about one sector per revolution. All this is why there were hacker DOSes that ran 8x faster and sometimes boosted floppy storage.

The Apple ][ was obscenely crude, lazy, and overpriced. Everything was a cool trick that wasn't quite right. It was endless educational fun for recreational hacking but excruciating for business software.

1
0

Google engineer names and shames dodgy USB Type-C cable makers

Kevin McMurtrie
Bronze badge

Re: Er....

There's a specification for dumb chargers where the data lines are shorted together and current is negotiated by monitoring voltage droop. Despite some warnings that exceeding 1 amp may not be a good idea, many chargers provide 4 to 5 amps. USB 1 and 2 data devices are limited to ~1 amp because you don't want the power lines to have less voltage than the data lines.

0
0
Kevin McMurtrie
Bronze badge
Boffin

Er....

Old USB allows up to 5A for chargers. With such a low voltage used, it's difficult for there to be more than 2.5 W of losses before the power consumer no longer has enough voltage to function. 2.5 W lost across the length of a wimpy cable won't generate much heat. 0.5 W lost in a heavy cable with 2 W lost at a spot of fraying sill won't generate much heat due to good thermal conduction.

I could be reading the spec wrong, but it doesn't look like the resistor needs to be there except to possibly improve efficiency. USB-C high voltage mode needs a data handshake.

3
10

Music lovers move to block Phil Collins' rebirth

Kevin McMurtrie
Bronze badge

Re: Gated reverb is luvverly (especially with a bit of reverse)

The 80's also had a good level of dynamic range compression that helped give it that sharp and clean sound. Amplitude was often too choppy in the 60s while today it's puréed droning.

4
0

Alumina in glass could stop smartphones cracking up

Kevin McMurtrie
Bronze badge
Flame

2000 °C Oxygen

Pretty much everything except glass does this in 2000 °C oxygen -->

0
0

Wireless charging desks are coming

Kevin McMurtrie
Bronze badge
Meh

Engaging new paradigm of synergistic integration

I don't want to register my desk to activate it, spend hours tracking down desk malfunctions, receive e-mails about new desk opportunities, view personalized content related to my choice of desk, become park of an online desk community, enter a walled garden of compatible surface objects, plug my desk into an outlet, or upgrade my desk every two years. Do not integrate tech into to my desk.

1
0

SeaMeWe-3 submarine cable spur borked until November 10th

Kevin McMurtrie
Bronze badge

You might notice that your tinfoil hat is heavier than usual and has some small protruding wires. It's nothing to worry about. A figure in black suit sat on it by accident, felt sorry, and made some repairs.

13
0

Seagate unveils enlarged spy drive with support for 64 spycams

Kevin McMurtrie
Bronze badge

I can see bandits defeating a heavily loaded surveillance system by dressing up as large swaying bushes to raise the H.264 bitrate.

0
0

Forums