Feeds

* Posts by richardcox13

60 posts • joined 19 May 2012

Page:

Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug

richardcox13

Re: I don't get it..

> why expect a length parameter at all ? That is metadata that can be calculated quite trivially.

How? A socket connection is just a stream of octets, there are no record delimiters (except as provided by your own protocol).

And then you need to detect with partial data (eg. interruption on the network).

5
0

QUIDOCALYPSE: Blighty braces for £100 MILLION cost of new £1 coin

richardcox13

Re: Deal With It!

> A triangular rubber coin 6,800 miles along each side?

Fiddling small change then, and thus not accepted by glacta-banks.

1
0

BT caught in data gaffe drama: Whistleblower squeals over alleged email fail

richardcox13

Re: HTTPS compulsory?

> Someone better tell El Reg then.

Indeed.

More than a little of the pot calling the kettle black here.

0
0

Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge

richardcox13

They certainly do use images.

But the images are always the complete install (a "diff" image would work, but only for the same base).

However there are a lot if images to manage and maintain: different OS editions/versions, different Office editions/versions, ...

This soon becomes a rather large number each patch Tuesday.

1
0

Q&A: Schneier on trust, NSA spying and the end of US internet hegemony

richardcox13

The Halting Problem Applies to Verification of Computer Systems

From the first page of the article:

> So what's your solution?

>You can imagine some future technology where you can prove assurance, where you

> can prove that a piece of software or hardware does what you believe it does and

> nothing more. That's not beyond the realm of possibility.

Wrong. It is beyond the realm of possibility. I would have expected Bruce Schneier to be aware of the halting problem. Turing proved that there is no possibility to provide a procedure that will determine if a given program will halt (terminate). As any specific action can be mapped to termination (when X happens halt) you cannot prove it does or does not do something.

2
0

Github brews text editor for developers

richardcox13

Re: Umm, what?

If notepad is sufficient for your – clearly limited by definition – text file editing needs, then stick with notepad.

For those of us who work with non-trivial text files, there are lots of options: this has a lot to live up to.

And yes, it does sound rather like that everything is programmable/customisable approach of Emacs and other editors that have survived for more than a few update cycles. This is no bad thing: just because it is an old (relatively) idea does not mean it is a bad idea (equally a new idea is not automatically a bad idea).

2
0

Microsoft tries to re-invent GPS with cloudy offloads

richardcox13

Re: Does it really take that much power?

> Maybe GPS used a lot of power a while ago but I assume all that calculation is now handled by dedicated logic

True for some dedicated devices certainly.

But it seems smart-phones (and, based on experience of battery life when not plugged in, car sat-nav units) don't have such specialist hardware, rather using their CPUs to perform the calculations.

Just calculating the position wouldn't be too bad, but then that calculation is done repeatedly to track position and velocity changes, then transforming and laying out the map display in real time to match…

0
0

Collective SSL FAIL a symptom of software's cultural malaise

richardcox13

Re: So what's the solution?

Your third paragraph is why. Mono-culture is bad, however much better that one is currently.

(This is why I am glad IE and Firefox do not use Webkit: everyone using one browser engine would just lead to a repeat of the first browser wars with Webkits' defects being the new standard.)

2
0
richardcox13

Re: Goto

Using goto when goto is the best approach (such as a series of tests with shared non-trivial clean-up) is reasonable. It would be possible to fake the gotos with breaks in a do...while (false) one-shot loop but that is a significant abuse of a loop (and the one-shot nature is hidden at the bottom).

In this case a boolean tracking hasFailed and checking in each test would be reasonable, but if the existing tests are more complex the addition of checking that boolean adds to the complexity.

In the end the pattern of a series of tests with a fall-out to common clean up is seen often enough the pattern is recognised and thus the code easier to understand.

Remember Dijkstra's paper (it is worth the effort to read) is about the overuse of goto when there are better alternatives. Too many people see the title without reading the content and thus "ban goto".

All that said; in more than two decades of professional programming I've use goto twice (C++'s ability to do cleanup in a destructor of local objects really helps).

9
0

CERN outlines plan for new 100km circumference supercollider

richardcox13

Re: Why not space?

Low Earth orbit still has quite a lot of atmosphere (this is why the IIS needs a push from time to time).

The vacuum in the LHC is orders of magnitude greater than that of inter-planetary space which is already far greater than just above a planetary atmosphere.

3
0

Blighty's winter storms are PUNY compared to Saturn's 200mph, 15,000 mile wide HEXACANE

richardcox13

Re: A hex upon thee

However they don't handle the central pin added for "security".

1
0

Eagle steals crocodile-cam, records video selfie

richardcox13

Re: Bloody eagles

No. That would be parrots. Specifically keas in New Zealand.

Often know to have a go at the window etc. seals on cars.

1
0

Microsoft, Cisco: RC4 encryption considered harmful, avoid at all costs

richardcox13

Equally there is no patch for XP/Vista to make it possible to disable RC4. Or support for TLS 1.2.

Old versions in extended support don't get new features.

1
0
richardcox13

> As a web browser user how do I tell if a site is using RC4?

In IE: Right click and select properties: details of the ciphers used is under connection.

In Chrome: click on the padlock on the address bar and click on the connection tab.

In Firefox it is in Tools | Page Info at the bottom of the General tab with more details on the Security tab.

0
0

The legacy IE survivor's guide: Firefox, Chrome... more IE?

richardcox13

Re: Rose tinted spectacles

> The Googled tutorials on W3C all agree that the method is supposed to give focus to the target window.

Then they are simplifications and/or out of date.

I suggest a reading of the specification of Window.focus() (and Window.blur()), especially the Note at the HTML5 specification. Direct link for the latest working draft: http://www.w3.org/html/wg/drafts/html/CR/editing.html#dom-window-focus.

0
0
richardcox13

> written in vb are in he same boat but without any of the options to ease the blow.

Assuming you mean VB6 then no, or at least not any time soon.

Win8 and 8.1 include the VB6 runtime, so that is supported—you applications will keep running—until at least those OS' go end of life (for Win8 enterprise currently set at 2023-10-01).

Of course if I business is still, in a decades time, running applications written what will be a more than 25 year old tool, then perhaps that business is itself so obsolete that it is time to switch off life support.

0
0

Happy 10th b-day, Patch Tuesday: TWO critical IE 0-day bugs, did you say?

richardcox13

Re: and...

> we're looking at ~169mb per client this month !

Only if you're not running WSUS, which if you have enough machines to matter you should be.

1
0

Great Britain rebuilt - in Minecraft: Intern reveals 22-BEEELLION block map

richardcox13

Re: Easter Egg

The blog entry about it shows an image isn't from the OS map data...

http://blog.ordnancesurvey.co.uk/2013/09/minecraft-creating-a-map-of-great-britain/?utm_source=rss&utm_medium=rss&utm_campaign=minecraft-creating-a-map-of-great-britain

0
0
richardcox13

Re: Why bother ?

You cannot build your own things in Google Maps.

Hmm... I wonder if ComputerCraft is up to a mini-Minecraft inside Minecraft: at home playing Minecraft at home playing Minecraft…

0
0

Bulging racks top of mind for Dell's new switch

richardcox13

> All those ports are packed into a 1U form factor that This all happens in a 1U form factor that can't be prised apart and reconfigured, an arrangement […]

Someone needs to have a word about proof reading…

2
0

myOpenID to close down for good in February 2014

richardcox13

Re: and what happens

> Doesn't StackExchange work primarily on OpenID - I have about a dizen sites all on the same login so that's going to be annoying.

However:

1. StackExchange has its own openID provider: set up an identity there as the future replacement.

2. StackExchange has a central identify across all its sites, so you only need to change once. You might need to log into each site (that isn't a sub-domain of stackexchange.com) separately with the change.

3. You can have multiple logins configured for your StackExchange account. Therefore adding the new identity while still being able to login with the current one.

Doing this, and updating by domain's default page's link elements away from myOpenId, is now on my to do list...

OpenID is in so many ways the right approach to identify. However the failure of the various OpenID providers (especially Google in the early days) to provide a consistent approach for the consumers of OpenID logins (the web sites you login to) made it too unreliable and too hard in practice.

3
0

Can't agree on a coding style? Maybe the NEW YORK TIMES can help

richardcox13

> It's not wrong at all. Just depends on your preference, as long as it's all consistent.

Exactly. If you cannot read and maintain any consistent style then you need to think of a different career. There are far harder things in programming (understanding what the customer wants for a start).

OTOH one can have a preference: one true brace style is called "true" for a reason :-).

A coding style only needs four unbreakable rules:

1. Be consistent.

2. Indent to make program structure clear.

3. Name's clarity (eg. long and more more descriptive) should reflect their scope.

4. Tabs/spaces [choose one for the team/organisation, delete the other] only.

/Everything/ else is subject to argument and exceptions.

0
0

The bunker at the end of the world - in Essex

richardcox13

Re: If you liked this....

Certainly worth a visit. They have a collection of cold war military equipment including a WE.177 case (well I hope it's empty).

Lots of signs to it in the area... really must get a photo of a few on a visit to family in the area at some point.

0
0

Microsoft hosts bar mitzvah for mature Azure

richardcox13

Re: PCI-DSS

In the early days of Azure there was a lot of talk about lots of security verifications being done (usual alpha-numeric soup of standard identifiers).

So it is possible PCI-DSS is covered.

But likely you'll need to ask Microsoft directly if a hunt for "Azure security compliance" fails to show anything.

0
0

Higgs hunt halts as CERN prepares LHC upgrades

richardcox13
Boffin

Re: Super Proton Synchrotron

> Radiation damaged cables? How?

Read up on synchrotron radiation: when you use an electro-magnetic field to change the direction of charge particles (eg. protons) EM radiation is emitted. At the energy levels of CERN this is hard X-Rays.

0
0

Next-gen H.265 video baked into Broadcom's monster TV brain

richardcox13

Re: That's why codecs are usually compared with lots of different footage

> BBC has to constantly transmit every local station as a full stream

If I recall correctly this has already changed[1] or is due to sometime soon if not done already.

The problem was combining the variable bandwidth stations in the MUX with the regional BBC1 feeds and sending to the regional transmitters: the technology to make BBC1 variable width in each region and merge didn't exist when Freeview started.

With newer kit, HD and analogue switch off the situation has (or will soon) change.

[1] I seem to recall it was linked to the completion of analogue switch off and HD roll out.

0
0

British armed forces get first new pistol since World War II

richardcox13

Re: 9mm?

"NATO Standard Rounds" makes for simpler logistics, and in the end conventional wars are more about logistics than anything else.

18
0

Boffins create quantum gas with temperature BELOW absolute zero

richardcox13

Re: "The temperature scale simply does not end at infinity,"

> Or do they have other research going on that gets to negative values of temperature by heating something to infinity and beyond?

That's exactly it.

The Wikipedia article http://en.wikipedia.org/wiki/Negative_temperature has been cited as containing a good introduction.

It is an effect in a quantum system so you need to forget your intuition.

3
0

Perl programming language marks 25th birthday

richardcox13
Holmes

Pathologically Eclectic Rubbish Lister

Given garbage in is the norm this is inevitable.

0
0

Linux kernel dumps 386 chip support

richardcox13
Boffin

Re: 486?

> Isn't 486 a 386+maths coprocessor?

Not necessarily: remember the 486SX?

Plus it made some significant changes to the instruction set that made multi-threading significantly easier. For example the atomic interlocked increment and decrement operations return the new value rather than just a zero or not-zero indication. Hence (from the article:

> which complexity has plagued us with extra work whenever we wanted to change SMP primitives

(And also why the InterlockedIncrement and InterlockedDecrement Win32APIs where different on WinNT vs. Win9x.)

5
0

Flash memory made immortal by fiery heat

richardcox13

I Think Wear Leveling Will Still be Needed

> look like making wear levelling irrelevant.

I don't think so.

Image a block being written once a second (quite possibly pessimistic for something like control information in a database file on a busy server), that's ~31.6 writes a year.

So 100 million is reached in a little over three years.

So unless the ">" in "to > 100M Cycles" is really order of magnitude greater than, wear levelling is still going to be needed for server (ie. enterprise grade) SSDs.

1
0

Reg boffins blow lid on sheepsecs

richardcox13

Re: I'm no physicist, but ...

Vacuum is not empty.

All that quantum fluctuation (where the closer you look the more noisy it becomes) for a start.

Plus the odd bit of dust or gas.

(The vacuum used in The LHC contains considerably less matter than in inter-planetary space.)

1
0
richardcox13
Go

Re: But

> A Dyson should be able to suck up a real one. Or a lamb. Or at least kittens.

Which leads to the question: what is the speed of a kitten in a Dyson?

Should be a little more of an everyday speed that a sheep in a vacuum? (The outer space kind rather than cleaner kind of course.)

0
0

World's oldest digital computer successfully reboots

richardcox13
Alert

Re: The good old days...

> 0.066666 FLOPS

To put this in perspective, the Harwell Dekatron described was built in 1949, so assuming it was running continuously ever since it has 63 years of runtime at that 1/15 flop/s.

And then compare with the 27PFlop/s Titan at Oak Ridge (top of the latest Top 500 list).

A few calculations...

Titan would take about 500nS to perform the same number of operations at the Dekatron in 63 years.

Five hundred NANOseconds.

Even a nVidia Tesla card, running at about 1TFlop/s would only need around 130μS.

Even a computer as slow (by today's standards) as a megaflop would only need a couple of minutes.

3
0

El Reg mulls commentard icon portfolio shake-up

richardcox13

Re: A Patent Wars icon is needed

A crying toddler. or rather having a strop would cover many a report of legal posturing.

2
0
richardcox13

Re: We need

Unicode already has its 'PILE OF POO' (U+1F4A9), so this isn't much of a stretch.

http://www.fileformat.info/info/unicode/char/1f4a9/index.htm

0
0

Windows 8, Surface slabs ALREADY need critical security patch

richardcox13
Boffin

Re: I just spat out my instant noodle

Remote code includes documents received from other parties.

2
0

NASA snaps revealing pix of visiting near-Earth asteroid

richardcox13
Go

For lots of "near" misses...

follow https://twitter.com/lowflyingrocks

0
0

Google bod exposes Sophos Antivirus' gaping holes

richardcox13
Boffin

I would suggest a more careful read of the article, in particular this sentence:

> Ormandy reported the vulnerabilities to Sophos on 10 September.

That's rather more than 5 days,

0
0

New York tech firms form 'bucket brigade' to fuel flagging servers

richardcox13

I would expect Peer1 (who run the DC) will be looking at that in the future.

The fuel tank may well be stuck in the basement by local planning (zoning) regulations, but maybe putting the pumps in the ground or first floor (1st or 2nd for USAians), maybe with a submergeable booster next to the tank (to get things moving).

0
0
richardcox13
Boffin

Re: Use the cloud

Some web sites have done that.

StackExchange.com (including StackOverflow.com) are running out of their backup DC in Oregon, some of Fog Creek's applications are now in AWS.

Of course this isn't something you can just magically do, throw some servers into another DC and it will work, you need both application changes and administrative processes (and monitoring) that will allow the fail over. (Eg. StackExchange recently – in a rather timely manner – tested their fail over, found some issues and fixed them.) Whether for a given web site it is worth the costs for the level of risks is a business choice.

0
0

Researchers find not all EC2 instances are created equal

richardcox13
Boffin

Re: Anyone actually expect the hardware is the same?

> You'd hope performance would be equivalent regardless of the hardware.

Not really, I would expect performance to be no worse (and often better) than the minimum specified for the type of VM.

Ie. you get at least what you pay for, but you might get lucky.

Of course those faster, more modern, host machines could be getting a higher density of VMs loaded on to them. So a faster CPU might just mean more users sharing it so – on average – you end up getting the same availability of CPU instructions executed per unit time per VM.

1
0

Register SPB hacks mull chopping off feet

richardcox13
Boffin

Re: Americans...

Arguably for much of physics even the SI units are a RPITA. So many things would be easier with "natural" units. For example in particle physics using Planck Units, however these are not exactly practical outside their specialisms (time in units of approximately 5.4e-44s and distance of 1.6e-35m).

0
0

Reviewers say ‘yes’ to Higgs boson data

richardcox13
Boffin

I suggest a view of

http://www.youtube.com/watch?v=9Uh5mTxRQcg&feature=share&list=ECED25F943F8D6081C

(followed by parts 2 and 3), which briefly covers how a particle is a field and visa versa.

0
0
richardcox13
Thumb Up

Re: whoa!

> And the articles are not behind a paywall for a change.. *shock*

Indeed, and it gets better, from the "Open Access" section of each article:

> his article is published Open Access atsciencedirect.com.It is distributed under the terms of the Creative Commons Attribution License 3.0,

2
0

Global strategic maple syrup reserves hit in Canadian mega-heist

richardcox13
FAIL

"Dominion's vast southern neighbour"

The dominion in question has a somewhat larger area than the southern neighbour.

Too much sub-editing without fact checking?

2
0

Why Java would still stink even if it weren't security swiss cheese

richardcox13
Alert

Re: Mostly agree

Do the admins having to deploy that "scalable, stable, ultra low-latency and high throughput algo trading system" agree?

2
0

Disable Java NOW, users told, as 0-day exploit hits web

richardcox13

Re: Problem for 3-D Secure?

Certainly Verified by Visa does *not* use Java (remember the only link between JavaScript and Java is in their names).

0
0

Password hints easily snaffled from Windows PCs

richardcox13
FAIL

This is not a security hole: if you can access this you already have complete access

To access this information you need to either capable of taking ownership of that part of the registry or running as SYSTEM.

In either case you all ready have complete and total control of the machine.

(The linked article acknowledges this., Hint: check out the ACL on HKEY_LOCAL_MACHINE\SAM\SAM.)

Another case of if you are already inside the safe, the you have access to the contents of the safe.

1
0

Visual Studio 2012 arrives in MSDN downloads

richardcox13
Go

Re: Express: Are they fealing the 'heat' or... ?

> Very surprising if you ask me since former statements seemed to indicate that desktop development wouldn't be freely available at all, only in the full versions of VS 2012

That was changed several months ago due to the outcry the limitation it generated. Announced on one of MS DevDiv's blogs a few months ago.

0
0

Page: