* Posts by Bronek Kozicki

1834 posts • joined 6 Sep 2007

No wonder we're being hit by Internet of Things botnets. Ever tried patching a Thing?

Bronek Kozicki
Silver badge
Flame

Re: Make secure the default state

The one problem with automated firmware updates is that they present "ultimate backdoor". Ultimate, because I cannot imagine a way around it. Just like someone could steal Microsoft's private key (unlikely, but not impossible) to build a "rogue Windows update", so could someone steal keys used to sign the updates of the vendor. The only option is to trust that these keys are well protected (and so are DNS servers pointing to where the updates are served from), and I have big problem with that, in the context of IoT vendors ...

1
0

SpaceX: Breach in liquid oxygen tank caused Falcon 9 fireball ... probably

Bronek Kozicki
Silver badge

Re: "...one tenth of a second..."

Actually I think you will want low latency, high frequency sensors and fast connections. "Low latency system" to me implies data processing, but that does not have to be done in-place at all, as long as you have sufficient bandwidth to move the data away, to a secure place. As others noticed, a piece of fibre in the tower would go a long way.

1
0

Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs

Bronek Kozicki
Silver badge

Re: Anonymous coward

@diodesign there seem to be a problem with Steam edition of the game

1
0

Sad reality: It's cheaper to get hacked than build strong IT defenses

Bronek Kozicki
Silver badge

Re: Solution?

Or another step: require insurance for handling of users and customers data and let the insurance premiums factor in the possibility of breach in your particular setup. You cannot have "100% secure" and you have to pay one way or another - either in your security setup or in insurance premiums.

However, step one to this would be for companies to actually need insurance money, in significant quantity enough to bother with insurance in the first place. That's when fines (or perhaps civil action lawsuits) come in.

8
0

New Gnome emerges blinking into the sunlight

Bronek Kozicki
Silver badge

Re: It's still smartphone-GUI-on-a-workstation.

"Stick with Cinnamon or MATE you fossil, and keep your negative reactions to GNOME in you retirement home and forget about flatpak or Fedora."

FTFY

0
0

Zombie Moore's Law shows hardware is eating software

Bronek Kozicki
Silver badge

Re: I Call BS

"Patch Tuesday" will contain updated soft configurations

It already does. Also available for Linux.

0
0
Bronek Kozicki
Silver badge

The whole problem with Van Neumann machine

... is power required for accessing the memory where program and data are stored. Compared to the power budged of actual computations, it used to be small in the previous century. No more - currently it is orders of magnitude higher than power used for actual computation. Additionally, the latency getting the data out of memory has not much improved in the past decades, compared to increasing CPU computing power. Even worse, since increasing parallelism had become the only viable choice for increased software speed, the synchronization of data in memory (that is, completed memory writes and cache synchronization between cores) has became critical to computing performance. There is little that can be done while we are still saddled with inefficient DRAM. However, FPGAs or ASICs also need to read and store data somewhere - even if the program is hard-wired. Of course for small programs there is nothing wrong with small amounts of SRAM, but things are different if you look to deploy these devices into wider environment, with large amounts of data flowing around. Which means they will hit memory limit too (actually I am pretty certain they are hitting it already). When much faster and cheap (both in terms of money and power budget) alternatives to DRAM become commercially available, the tables might turn again.

Still, it pays off to (and will continue to) know both hardware and software side of programming, so kudos for the article.

5
0

Microsoft thinks time crystals may be viable after all

Bronek Kozicki
Silver badge
Joke

I know, I know!

The whole article is basically gibberish, and is a result of Microsoft's experiments with AI to test the theory whether an AI could create a convincing press release without human input and on an arbitrary subject. Basically, research study in the similar direction to this (scroll to the bottom for musical analogy intended)

9
0

Linux 4.8 rc6 facepalm!

Bronek Kozicki
Silver badge
Flame

Well ok , late pull requests can be pain in the backside, but I would not call it a facepalm.

10
0

Inside our three-month effort to attend Apple's iPhone 7 launch party

Bronek Kozicki
Silver badge

Oh, sweet sound of silence

I, for one, am very happy NOT to see sweeping coverage of Apple events, and minimally improved products, on El Reg pages at the same time when every bloody TV station and newspaper are full of Apple adds (often called "press coverage", by some accident) and subtle reminders that "now is the time to upgrade your phone/watch/computer".

In fact, a 1 month blacklist before and 1 month after an event, for coverage of any Apple products, would be a really good thing. This could be even draped into some or the other ecological or social stance, and as such popularized in other media.

3
0

Linus Torvalds won't apply 'sh*t-for-brains stupid patch'

Bronek Kozicki
Silver badge

Re: A little bit more nuanced...

"The issue is that for some devices, the driver is generic and the firmware can be written be anyone. Hence the firmware BLOB can come from a standard filesystem which isn't available until the system has booted"

Thanks for the explanation, but why the firmware blob cannot be included in initramfs like the drivers are? That would seem to be the usual way of making things work.

2
0

Adobe ices ColdFusion server admin password, file hack hole

Bronek Kozicki
Silver badge
Facepalm

The real news here is ...

"The ancient applications platform is used by some 30 million websites"

Some people have no fear of anything. Or, more often, do not know enough to fear the thing they see.

1
1

Drama in orbit: Brazen UFO attacks Earth's Sentinel-1A satellite

Bronek Kozicki
Silver badge
Mushroom

It's not the time yet ...

... but whenever I hear of collision in Earth orbit, I start thinking "Kessler syndrome". Icon appropriate for severity.

2
0

French, German ministers demand new encryption backdoor law

Bronek Kozicki
Silver badge

Why bother?

To me all such legislators are similar to calls to "establish" the value of pi to be 3.0 . Cryptography is math, you cannot ban math, hence you cannot ban cryptography. The best they can do is to make it difficult for people to use strong cryptography, but "make difficult" is obviously not the same as "prevent".

0
0

Microsoft's HoloLens secret sauce: A 28nm customized 24-core DSP engine built by TSMC

Bronek Kozicki
Silver badge

Microsoft as a hardware company

You may laugh, but they used to make good mices (mouses?), keyboards and webcams. Perhaps time for specialized CPUs ?

0
2

Ten-trillionths of your suntan comes from intergalactic photons

Bronek Kozicki
Silver badge
Coat

Ten galaxies worth of sunscreen, please

5
0

Business users force Microsoft to back off Windows 10 PC kill plan

Bronek Kozicki
Silver badge

Re: Microsoft start listening to people outside your bubble

It is not just convention. Microsoft has both gamers and business users (like Trevor Pott) by the balls. Yes there is Libre Office, Steam, and I'm very happy for this and wish them well, but it is early days. For Linux to be good alternative for these two markets (not just viable), much more client focused software is needed, for users to choose from. As a gamer (well, not much and only sometimes) I really hope for Vulkan. As a business user ..... well, someone please find me good alternative to Outlook, which works with Exchange just as well.

8
1

$200,000 for a serious iOS bug? Pfft, we'll give you $500,000, says exploit broker Exodus

Bronek Kozicki
Silver badge

Re: Good.

If there is plenty supply of exploits on a given platform that means two things 1) the exploits are cheap and 2) platform is inherently insecure. While the law of supply and demand would necessarily focus on the first point (otherwise whoever is willing to pay for exploits would go bankrupt, and yes I'm also puzzled why Flash exploits rate is far more than $100 a pop), the second point indicates that the vendor does not care (enough), which also means that either they are short step to bankrupcy or, more likely, their business model factored that security exploits are not going to ruin them over night.

Yes, the exploits might ruing their customers, but did you read any of the EULAs of the software you are using? Yes I am being cynical, but that's the reality we live in.

1
0

Intel overhyping flash-killer XPoint? Shocked, we're totally shocked

Bronek Kozicki
Silver badge

Not really. First, I think QuantX is shared business with Intel (i.e. not in competition), secondly we are talking about generation 1 of the device. As long as HP and others delay delivery of alternative memory technologies, XPoint has a fighting chance. Still, at this moment it is far from impressive.

2
0
Bronek Kozicki
Silver badge

NVME latency ?

Specs on DC P3700, table 7 on page 11, state sequential read/write latency 20us and random read/write latency 115us/25us (yes, writes are faster - ideal for ZFS SLOG device). This is far from 200us used for comparison in the article. Yes, DC P3700 is expensive, but I suspect that comparable capacity QuantX would be more expensive anyway.

1
0

Thieves can wirelessly unlock up to 100 million Volkswagens, each at the press of a button

Bronek Kozicki
Silver badge

Re: So long and thanks for all the fish

You do not seem to be aware of the relation between German economy and car manufacturers. Also, 20% of VW is effectively state-owned

7
1

Boffins' blur-busting face recognition can ID you with one bad photo

Bronek Kozicki
Silver badge

One nation under one CCTV

I knew it would come, but it is still scary.

9
0

Julian AssangeTM to meet investigators in London

Bronek Kozicki
Silver badge

Re: While this is going on...

Snowden demonstrated why you can't be too paranoid.

19
2

Google Chrome will beat Flash to death with a shovel: Why... won't... you... just... die!

Bronek Kozicki
Silver badge

Oh I am so sorry for all those Flash developers ...

... not.

1
0

Linux 4.8 rc1 lands, with Surface 3 support promised!

Bronek Kozicki
Silver badge

Presumably those who pay their salary also are the ones who decided to go it alone.

0
0
Bronek Kozicki
Silver badge

Only last week I had to fiddle with some userland code, in fact the Python 3.5 socket module that broke because of a change in a minor kernel revision.

Please elaborate, best with a link to Linux Kernel Mailing List archive. Linux have very strong rules for not breaking user code with kernel changes. Linus is know to personally jump into these kinds of issues, and has some very strong language reserved especially for the guilty developers.

7
0
Bronek Kozicki
Silver badge

Depending on what you call "proper modular device driver system". Almost all device drivers are built as separate binaries, so it has one if that's what you are asking for. The ones which are under GPL usually sit in the single source tree of the upstream kernel, because that makes maintenance easier.

There can be drivers under GPL which are nevertheless not submitted (or accepted) into upstream, and there can be also drivers which are not under GPL, in both cases we are obviously talking about separate projects, meaning their development would not be reflected in kernel.

It seems you are referring to number of changes in drivers in the upstream kernel to imply on the availability of the drivers outside of it. Which makes no sense to me.

10
0

Windows 10 Anniversary Update is borking boxen everywhere

Bronek Kozicki
Silver badge

Re: I tried edge after the update and it went direct to malware.

Have one upvote from me, but I think you would have more if you remembered to put in "Joke Alert" icon

3
0

My Microsoft Office 365 woes: Constant crashes, malware macros – and settings from Hell

Bronek Kozicki
Silver badge

Re: Thunderbird with Lightening

OK so I do have reasonably powerful hardware (what one would call "workstation range" rather than regular desktop PC, with two expensive Quadro GPUs and two Xeon CPUs) and it is running two "gaming class" Windows VMs at the same time, and a number of Linux VMs, and also relatively large ZFS filesystem for VMs to use (which is not relevant here). As for the software side, I am running libvirt 1.3.5 , qemu 2.6 , kernel 4.4.15 (vanilla flavour, i.e. no patches), all setup as instructed by Alex Williamson with OVMF. It is possible to use regular GeForce cards and some AMD models for GPU passthrough as well, however there are gotchas. I guess that might be stopping you, if you are unwilling to shell out for Quadro (or "hack" an old GeForce card) or find the right AMD model, most of them suffer from reset issues.

1
0
Bronek Kozicki
Silver badge

Re: Thunderbird with Lightening

@Trevor I am able to play Witcher 3 at max settings and butterry smooth, no issues at all. Are you sure you tried proper GPU passthrough?

1
0
Bronek Kozicki
Silver badge

Re: Thunderbird with Lightening

@Trevor maybe it's time to experiment again. I can share my experience if you want.

0
0
Bronek Kozicki
Silver badge

Re: Thunderbird with Lightening

if I do that, I can't play games.

Of course you can. Give Windows exclusive access to a GPU then all games will work, just like they do on bare metal. That's how I do it a home, look for "GPU passthrough". You will need modern Linux kernel and relatively recent version of qemu or Xen. Also not all GPUs work well and specifix CPU and motherboard features are required to support it (VT-d and IOMMU). Which is a bit of a bother, I agree.

6
1

Beer merger dwarfs EMC/Dell

Bronek Kozicki
Silver badge

Re: Awww...

Try Czech beer, they know how to make nice lagers.

2
0
Bronek Kozicki
Silver badge

I don't care

All are inferior lagers anyway, it does not matter whether under one roof or not.

2
0

Windows 10 still free, even the Anniversary Update, if you're crass

Bronek Kozicki
Silver badge

Re: Twisting in the wind

"Probably one that runs Linux or *BSD but that defeats the object a bit does it not?"

Not really. There are many use cases when it makes sense to use Windows on top of Linux. E.g. running some work-specific software that only works on Windows (e.g. a VPN to one's workplace ...) or gaming (with help of GPU passthrough). On the other hand, it not always makes sense to use GUI software on Linux, sometimes all one needs is bash (or zsh), in which case headless host and ssh from guest Windows to Linux host is all that's needed. Also for GUI software, there is always X-forwarding under ssh. This way Windows is "degenerated" to resource intensive shim, but so what? I would argue that some of windows managers on Linux are also resource intensive shims, the only difference being that they are open source (e.g. KDE) and do not require hypervisor to run.

3
0

ChakraCore gets Linux, OS X

Bronek Kozicki
Silver badge
Trollface

I'm alarmed

If they continue along these lines, I may eventually feel obliged to switch to Edge from both IE (closed source) and Chrome (ratting out)

0
1

Milk IN the teapot: Innovation or abomination?

Bronek Kozicki
Silver badge

Brilliant

A simple question about a method of making tea gathered some 180 comments in the space of 23 hours. That's what I like about El Reg! BTW milk in the teapot is very bad idea, especially for those few who like their tea black.

2
0

Windows 10 Pro Anniversary Update tweaked to stop you disabling app promos

Bronek Kozicki
Silver badge

Re: Microsoft apologists?

Well, I do use Windows, a lot. In a virtual machine. Running on Linux. I try to set it so that all the important software (e.g. filesystem with all the important files, file server, dlna, email server etc) runs on Linux, and "lipstick on pig" kind of software is on Windows, which is pretty but cannot be trusted.

But to try to explain what Microsoft is doing? That's beyond me. I guess they just do not like their users anymore, and I find that honesty refreshing. Well there I said it, my best attempt at explaining how wonderful it is :)

3
0
Bronek Kozicki
Silver badge

Re: I'm looking for a new laptop

You can buy this Lenovo model 20DK002EUK at scan.co.uk , at what I recon is less than ~60% of the original recommended price. It is last year top model with Core i7 5600, 8GB RAM, 256GB SSD and 12" touch screen with HD resolution and wacom pen; bought it recently for wife and it is very very nice, small text on screen aside (but that's Windows problem). It comes with Windows 7, of course nothing stops you from making it dual boot or replacing it entirely with Linux. Or upgrading to Windows 10, but I guess that's not your preference :D

4
0
Bronek Kozicki
Silver badge
Coat

I know this is beside the point ...

.... but you could always install Start10 for your users, to replace builtin start menu. Start10 supports GP, you can download adm templates from vendor website, it is very cheap and is way better than builtin start menu anyway.

Well of course, I do know that next month Microsoft will damage something else in Pro edition, making Windows 10 even worse for those who do not want, or cannot, switch to Enterprise of Education edition. See title ...

2
0

It's time for a discussion about malvertising

Bronek Kozicki
Silver badge

Re: We can't tell them how much they should be paid..

The figure which Trevor suggested was per month. I feel it bit too generous, as I currently pay roughly ~10GBP for each of my subscriptions/month . Anyway it very much depends how many subscribers the publication will have.

0
0
Bronek Kozicki
Silver badge

Re: Agreed

+1 (I think upvote is not explicit enough)

and I would pay premium to have it delivered to my Kindle over nigh, like other subscriptions I have. But even without this, I would pay to read El Reg on the web

6
0

Cortana expelled from Windows 10's new school editions

Bronek Kozicki
Silver badge

There are things I like to have "just in case", e.g.a set of sharp kitchen knives or assorted but modern cables and computer parts, but access to Windows store is not one of them.

13
1
Bronek Kozicki
Silver badge

Cortana disabled, Windows store disabled - perfect. That's Windows 10 version for me!

17
1

Why Agile is like flossing and regular sex

Bronek Kozicki
Silver badge
Paris Hilton

Re: Just one side

"knowing what you want before you start" is also pre-requisite for agile development. It ls usually called "use cases", the difference from formal specification in waterfall is that it focuses on "what it needs to deliver" rather than "what the design should look like". I find that the focus on the former (as opposed to the latter) tends to drive projects such that they often meet users' needs, not sure know why ...

2
1

BlackBerry snips Alcatel label off a midrange biz 'Droid, sells it for $299

Bronek Kozicki
Silver badge
Joke

Re: Hmmm

I would take it, because a mobile charger worth £55 must be truly exceptional. It surely supports wireless charging in both standards, cleans the house, makes good coffee, washing and bl... never mind.

1
0

Citrix's GoTo goes to LogMeIn in $2bn merger

Bronek Kozicki
Silver badge

Re: GotoAssist

I don't know why, but this pattern feel familiar, must have seen it in books or what ... basically employ good recruitment for developers, but somehow end up with management which does not trust the developers to actually design and deliver any product. Eventually developers are fed up with not being allowed to actually deliver anything and leave, but the recruitment finds suitable replacement and the cycle continues, until the company runs out of money.

0
0
Bronek Kozicki
Silver badge
Paris Hilton

Re: LastPass and LogMeIn

I am looking to migrate away from lastpass but there is dearth of suitable candidates. Must support at least one browser plugin on Linux (firefox or chromium), must support client on Android which works without Google Play (so I can use it on my blackberry - native BB10 support would be even better) and must support self-hosted cloud storage so I no longer have to trust a third party. It appears most candidates 1) are hosted by vendor only or 2) do not support the front ends I need. Ideas?

0
0

Diablo conjures up hell of a DIMM: 128GB NAND pretend-RAM summoned

Bronek Kozicki
Silver badge
Joke

Wait ...

... is that a microSDXC card reader at the top of the radiator?

2
0

Next month's Firefox 48 is looking Rusty – and that's a very good thing

Bronek Kozicki
Silver badge

Re: Just a question: C++ loved by the pros, hated by the fakers.

I chose option d) design the car to make it more difficult to forget to tighten the lungs, which is not on the list. That's what new language design is about - to enable more robust software design, i.e. one where bugs stand out more, and correct programs easier to write than incorrect ones. This could be based on statistical observations (e.g. multithreaded programs usually work better if data passed between threads are immutable), or other collective experience of language designers.

0
0

Forums