1118 posts • joined 6 Sep 2007
I imagine this dialog:
Cameron: amateurs ...
it's all hot air
Hm, picocells .... can those work with SIP?
Now I want SIP phone gateway which would be also 2G picocell for my home, to make my SIP numbers available on my mobile when I'm at home and allow me to make (cheap) SIP calls automatically from my mobile. Because, honestly, SIP handsets rather crappy.
Re: Do we need more original research into proprietary hardware?
These guys are planning to disrupt the market, before declining hardware curve drives them into the ground. This is good plan. Also, software has a tendency to expand to fill all available hardware, while occasionally delivering new important technology - so it is actually worth inventing new hardware to allow these new software technologies to be invented.
For example: massive parallelism still hasn't found good software solution, because existing model based on critical sections does not scale with program design (it forces tight coupling), while transactional memory might scale, but is inefficient due to poor hardware support.
This one is on me.
It took all my willpower not to downvote you, but the weird thing is - I do not know where did that came from.
Should I believe in human-induced global downvoting trend? What if some disaster happens before it's too late?
So many questions ... thus icon.
Re: it's a step backwards
You got it backwards. It also does not help that one has to pivot the tables to actually compare anything. Here is handy table:
Model 1500 Pro, M2: active 140mW, idle 55mW, sleep 0.2mW
Model 2500 Pro, M2: same as above
Model 1500 Pro, 2.5": active 195mW, idle 125mW, sleep 5mW
Model 2500 Pro, 2.5": active 165mW, idle 55mW, sleep 5mW
You are welcome.
Hah, the math makes sense, so my "arguable" turns into "definitely wrong". Thanks for proving it!
Re: Password Managers?
Wasn't there a post the other day stating that they were also insecure and open to hacking?
They are IMHO, a single point of failure.
Yes, there was. Useful research but in case of LastPass , it's a FUD. The problems discovered have been fixed last year.
Although of course, it is risky to put all eggs in one basket, and I'd love to have something better to replace all these passwords. For now though, password manager used in a correct manner seems to be the best solution.
Re: Password Entropy
There are two problems with this 1. plenty of password fields have an unreasonably short limit on a number of characters in a password, thus preventing use of a reasonably long passphrase 2. it is arguable whether a passphrase (build from dictionary words) actually has large entropy, since it can be brute cracked simply in (dictionary size * variations)^(small N) tries, rather than characters^(large N)
For goodness sake, use icons as appropriate. I was thinking "joke alert", but changed my mind ... because your comment might very well be spot-on.
... I might be tempted to filter IP traffic at home, but under following conditions:
* I own the box which does the filtering
* I decide what is being filtered
* I decide which of my home computers are affected by the filtering and which are not
* The box supports both IPv4 and IPv6
Anything else - f* off, it's my network and I decide what enters it.
Re: Please tell me I'm wrong...
Speaking about contract law, you might have spotted phrase similar to the following in contracts "if any clause of this contract is found to contravene local laws or be unenforceable, only such clause will be deemed void, while the remaining clauses of the contract will remain valid and binding", or to such effect. This is to prevent the whole of the contract becoming invalid if any of its clauses is found illegal. How does it happen that some clauses are deemed to contravene local laws? Because laws were made to protect citizens, for example by making it illegal to sell your body parts. Such laws are made by lawmakers, subject to government initiatives.
Now, if a company was to make a business model as an "agent for direct acquisition from donors and selling of human body parts for transplants", any contracts signed under such business model would be deemed invalid. Now, imagine what happens if companies are given the right to sue lawmakers for a reason that laws are hurting their profits. This means that companies can now shape the laws in their favour in order to maximize the profit, and this also means that they can legally force lawmakers to remove such laws which make the above mentioned business model illegal and invalid!
Welcome to the world where companies can force governments to remove laws which protect citizens, if such laws happen to hurt profits.
Re: What is cruft, what is security, and can the LibreSSL programmers tell the difference?
It's been "fixed", by seeding RNG with your private keys. Thank you for such "fix", I'd rather not see something like this in a program I am using. Especially since OpenSSL is unable to provide a guarantee or verify that RNG subsystem is indeed trustworthy one and won't steal your private keys.
Remember, no library can fix security flaws of the underlying operating systems - at best it can work around them. If you want an illusion of security by deploying ever more elaborate workarounds that's your problem, but I'd rather leave it to people who know about security more than you do (or OpenSSL team does).
Re: Code size
No, they wouldn't. Code size is not the only thing that matters - coupling is the same, if not more important. Think of it as the possible number of permutations in a group of elements (elements being design artifacts, ie. functions in C language). In a design with qualities of a hairball (anything connects to anything), the number of possible permutations can be huge, despite the total number of lines "merely" going into many thousands (below million). In order to understand it, you need to read it all and then build mental model of everything there is. That makes for very high barrier to entry.
The purpose of good software design (each language provides own design tools for this, in case of C that would be private headers, static functions etc.) is to control and lower the number of possible connections, thus lowering the overall complexity and the cost of reading and contributing code - despite total code size remaining roughly the same, or perhaps even slightly larger (depending on design tools used).
Of course, LibreSSL didn't set to increase the codebase with design artifacts. They set to remove all dead code first, which obviously is a very good way to start such a project. They are also limited by public API of OpenSSL which makes lots of private functionality available to users unnecessarily. But they are to a good start and I wish them well, enough to setup monthly donation.
massive rock, you say? Something's wrong with my eyes, I read that word differently first time
I think this is the most interesting bit here - they are going to support containers (i.e. kind-of virtual machines) running inside actual Linux virtual machines running on top of Windows.
the question is ...
will it work with IPv6 ?
Re: Very unclear
rm "Important File.ows" "shellscript.sh" "My \"Expenses\".ods" "-rf"
When writing C (or C++) program parsing parameters like the above, you will find that the last parameter "-rf" was passed by shell to your program without surrounding quotes. Thus this gained nothing :(
Of course you might be advocating that quotes surrounding parameters should be passed to program (also when put explicitly by the user) but I'm not certain that this is good idea. For one, how do you pass a filename starting with quotes to your program and make it understand that these quotes are part of the filename, not a decoration?
It is up to program to decide what is filename and what is option.
Re: Very unclear
The problem is parsing of filenames by traditional unix utilities, since "everybody" knows that if a filename starts with dash (i.e. - ) then programs will parse it as if it was an option. That's why some programs support -- after which everything will be interpreted as filename, even if it "looks" like an option.
As for actual vulnerability .... well if you are running shell scripts as root and these use globbing, and it never occurred to you that users might have files starting with a dash ... now it time to start checking these scripts.
Re: positively surprising
I tried to use OpenSSL in my own home project, and like everyone doing it I had to read some parts of the code, because it is very poorly documented. If you do C or C++ programming for a living, reading this code will yield a stream of "WTF" because the code quality is really, really bad. I do not remember much detail, but my impression at the time coincides with what you can read on OpenSSL Valhalla Rampage now. Tons of dead code, even more useless macros, plenty of unintuitive functions incorrectly replicating functionality of C library, support for long dead platforms, everything done on unsafe pointers with fancy allocators etc. Above all, I was really bewildered that this seemed to work. Didn't have time to dig deeper beyond making my project to use it in somehow correct manner.
This is surprising news and I hope they sincerely mean what they write. If indeed OpenSSL sticks to the plan to remove dead code and cleanup the rest, and also to improve its processes and response times, it would be great. In fact, that is exactly what the project needs
However I would not expect publication of a timeline any time soon. I do not think it is possible to tell how long it would take to clean up the mess that the code is right now, without spending significant time studying all the dark corners there are. Which is fine - take your time, but do it right.
OpenSSL demonstrated to the world that they take the critique seriously, now they need to demonstrate that they know what they are doing. Which means hard work and is good use for the money pledged to the project so far.
condolences to family and friends.
Re: Own goal!
.... my email is not arriving today either, but I would not connect this with Microsoft.
Re: No E-Voting cannot be democratic
on the other hand, if voting was to be performed at the pooling station but replacing paper vote with computer terminal, it would certainly speed up vote counting. At the expense of making it vulnerable to vote manipulation in which case proof such as this might be helpful.
as much as I hate EU
... I must admit that its competition commission seem to be actually doing useful job. Hope they show some teeth this time!
(no text here)
well, all right
so what they tested basically was that in the presence of strong relativistic field (black hole, for example), wave function of a quanta can be replicated, without it collapsing first.
Re: Alternate control method.
Ah yes, there is distinct lack of bearings around the axle mounting the wing. However, given the temperature in which this has to function (some -60 Celsius) I am not sure that this is a bad thing. Low temperature grease is the most important thing here, and forcing it inside bearings (to avoid any trace of water which would freeze) might be difficult.
Re: "Bad gas ... Artist's impression of a black hole"
Black holes are very messy eaters, some 40% material escapes it, and it is this escaping matter which is illustrated. Wikipedia article shows impression on a black hole in empty space (and very close, too), but this is not the the case here.
wish them all the best
I have private BB with keyboard and it's really great device for emails and messaging. I feels little long in tooth now, but I just do not want to switch to touch-only devices. Q10 missed some features and I hope they can fix it.
Also, I really hope that BB will continue to develop and support this great real-time and POSIX compatible OS which is QNX. But to do that, they need to survive.
well, that is exactly what Apple PR will say:
With the new and revolutionary soldered memory chips, we give our users guarantee that no bad memory modules can be installed in the machine, first time in the history of IT industry
Re: Im in.
Ah, right. Overdrafts (and any other kind of lending for account owners). That's one thing such a bank wouldn't have.
This is obviously competitive disadvantage, but would it scare customers away? Perhaps not. The difference between such a bank and teapot is that you actually cannot rob a bank which keeps all the money at the central bank. I guess that someone might like this extra security.
This implies that if you put something on the internet but do not make it available to everyone, using all the appropriate protocols like unauthenticated http, DNS name under official root, easy to parse by search engines HTML format and no robots.txt , that makes you some part of the "internet underground".
Well I wish everyone was part of this "underground", it is high time we learned how to use the web without exposing everything to everyone.
If you dig deep enough, you may find some coal. Is that why you are doing this?
.... says a lot about confidence Musk has in Tesla technology. By contrast, it also says how insecure other large companies feel about their products.
The one with apple in the pocket, please.
Re: AMOLED screen ?
According to Wikipedia page, Nexus 10 has LCD screen. Now, look at AMOLED stated in bold letters above ...
AMOLED screen ?
10.5 inch with resolution 2560x1600? I think that's first, in this price bracket. I wonder how bright the screen is, when viewed in full sun.
I upvoted John Smith on the basis that remaining "0.03% weakness" of the protocols has no technological basis, but sociological one. No matter how perfect your technology is, if someone with court order turns at your door, you have no choice but to cooperate. Of course ideally you should have no technological means for this, but in reality more than few protocols are built on trust (which can be subverted). Should these protocols be redesigned? Yes of course. Is this achievable goal? Not in 100% ...
I can imagine this happening to clients:
Boy asks his girlfriend: hand me my phone, will you?
Some time later after breakup: I've got all your contacts copied to my phone and will stalk you forever
Unless of course they make it secure, because we all know that technology companies have security of their users always in the first place, right?
Re: Then why doesn't Microsoft use 169.254.0.0/16?
There, I fixed it for you - see icon.
Re: Expected response from Microsoft minions Dell and The Register.
Absolutely agree. One just cannot reconcile aggressive timeline against effort required to write a new OS. It does not compute and leaves everyone pretty confused.
Unless the idea is to make a new OS under GPL and heavily borrow from Linux (or perhaps more liberal BSD, like Apple did). That would be very interesting and might just make the deadlines (only slightly pushed back, by just few years).
Re: Truth hurts
IF there is a new open source OS then the odds of it surviving are pretty high. None of the above are open source, but look at Haiku (I didn't say "... and prosper").
Thanks for explanation - I can see that RAID6+ is really misnomer here ..
Re: A new RAID level that scales redundancy...
I like what you are saying, but there is one RAID schema where redundancy keeps up with the number of drives added. Unfortunately it's also the most expensive of them all, it's called RAID10. I'd preferred if they developed what you call "RAID 7".
However, the more interesting thing here is that by coupling HDD redundancy logic with the filesystem they repeated what ZFS does and to a good effect, i.e. much shorter rebuild times. The rebuild time is when your data is most vulnerable, so making it shorter also helps.
Also, if this trend is followed then perhaps live snapshots, checksums and self-healing will be too. I hope I live long enough to see these in general purpose consumer hardware - delivered and enabled by default.
Re: Why Not
... because Microsoft headquarters are in US. Thus anything presented under US law may be binding to the company as a whole.
Re: A Win Win solution!
In a way, there is "backward compatible solution". It is called "dual IP stack".
Re: As someone who has been around HP a lot over the years
I hope too.
If they can build nonvolatile memory with pico-seconds latency, they will also have to reinvent CPUs because disproportionate majority of die space is currently sacrificed to dealing with latency (all 3 level caches, multiple pipelines, cache synchronization protocols etc). Luckily there was a time when processors speeds were bottleneck, not memory (fond memories of Z80 ...) so the knowledge is there, somewhere.
Also for an operating system to make the optimal use of this new speed, it would have to be written specifically to optimize for low CPU utilisation (because this is where bottleneck will be once again) rather than for cache-friendly memory accesses. For (what we currently call) modern software, this is actually large change in direction. Given the very ambitious plan I hope they won't write a whole new OS from scratch, and will rather improve Linux. For the same reason, I pray they do not abort this project prematurely.
Which they will be tempted to do, since planned delivery dates seem a little unrealistic to me.
My suggestion to Google
Do not pay taxes in any developed economy. If they have temerity ask you to, "threaten" to move all your engineering to Somalia. And headquarters too.
See how seriously this argument will be taken.
- ASTEROID'S SHOCK DINO-KILLING SPREE just bad luck - boffins
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great