* Posts by Bronek Kozicki

1265 posts • joined 6 Sep 2007

Page:

Bloke faces 25 years in the cooler for upsetting Thai king on Facebook

Bronek Kozicki
Bronze badge

Re: Warning to The Register

Well, tough on you then I'm afraid. You may need to find other ways of reading The Register, I heard Tor Browser is gaining in popularity.

I am very much in doubt The Register would stoop to censoring its comments section (or actual articles), especially for sake of some backwater dictatorship.

5
0

Belgium to the rescue as UK consumers freeze after BST blunder

Bronek Kozicki
Bronze badge

Re: GMT/BST and working with Americans

@VP that is exactly where one extra hour came from (time difference to UK was 4hrs instead of the usual 5hrs).

3
0

In-depth: Supermicro's youngest Twin is a real silent ice maiden

Bronek Kozicki
Bronze badge

Re: Supermicro

Many SuperMicro boards have LSI chip onboard (usually 2308), with a choice of firmware either HBA or RAID. Depending on motherboard you will have different sockets for those extra drives. Allows for nice SAS RAID solution without hassle of extra card.

0
0
Bronek Kozicki
Bronze badge

Re: Deduplication?

Right. I am well aware of RAM requirements of ZFS deduplication which is why I'm not using it and not recommending it. With this out of the way, lets talk about SLOG.

As mandated by POSIX, ZFS will by default complete all synchronous (as requested by caller) writes before returning to caller. Also, any metadata changes in ZFS are performed synchronously. Many filesystems use journal for this purpose, ZFS uses ZIL, i.e. ZFS Intent Log which is either carved from storage space of your volume, or placed on dedicated volume depending on 1) presence of "log" device 2) option logbias . Also, ZIL can be explicitly disabled (thus making filesystem behaviour for synchronous writes non-compliant with POSIX)

Now, assuming that ZFS setup has not been "optimized" either by "logbias=throughput" or "sync=disabled", there is big benefit from having dedicated log device with low latency, because that allows all synchronous writes to complete after intent has been written to such dedicated device (as opposed to writing to data volume with large latency). Looking at latency figures, ZeusRAM is up to 0.023ms and Intel P3700 is around 0.02ms (however, ZeusRAM capacity is only 8GB and P3700 starts at 400GB - which leaves lots of space for other purposes such as L2ARC, however we do not know max latency of P3700 only average). This number should be compared against latency of spinning rust storage (or whatever is used for main data volume) which typically would be somewhere between 2ms - 12ms depending on specific HDD in use. This means that synchronous writes would complete much, much faster if dedicated log device such as ZeusRAM or Intel P3700 was used. Normally this could significantly boost IOPS number.

However, what we do not know is whether 1) Maxta does actually use synchronous writes 2) its underlying ZFS ZOLVs are not "optimized" to avoid using ZIL. It would be interesting to learn this.

0
0
Bronek Kozicki
Bronze badge

Re: Deduplication?

You mean, ZVOLs? They can make good use of both SLOG and L2ARC as well.

0
0
Bronek Kozicki
Bronze badge

Deduplication?

I guess that's ZFS running there? If so, one upgrade I can recommend is small(ish) Intel P3700 for both SLOG device and L2ARC. I'm pretty sure that will push IOPS bit higher (I'm using such setup, but without dedup)

0
0

Chipzilla spawns 60-core, six-teraflop Xeon Phi MONSTER CHIP

Bronek Kozicki
Bronze badge

Re: Memory

Nah, many computational real-time tasks require lots of CPU power and parallelize well, but do not use much memory at all. I guess if I was to use such a machine, 16GB of near RAM would suffice for most purposes (except for file buffers of course)

0
0
Bronek Kozicki
Bronze badge

Re: The Platform

It's new to me too, but I like breath of the articles there. Only had time to read one on Xeon Phi which could be said to be remotely related to work (need to always have long-term strategy, right?)

0
0

All the flash world needs is more TLC, suggests report

Bronek Kozicki
Bronze badge

Re: Let's hope they fix the data degradation problem

Also, checksums in filesystem will not speed up reads of degraded memory cell. Either the read will fail completely, possibly after long wait (in which case checksum + redundancy will aid the filesystem in transparently recovering the data), or it will take a long time because underlying hardware will need this much time to read all cells reliably.

0
0

European Space Agency demos MARS LANDINGS BY DRONE

Bronek Kozicki
Bronze badge
Boffin

small issue of air density

This experiment is not going to deliver most robust results, as far as drone flight is concerned. They would have to repeat it under atmospheric conditions similar to Mars - that is air pressure 0.6% of Earth's at sea level. It will be very challenging to generate enough lift from reasonably sized rotary wing aircraft (e.g. drone) in such conditions.

My guess is that they were actually testing dropping rover on a surface using sky crane, not actual drone (to which rover was attached). It's just so much cheaper to use drone rather than rocket engines.

0
0

I see you have the gTLD that goes .ping!

Bronek Kozicki
Bronze badge

Wait, ".int" ? What does that stand for?

1
0

BT Home Hub SIP backdoor blunder blamed for VoIP fraud

Bronek Kozicki
Bronze badge

Re: Whats the point of home SIP anyway?

"guarantee 24/7 uptime for emergency" none will guarantee that. Your old POTS line also does not come with a guarantee either (even though most people assume that it does). That's what you want multiple phone connections for (mobiles do count). However I can recommend a good ISP for you, see my other posts.

1
0
Bronek Kozicki
Bronze badge

Re: Whats the point of home SIP anyway?

@AC I suggest you change your ISP. Seriously, you obviously never had a good one.

1
1
Bronek Kozicki
Bronze badge

Re: Whats the point of home SIP anyway?

I too would assume that "block all ports" means just that. The argument that it needs to be opened for the service to work is not a valid one in my view, because in that case the person doing so would at least be aware that they had opened a port, and could consider the implications.

Yes obviously you are right, it is person setting up SIP who would open this port, and only to certain IPs. SIP setup is well documented, I for one used http://wiki.aa.net.uk, because that is also my SIP provider (in addition to being my ISP).

It is BT fault that there seem to be no way to properly close ports on their modem, and SIP is just a background here really - they seem to have done the same with SNMP , for f*** sake!

1
0
Bronek Kozicki
Bronze badge

Re: I wonder what other ports are open on the Home Hub ?

Please to let us know if 161 is open on yours, too

0
0
Bronek Kozicki
Bronze badge

Re: A few at fault here

You pose valid question here, however please note that setting up SIP behind NAT is tricky enough as is, and it is actually valid to assume that if the firewall says that all access from outside is closed, then inbound communication is only allowed as a result of stateful NAT taking place inside the firewall. The "ASSUME" is the naiive part, but it's not actually as bad as you seem to make it.

3
1
Bronek Kozicki
Bronze badge

Oh my ... that's SNMP.

It would seem that BT consistently prioritises support cost over security of users. That's not very good, but the silver lining here is that, perhaps, a small company of solicitors can convince BT to change its ways.

2
0
Bronek Kozicki
Bronze badge

Re: Whats the point of home SIP anyway?

I have home SIP, the reason is that I gave up BT phone line after I got fed up with daily cold calls from various scammers (insurance etc.). After the experience I decided that I need not a one number, but a whole range of numbers, of which one number will go to close friends and family and others to various other places. After the move I quite liked the experience and also, for many international calls I make (both Europe and US) the call quality turned out to be much better than BT, and also significantly cheaper - an order of magnitude or so.

At this moment, to me the question is not "why would home user want SIP" - it is "why not want it", with one possible answer "lack of skills and motivation to learn". Which is pretty lame on ElReg, I think you will agree.

2
0
Bronek Kozicki
Bronze badge

Re: A few at fault here

Downvote from me, because 5060 only needs to be open to certain IP address(es), owned by your SIP provider (in this case Voipfone). Which would be enough to protect from intrusion.

You would know it if you have ever setup a VoIP base station, but I suspect you never did.

6
1
Bronek Kozicki
Bronze badge

@AC Right, in a way you are right.

If you buy vegetarian food, then you do not get certain proteins of animal origin as well. However you might have missed the point that some people do buy vegetarian food exactly for the reason that they only want proteins of non-animal origin.

Similarly, someone might want to disable all incoming traffic exactly for reason of preventing their IP PBX being hacked, and then add an extra rule to open port 5060 to only IP address(es) specified by their own SIP provider. At least that's what I do and I imagine that's common sense. Why would anyone want to open 5060 to everyone I do not quite understand (*), and why would a firewall insist to keep it open despite configured to keep it closed is ... well, that's pretty severe and I do hope that BT receives kicking for this one.

*) one theory being that one might want to use direct RTP communication with the world, but that's not actually very convenient given exposure to cold calls from everywhere and from all time zones (security aspect aside!)

1
1

HUGE Aussie asteroid impact sent TREMORS towards the EARTH'S CORE

Bronek Kozicki
Bronze badge

Re: Silly question .... how old is the moon?

I thought about this, too. But then it occurred to me that Moon would have been formed over 4 billions years ago, when Earth did not even had (much of) crust. It must have been all pretty fluid at the time, which is exactly what allowed the Moon to form into a nice round shape - and Earth not to lose its round shape, too.

0
0

AT&T, Verizon and telco pals file lawsuit to KILL net neutrality FOREVER

Bronek Kozicki
Bronze badge
Paris Hilton

I wonder

... will this court action hit Verizon back, again? I mean, it is remotely possible that the court will rule that, for one reason or another, the rules need to be amended to include more regulation, not less. For example, local loop unbundling.

That would be funny. (in lieu of dreamer icon)

11
1

Complaints against ISPs and mobe firms are up by a fifth — reports

Bronek Kozicki
Bronze badge

ZEN

I was with Zen. They are not bad, but when faced with occasionally very noisy line they won't be able to fix it - you are on your own. Or, you can move to AAISP who know their stuff - including how to make BT fix the line. One downside - they cost more. And the upside - they are xkcd/806 compliant. Really, I tested.

4
0

Fanbois: We paid $2000 for full satisfaction but now we have SPREADING STAINS

Bronek Kozicki
Bronze badge

Re: Feh...

@Mage of course you are right, but you missed a sentence. Let me finish it for you:

Laptop over £1000 gives you a nice shiny toy, not a serious content creation tool 12 hours day.

1
0
Bronek Kozicki
Bronze badge
Coat

interesting problem

If I bought a monitor from reputable vendor (NEC, for example) I would expect my complaint regarding picture quality to be taken seriously and covered by the guarantee. I very much doubt NEC or other serious monitor vendor would claim that permament stains in the active portion of the monitor are "cosmetic damage".

And yet Apple claims that these are cosmetic damage and thus are not covered by the guarantee - even when in the middle of the screen. Even more interestingly, the product is marketed and sold on the basis of its looks. When the looks are gone, what remains?

That is one to watch, I will grab my popcorn.

43
0

Apple boots Windows 7 out of Boot Camp

Bronek Kozicki
Bronze badge

I thought Windows 7 is not compatible with pure EFI mode, it seems to require INT10 which is only available through CSM. At least, that's what I found on https://technet.microsoft.com/en-us/library/hh824898.aspx although I do not insist that my interpretation is correct.

I guess the deal is that Apple does not want to support CSM any more, which would be required to install Windows 7. Not that I care, I run my Windows as virtual machines on "oversized" PC where hypervisor is Linux kvm.

1
0

Apple's portable power podule patent promises paroxysms of fanboi joy

Bronek Kozicki
Bronze badge
Joke

why would anyone bother with separate device?

My phone's battery live already extends in days, why would this be needed?

... ooh, it is specifically for Apple phones and I do not have an Apple. Duh, silly me.

6
4

A day may come when flash memory is USELESS. But today is not that day

Bronek Kozicki
Bronze badge

why no mention of Everspin?

they seem to have actual working MRAM, used by LSI and Dell. Unless it is no longer used or for some other reason "does not count" ?

0
0

OpenSSL preps fix for mystery high severity hole

Bronek Kozicki
Bronze badge

Re: "has to be written in C"

Even though C is not my favourite language, I refuse to bash it on the basis of "being old" or ill-suited or something. Its strength is simplicity of design, and while personally I like (or even, demand) more refined languages to manage coupling and complexity of my own software projects, I am full of awe to those who manage to make very complex projects without such language features, in C. Linux kernel and GCC are two examples of such projects.

OpenSSL? Not so much, it was borked from the very beginning by the attitude of its developers "lets keep all features and platforms in, ignore all the standards and instead code all basic platform features ourself, no matter how irrelevant or possibly harmful it could be in the future" - but this has nothing to do with language and everything to do with culture. While each language comes with its own culture (set of idioms, support for certain design paradigms, approach to software design etc) there is nothing in C that would dictate such broken design - quite the opposite, actually. It's simple language that can be best characterised as "more elegant weapon for a more civilized age" but, like any weapon, it can be misused.

16
0

On-prem storage peeps. Come here. It's time for real talk. About Google

Bronek Kozicki
Bronze badge

Re: "Look, guys and gals,"

f) Hosting company is entirely EU based as well (not the same as data centre - look at US government requests directed at Microsoft data centre in Ireland)

0
0

Look, no handsets: How to do telephony without a phone

Bronek Kozicki
Bronze badge
Coat

SIP made small and easy

I also have "cordless Panasonic that talks to a base station via the DECT protocol, and thence ..." except that this base station TGP500 connects to my service provider's SIP server and is capable of handling 3 calls concurrently, registering 8 SIP numbers and 6 DECT handsets in the household. And, given all these capabilities, it is actually very small, cheerful and cheap unit (if bought with one handset only). It is only using standard SIP protocols. I also have not 1 phone number for people to call me, but many more - so my family and friends can call different number than various bureaucrats or work colleagues. And thanks to support for wideband VoIP protocols and ability to attach a headset using standard 2.5mm port, the call quality is really really good - it's actually my preferred way of making phone calls, especially overseas (because it's so cheap)

The only "gotcha" is that, like all VoIP communication, it requires good internet connection and works best on public IP address (as opposed to NAT). But then, both of those are not much of a problem for me, since I'm a lucky customer of AAISP :) Feeling smug, who, me?

1
0

A gold MacBook with just ONE USB port? Apple, you're DRUNK

Bronek Kozicki
Bronze badge
Coat

Re: Not unprecedented.

I think you will agree that removal of a power port is unprecedented.

Mine is the one with pockets full of adapter cables.

7
2

Ouch! Google crocks capacitors and deviates DRAM to root Linux

Bronek Kozicki
Bronze badge

Re: ECC is not enough

In Linux it's possible (and often used) to force system panic on uncorrectable memory error (called UE). EDAC module option for this is "edac_core.edac_mc_panic_on_ue=1" (copied from my own /proc/cmdline)

In order to perform such an attack against ECC memory, an attacker would have to flip multiple specific bits in ECC-guarded module at the same time and this, I think, can only be performed by a Maxwell demon - not by a program written by a human. In case when only single bit is flipped, it will be transparently corrected, and in case if "wrong" combination of multiple bits are flipped at the same time (which in itself seems nearly impossible) the system will encounter UE. Which will fail memory request - I guess that's SIGBUS to crash the process or, if option above is set, instant system reset. Admittedly a program may ignore SIGBUS (and go to exploit the system instead), but it may not prevent system panic.

So yeah, unless you know a well trained Maxwell demon, I would say that ECC is enough.

7
0
Bronek Kozicki
Bronze badge

Re: It is just an elevation

No. The goal of the exploit is to bypass process segregation, but the means is to repeatedly alter memory in physical neighbourhood of the memory region describing virtual memory address space of the attackers process own memory. Since the specifics of this memory region is defined by the CPU hardware, it might, or might not, be possible to move it away. It's a good question actually.

EDIT: imagine you are holding a key to a cage with one hand, and the attacker who is sitting in that cage (locked, i.e. virtual address space of a process) is repeatedly asking you to hand him something with the other hand (i.e. you are serving memory requests). The chances are that after Nth attempt (a very high number) you will be so distracted, that you hand him the key instead, with which the attacker is able to open his own cage. This being rather poor analogy, but the point stands that attack is based on a possible side effect (you being distracted, i.e. missing DRAM refresh) of a flaw in certain implementation of DRAM.

6
0
Bronek Kozicki
Bronze badge

I guess the difference is DRAM refresh rate. High refresh rate means higher power utilisation to keep RAM powered up. This is insignificant for a desktop PC with AC power attached, but significant for a laptop.

2
0

Linux kernel devs adopt Bill and Ted's excellent code of conduct

Bronek Kozicki
Bronze badge

it's worth noting

... that Linus holds himself to high standards as well, not just criticizes others' people patches. For example, this message posted 3 days ago on LKML:

So my patch was obviously wrong, and I should feel bad for suggesting it. I'm a moron, and my expectations that "pte_modify()" would just take the accessed bit from the vm_page_prot field was stupid and wrong.

Mel's patch is the right thing to do.

Linus

26
0

Apple Watch: HOT WRIST ACTION plus slim $1299 MacBooks - and HBO TV

Bronek Kozicki
Bronze badge

hahahaha

Apple released a new laptop. It's gold. And it has only one (sic!) USB connector. The type of which is not implemented on any device yet.

To me, this is Best Joke Ever. But I have a feeling that Apple is being serious!

7
4

Oi. APPLE fanboi! You with the $10k and pocket on fire! Fancy a WATCH?

Bronek Kozicki
Bronze badge

Re: Resale Value - not a lot

@ElReg, please nominate this "Men wear watches for 2 reasons ...." to comments of the week. Or failing that, give us the right to double upvote :)

2
0

Pebble Time Steel ready in May. Plus: Now you can strap on sensors, GPS ... Geiger counter

Bronek Kozicki
Bronze badge

Re: Not impressed with the greed.

Cheap loan.

Not so cheap, it comes with fixed one-time cost 5% (for kickstarter). Surely, it's competitive rate but given they need it for half a year, at most? I wouldn't call it cheap.

0
0
Bronek Kozicki
Bronze badge

Re: "We apologize, but it looks like something's gone wrong"

Just placed my order pledge, Kickstarted is back to its snappy self now.

0
0
Bronek Kozicki
Bronze badge

Re: "We apologize, but it looks like something's gone wrong"

exactly the same problem; can only conclude that kickstarted has been slashdotted ;)

0
0

Grab your pitchforks: Ubuntu to switch to systemd on Monday

Bronek Kozicki
Bronze badge
Unhappy

oh well

I use both, not-so-new Debian without systemd and Arch with systemd. I like both, can't really say much bad about systemd (well, binary logs are one thing ...).

The trouble I have with systemd, is that finding and installing a distribution without it is becoming more and more difficult. Given that Debian is a root project for quite a few distributions, this has become even harder.

But then, I knew it was coming, which is why I'm sending money to devuan.

13
0

Microsoft comes right out and says backup software is dead

Bronek Kozicki
Bronze badge

there are two ways

... to interpret Microsoft's projections:

1. your data is not stored at your location, instead it is "in the cloud" and you either have to access it online, or refer to locally synchronized offline copy. Well, that works with phones.

2. your data is stored at your location and you maintain synchronized backup "in the cloud". Again, how fast is upload speed of average customer?

IMO, both are as naiive as assumption that people will not longer use keyboards or mouse, and the only UI that an operating system has to provide should be "touch friendly". We all know how well this assumption worked in Windows 8.

Microsoft - there must be some people there who realize this is total bollocks, just come off it.

6
1

VMware sued, accused of ripping off Linux kernel source code

Bronek Kozicki
Bronze badge

interesting

in particular, how are they going to prove that VMware's work does indeed contain part of Linux, without access to the source code?

1
0

FREAK show: Apple and Android SSL WIDE OPEN to snoopers

Bronek Kozicki
Bronze badge

Re: There is one use for EXPORT in OpenSSL though

hah good point - cannot check whether "hack my users, please" is disabled, without a tool to actually request this protocol.

1
0
Bronek Kozicki
Bronze badge
Mushroom

keyword: either

One thing that hit me was this "... and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204"

Basically, one of the decisions taken by OpenSSL developers was (and still is) "do not remove compatibility features", thus we can still see bits of code specifically for platforms such as VMS or Win16 - even though OpenSSL has not been tested on those for a very, very long time. It also implements full support for weak encryption such as RSA_EXPORT. Hilariously OpenSSL even implements certificate check to fail the connection if stronger encryption than 512bit was employed on RSA_EXPORT session (look for SSL_alert_type_string).

Why do I point it out? Because vulnerability to degrade connection to insecure RSA_EXPORT would not happen, if OpenSSL did not keep such insecure implementation in the first place. But of course, it would go against philosophy of key developers. Which is why alternative libraries such as LibreSSL are so important.

5
2

How does a global corporation switch to IP Voice?

Bronek Kozicki
Bronze badge

idea for another article

... how (and why) migrate home number from PSTN to SIP. Although honestly, that would be just setup instruction of base station or phone, and perhaps SIP server. However, positives (and negatives) for home user of such a move might be worth discussion.

1
0

CONFIRMED: Tiny Windows Server is on the way

Bronek Kozicki
Bronze badge

Re: Did no one else notice the trend

"install time utility to allow Intel binary to run on ARM"

why the heck would Microsoft want to do that? Microsoft provides compilers to build native ARM binaries, there is no need to run x86 binaries on ARM.

Given that Windows Server already runs on Intel Atom, next logical step could be making Windows Server (*small business and home office edition) available under ARM based NAS devices. Will they actually do that? No bloody idea, but it appears (to me) to have business sense.

3
0

Apple Pay a haven for 'rampant' credit card fraud, say experts

Bronek Kozicki
Bronze badge

Re: Yawn...

And how exactly that would protect you?

1
1

Nokia boss smashes net neutrality activists

Bronek Kozicki
Bronze badge
Unhappy

I'm very tempted ...

... to comment along the lines "sigh, another clueless moron"

However, not knowing what is it that FCC eventually voted, it's rather difficult to argue that technical reasons for packet prioritisation such as QoS remain lawful. Unless someone can back this up for me?

4
1

Page:

Forums