Feeds

* Posts by Bronek Kozicki

1153 posts • joined 6 Sep 2007

Page:

Upstart brags about cheaper-than-Amazon private cold data cloud

Bronek Kozicki
Bronze badge

interested

This might be just right as cold store for my backups. Two things I particularly like - low price and ZFS. However looking at the website, it does not seem they actually have anything on offer for individuals - the market specifically seem to be for "financial services, government, media, healthcare, pharmaceuticals, and data center services". Oh well, perhaps a data center service will pop up as a retail branch ... someday.

0
0

Adobe spies on readers: EVERY DRM page turn leaked to base over SSL

Bronek Kozicki
Bronze badge
Coat

Re: Thanks Adobe, problem solved

In honesty, they also solved another problem - now they are no longer spying on non-DRM books.

And if you read DRM ones .... well, you have other problems as well, not just Adobe spying on you.

Mine is the one with paper book in the pocket.

2
0

Entity Framework goes 'code first' as Microsoft pulls visual design tool

Bronek Kozicki
Bronze badge

No, XML does not work perfectly with source control, diff etc.

XML as a format suffers from tight internal coupling and low cohesion - because it's universal and low level tool, as compared to domain specific language (say, SQL). Meaning, you make a small change in one place (in whatever domain specific tool you are using) and it's reflected in dozens (if not many more) of places in resulting XML. This is what you will see in source control, diff etc - instead of the one change you actually made at the higher abstraction level. This approach does not lend itself very well to history inspection, merging and other operations you would normally use source control system for. Instead, you have to be extremely careful because merging of the most innocuous changes done concurrently by two developers is most likely not going to be an easy task.

This is also why it is preferable to work with text format of domain specific language (e.g. SQL in case of relational database design) rather than XML. Even though I dropped developing databases many years ago, I'm glad Microsoft has seen the light.

1
0

The future health of the internet comes down to ONE simple question…

Bronek Kozicki
Bronze badge

They should take an example from ISO

That is, international organization with members from every nation with interest in running of the organization. Yes, it would be very slow to change but how often do we need a new TLD policy? Also, subordination to US government is becoming global security problem.

9
0

OnePlus One cut-price Android phone on sale to all... for 1 HOUR

Bronek Kozicki
Bronze badge

Re: At cost?

Add labour cost - you have to pay for assembly. And manager wages. And director's salary. And pension contributions. And there is still this marketing guy who needs his salary.

0
0

UNIX greybeards threaten Debian fork over systemd plan

Bronek Kozicki
Bronze badge
Thumb Up

Re: Such hatred

If Unix has not just survived but also outlived every other operating system out there they might have got something right. And if there is one thing that defines Unix, that would be the "do just one thing, and do it very well" philosophy. Let's not fuck with that, shall we?

this +1

sorry, just had to post.

5
0

Hey Apple, we're gonna tailor Swift as open source – indie devs throw down gauntlet

Bronek Kozicki
Bronze badge

I like the idea of next-gen language too. And Apple would benefit from making it either open-source or standardized (or both). Here is how it might work: if a language is freely available and attractive for wide audience, it will be used. The more it's used, the more developers familiar with it. This last point would directly benefit Apple ecosystem.

Looking at Swift, it seems well designed - and it also has the benefit of supporting shebang script syntax, so it can be used more universally (if made universally available). If it could be also used for scripting of dynamic web pages that would be ideal, I cannot wait for something to replace this abomination called PHP.

2
0

In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust

Bronek Kozicki
Bronze badge
Paris Hilton

124 pages?

Seems like more than "a handful of rules"

1
0

Don't bother telling people if you lose their data, say Euro bods

Bronek Kozicki
Bronze badge

as long as

... encryption is really strong (and key is kept safe), I don't see (much of) a problem.

For all intent and purposes, losing heavily encrypted data is not different from losing any set of useless binary data. If businesses are not required to notify about the latter, then notification about the former would seem (a bit) superfluous to me.

The difficulty is in determining what constitutes strong encryption and safe key. Perhaps I ought to look at this regulation.

1
0

Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE

Bronek Kozicki
Bronze badge

Re: Misleading Language

so that you don't wake up one day and find the internet no longer works for you

The problem with protocols which are supposed to work from-day-to-day is that there is no incentive to do anything about deprecated features, and thus "will it work tomorrow" incentive to just keep using what works, gets stretched until things break catastrophically.

4
0

Cops and spies should blame THEMSELVES for smartphone crypto 'problem' - Hyppönen

Bronek Kozicki
Bronze badge

Re: 2-part security?

I understand NFC link only works on short distances - you might not be able to put your phone to a pocket without erasing it ...

1
0

Get NAS-ty: Reg puts claws to eight four-bay data dumpsters

Bronek Kozicki
Bronze badge

Yeah, was thinking the same : "where are units supporting checksums on filesystem?" and then I realized I need to build my own with FreeNAS or Nas4Free .... because no brand would do that for me!

Honestly, if NAS cannot guarantee integrity of your data, what's the point?

1
0

CURSE YOU, 'streaming' music services! I want a bloody CD

Bronek Kozicki
Bronze badge

Re: Streaming

it's diminishing returns, simple. I can spend few hundred on a player, another few on a pair of headphones or speakers, but adding zeros to the bill for gain I cannot hear without moving my home to middle of the desert first is unjustifiable. I'm just happy not to have to hear clipping, sibilance or random artefacts.

1
0
Bronek Kozicki
Bronze badge

Re: Streaming

@AC bull*it . Nobody is asking you to keep putting CDs in, you can rip them to FLAC if you want to, and only keep physical record in a locked archive. The point being, there is nothing "modern" about streaming and I assume you are either very young or very old and thus memory not serving you well. Anyway, go and lookup "Real Player".

I can keep on microSD a lot of music in a lossless format I ripped form my own CDs myself, and I can play from portable device with proper DAC, amplifier and sound quality a class or two above ipod or a phone (see IHIFI 960, AK100, iBasso DX90 etc.). But of course, I also have proper headphones not some branded crap with "b" on side. Does that mean I do not use streaming? I actually do, to find something new and interesting. And that does not happen very often at all, because "you may like too" algorithms are awfully limited and programmers who wrote them do not understand that someone may enjoy baroque, modern classical, different flavours of rock and few other kinds of music, depending on mood and other factors.

10
0

Soundbites: News in brief from the Wi-Fi audiophile files

Bronek Kozicki
Bronze badge
Thumb Up

Re: @Nick

@Peter thanks, exactly my point.

0
0
Bronek Kozicki
Bronze badge

@Nick, I take issue with your "flawlessly". You can never represent analog signal digitally without introducing flaws, especially so when you only have 2 samples per wave.

4
3

How the FLAC do I tell MP3s from lossless audio?

Bronek Kozicki
Bronze badge

Haha, this reminds of supposedly lossless, hi-def files from qobuz. One evening sitting by the computer, I found that they have Mozart C-minor Mass directed by Herreweghe, exactly same record I enjoyed earlier the same day from my CD (it was not ripped then). Being lazy (or experimental) sort of person, I decided to stream the music rather than put my CD in. It played nicely, up to solo soprano when it started clipping quite horribly. Compare same part with my CD - no clipping and my poor underpowered mini system played this part rather quietly, but cleanly. Turn down volume on my computer speakers (active Samson studio monitors attached to Epiphany Acoustic DAC) streaming from qobuz, and I hear clipping again. So, I ripped my record to FLAC just to play it on the same equipment and there you go, lovely and clean sound. It turns out that "lossless, hi-def" qobuz files are totally messed up, they probably never checked the final result of whatever conversions they were doing.

I cancelled my qobuz subscription the same day, and from then on I only use FLAC files I ripped from my own CDs, using equipment and processing I trust and know. Or, when I do not care about quality and just want to listen to something different, it's from lossy source such as Spotify. And my "poor underpowered" mini system got an upgrade in the form of better speakers :)

1
0

SanDisk Extreme Pro SSD – courting speed freaks and gamers

Bronek Kozicki
Bronze badge

Re: raid?

I'm running 8 Crucial C300 (yes, old model) 256GB each on LSI MegaRAID in RAID0 hardware configuration, total 2TB. It's nice and no problems in years since I set it up, but in fairness I do not write this much data to it. Of course, I back it up almost constantly to an HDD and replicate the backups to external HDD, although so far the only use of backups was deleted files or misconfigurations.

0
0
Bronek Kozicki
Bronze badge

Re: The myth of SSD reliability

How much data can you write & erase on your HDD ? These guys stored quite a lot on a number of SSDs. And reported results for you.

0
0

Intel's DDR4-friendly Xeon workhorses bolt for workstations, servers

Bronek Kozicki
Bronze badge

DDR4

It may be a big deal for some, for me this means change of platform. This I'd rather stay with previous generation Xeons E5 v2 running in "old" LGA 2011 socket with 64GB of DDR3 I already have (and do not use - but it was relatively cheap!).

0
0

DEATH TO TCP/IP cry Cisco, Intel, US gov and boffins galore

Bronek Kozicki
Bronze badge

interesting

.... but I will remain sceptical until open source implementation appears and is merged into both BSD and Linux (and Windows just for laughs - we all remember NetBEUI and NWLink, right?)

8
5

Best shot: Coffee - how do you brew?

Bronek Kozicki
Bronze badge
Facepalm

regular espresso

Took me few years to learn to do it properly, but in last 5 years it's been pretty good, with Macap and Dalla Corte. It was expensive to buy, but is cheap to run. Just top it up with freshly roasted coffee beans, remember to check water level and keep it clean.

Icon for how I look before my first coffee (where did I put the filter?)

0
0

Gigantic toothless 'DRAGONS' dominated Earth's early skies

Bronek Kozicki
Bronze badge
Joke

must be French

they wear berets and eat frogs (sort of)

1
0

Who needs hackers? 'Password1' opens a third of all biz doors

Bronek Kozicki
Bronze badge

what if ...

... password replacement policies were based on time needed to brute-force an existing password? Say, you are new employee about to set your network password first time (because the one you received on welcome, comes with "must change" setting). You try "Password1" and since this is "cracked" by validator in real time it is not even accepted, since check for minimum password complexity can be run synchronously, as soon as you press Enter. So you try something a bit more complex and it is accepted, but within few hours or few days you receive an email explaining that you need to change your password again because it has been deemed too weak by automated password complexity assessment (i.e. cracked by security team). This comes with obligatory picture borrowed (legally, of course) from xkcd and a longer explanation about how password complexity works. Sounds like pain?

But here is a good part: if you read the instructions carefully, you will figure out how to set a password that you won't ever have to change (bar emergencies). You simply make it complex enough!

Now, if only one password was needed at work ...

0
0

Intel disables hot new TSX tech in early Broadwells and Haswells

Bronek Kozicki
Bronze badge

Re: Fair play...

POWER8 has comparable set of instructions.

0
0

It's time for PGP to die, says ... no, not the NSA – a US crypto prof

Bronek Kozicki
Bronze badge

all good points

Now I'm waiting for good professor to produce alternative system. Or at least start productive discussion about design of such a thing. Should I hold my breath?

4
2

Dead Steve Jobs sued by own shareholders in no-poach pact brouhaha

Bronek Kozicki
Bronze badge

Actually no, it makes sense. Apple suffered reputational damage as soon as the first class action suit was brought. I'm too lazy to see how this original suit affected the share price but I'd hazard a guess that there was some dip. Now a shareholder are asking for compensation for this dip.

It's fair game, given that (due to lack of dividend) the only way to profit from Apple shares is to sell them, which makes shareholders more sensitive to share price moves.

1
0

Simian selfie stupidity: Macaque snap sparks Wikipedia copyright row

Bronek Kozicki
Bronze badge

Re: Who takes the picture?

I think the problem here is the definition (or lack of it) of what is significant enough contribution to work, to make it pass copyright test.

It might be that in the case of actually lost camera, there is no "significant contribution" on the side of camera owner.

It might also be that in case of Mr Slater, the camera was not lost but made ready for simians to use and also that he made significant contribution by first setting up conditions for pictures to be taken and then removing all blurred photos afterwards, selecting good ones and preparing them for publication. To me this seems like nontrivial endeavour.

9
2

Facebook wants Linux networking as good as FreeBSD

Bronek Kozicki
Bronze badge

Re: QUIC

My guess would be "for performance reasons". You can gain quite a lot of performance by avoiding context switches, but in the context of networking classical layer model makes that difficult. You may want to either to move network drivers to user mode, or move application APIs to kernel mode.

I honestly can't say what FB would do, but I know what I would want to research given objective to improve performance of network stack.

1
0

SCORE: Rosetta probe hits orbit of duck-shaped comet

Bronek Kozicki
Bronze badge

this is big

congratulations to all involved, very impressive!

7
0

Resistance is not futile: Here's a cookie sheet of luke-warm RRAM that proves it

Bronek Kozicki
Bronze badge

Re: Sounds potentally very good.

No it wouldn't. Even if the RAM chips could achieve that type of speed, the long wires of the memory bus could not

... hence HP work on photonic connections between memory and CPU, alongside with work on memristors.

0
0
Bronek Kozicki
Bronze badge

Re: Sounds potentally very good.

Abstract of actual paper gives sub-50ns switching speed which is very good, but IIRC (corrections welcome) memristors are promising sub-10ns latencies. While sub-50ns is excellent, sub-10ns is revolutionary, as it would allow CPUs to drop cache memory.

Of course both technologies are in early stages. Perhaps RRAM will put a little more pressure on HP to develop memristors right (or provide them alternative to switch into, if they fail to do it), so this development is encouraging even if one is cheering HP efforts.

0
0

Multipath TCP speeds up the internet so much that security breaks

Bronek Kozicki
Bronze badge
Paris Hilton

Re: Madness

I could of course force the streams to recombine via the use of proxies, VPN

yes you could, and while we are at it, can you pls remind what's wrong with obligatory VPN to access corporate network? I know it's not exactly free, but c'mon it just plain sense.

Paris because I'm just the same puzzled.

0
0

British Lords: Euro 'right to be forgotten' ruling 'unreasonable and unworkable'

Bronek Kozicki
Bronze badge

Re: I'm shocked

This is provably not true, and the evidence is winged flying pig behind my window and snowballs flying from large, hot and red crevice in the ground below.

2
0
Bronek Kozicki
Bronze badge
Mushroom

I'm shocked

Our political masters seem to be trying to do something right, and in doing so they agree in principle with Google.

This is unthinkable, I must be living some alternative reality.

13
4

US Social Security 'wasted $300 million on an IT BOONDOGGLE'

Bronek Kozicki
Bronze badge
Joke

Re: Amateurs

I imagine this dialog:

Obama: duh

Cameron: amateurs ...

0
1

The answer to faster wireless is blowing in the wind

Bronek Kozicki
Bronze badge
Joke

it's all hot air

0
0

BT: Hey guys, we've developed NEW MOBE TECH! It’s called... 2G

Bronek Kozicki
Bronze badge
Megaphone

Hm, picocells .... can those work with SIP?

Now I want SIP phone gateway which would be also 2G picocell for my home, to make my SIP numbers available on my mobile when I'm at home and allow me to make (cheap) SIP calls automatically from my mobile. Because, honestly, SIP handsets rather crappy.

0
0

HP's Machine and IBM's $3bn R&D splash – aka how to survive Google

Bronek Kozicki
Bronze badge

Re: Do we need more original research into proprietary hardware?

These guys are planning to disrupt the market, before declining hardware curve drives them into the ground. This is good plan. Also, software has a tendency to expand to fill all available hardware, while occasionally delivering new important technology - so it is actually worth inventing new hardware to allow these new software technologies to be invented.

For example: massive parallelism still hasn't found good software solution, because existing model based on critical sections does not scale with program design (it forces tight coupling), while transactional memory might scale, but is inefficient due to poor hardware support.

0
0

Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'

Bronek Kozicki
Bronze badge
Pint

@Ledswinger

This one is on me.

5
1
Bronek Kozicki
Bronze badge
Paris Hilton

It took all my willpower not to downvote you, but the weird thing is - I do not know where did that came from.

Should I believe in human-induced global downvoting trend? What if some disaster happens before it's too late?

So many questions ... thus icon.

1
0

Hey Intel – that new Pro 2500 SSD looks awfully familiar

Bronek Kozicki
Bronze badge
Holmes

Re: it's a step backwards

You got it backwards. It also does not help that one has to pivot the tables to actually compare anything. Here is handy table:

Model 1500 Pro, M2: active 140mW, idle 55mW, sleep 0.2mW

Model 2500 Pro, M2: same as above

Model 1500 Pro, 2.5": active 195mW, idle 125mW, sleep 5mW

Model 2500 Pro, 2.5": active 165mW, idle 55mW, sleep 5mW

You are welcome.

7
0

Microsoft: You NEED bad passwords and should re-use them a lot

Bronek Kozicki
Bronze badge
Thumb Up

Re: 2

Hah, the math makes sense, so my "arguable" turns into "definitely wrong". Thanks for proving it!

1
0
Bronek Kozicki
Bronze badge

Re: Password Managers?

Wasn't there a post the other day stating that they were also insecure and open to hacking?

They are IMHO, a single point of failure.

Yes, there was. Useful research but in case of LastPass , it's a FUD. The problems discovered have been fixed last year.

Although of course, it is risky to put all eggs in one basket, and I'd love to have something better to replace all these passwords. For now though, password manager used in a correct manner seems to be the best solution.

4
0
Bronek Kozicki
Bronze badge
Boffin

Re: Password Entropy

There are two problems with this 1. plenty of password fields have an unreasonably short limit on a number of characters in a password, thus preventing use of a reasonably long passphrase 2. it is arguable whether a passphrase (build from dictionary words) actually has large entropy, since it can be brute cracked simply in (dictionary size * variations)^(small N) tries, rather than characters^(large N)

1
5

Home Office threw £347m in the bin on failed asylum processing IT project

Bronek Kozicki
Bronze badge
Mushroom

Re: Crazy

For goodness sake, use icons as appropriate. I was thinking "joke alert", but changed my mind ... because your comment might very well be spot-on.

2
0

Major problems beset UK ISP filth filters: But it's OK, nobody uses them

Bronek Kozicki
Bronze badge
Megaphone

actually ...

... I might be tempted to filter IP traffic at home, but under following conditions:

* I own the box which does the filtering

* I decide what is being filtered

* I decide which of my home computers are affected by the filtering and which are not

* The box supports both IPv4 and IPv6

Anything else - f* off, it's my network and I decide what enters it.

11
0

Will the next US-EU trade pact prevent Brussels acting against US tech giants?

Bronek Kozicki
Bronze badge
Facepalm

Re: Please tell me I'm wrong...

Speaking about contract law, you might have spotted phrase similar to the following in contracts "if any clause of this contract is found to contravene local laws or be unenforceable, only such clause will be deemed void, while the remaining clauses of the contract will remain valid and binding", or to such effect. This is to prevent the whole of the contract becoming invalid if any of its clauses is found illegal. How does it happen that some clauses are deemed to contravene local laws? Because laws were made to protect citizens, for example by making it illegal to sell your body parts. Such laws are made by lawmakers, subject to government initiatives.

Now, if a company was to make a business model as an "agent for direct acquisition from donors and selling of human body parts for transplants", any contracts signed under such business model would be deemed invalid. Now, imagine what happens if companies are given the right to sue lawmakers for a reason that laws are hurting their profits. This means that companies can now shape the laws in their favour in order to maximize the profit, and this also means that they can legally force lawmakers to remove such laws which make the above mentioned business model illegal and invalid!

Welcome to the world where companies can force governments to remove laws which protect citizens, if such laws happen to hurt profits.

9
0

LibreSSL RNG bug fix: What's all the forking fuss about, ask devs

Bronek Kozicki
Bronze badge

Re: What is cruft, what is security, and can the LibreSSL programmers tell the difference?

It's been "fixed", by seeding RNG with your private keys. Thank you for such "fix", I'd rather not see something like this in a program I am using. Especially since OpenSSL is unable to provide a guarantee or verify that RNG subsystem is indeed trustworthy one and won't steal your private keys.

Remember, no library can fix security flaws of the underlying operating systems - at best it can work around them. If you want an illusion of security by deploying ever more elaborate workarounds that's your problem, but I'd rather leave it to people who know about security more than you do (or OpenSSL team does).

10
1

LibreSSL crypto library leaps from OpenBSD to Linux, OS X, more

Bronek Kozicki
Bronze badge

Re: Code size

No, they wouldn't. Code size is not the only thing that matters - coupling is the same, if not more important. Think of it as the possible number of permutations in a group of elements (elements being design artifacts, ie. functions in C language). In a design with qualities of a hairball (anything connects to anything), the number of possible permutations can be huge, despite the total number of lines "merely" going into many thousands (below million). In order to understand it, you need to read it all and then build mental model of everything there is. That makes for very high barrier to entry.

The purpose of good software design (each language provides own design tools for this, in case of C that would be private headers, static functions etc.) is to control and lower the number of possible connections, thus lowering the overall complexity and the cost of reading and contributing code - despite total code size remaining roughly the same, or perhaps even slightly larger (depending on design tools used).

Of course, LibreSSL didn't set to increase the codebase with design artifacts. They set to remove all dead code first, which obviously is a very good way to start such a project. They are also limited by public API of OpenSSL which makes lots of private functionality available to users unnecessarily. But they are to a good start and I wish them well, enough to setup monthly donation.

9
0

Page: