Re: Time for NUMA, Embrace your Inner CSP
It's fascinating how normal UNIX commands would be a good fit for CSP architectures.
Posts by Christian Berger
4850 publicly visible posts • joined 9 Mar 2007
Page:
Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits
Who wants dynamic dancing animations and code in their emails? Everyone! says Google
Wednesday 14th February 2018 09:47 GMT
Re: feature request
"In fact, why not make native code run as well, straight over email, it would be super neat."
Outlook used to have that feature, you could embed a sound file in your mail which would then be saved to disk and played... even if it had the extension .exe. (Explanation: The Windows API-Call to play a sound internally maps to the API-call to execute a program. So you could convince Outlook that it's a sound via the MIME-Type, but effectively you could send a native program.)
Until last week, you could pwn KDE Linux desktop with a USB stick
Tuesday 13th February 2018 18:55 GMT
Re: It's a problem with "Open Source" vs "Free Software"
"Any software simple enough to be competently maintained by a single person is probably insufficiently complex to handle all the tasks handled by a modern desktop environment."
Actually that's what people thought before UNIX, too. What's lacking is simply the right way to tackle the problem. Imagine instead of Wayland and X11 we would have chosen something simpler, like a virtual file system (Plan9 like) or perhaps a graphics and sound extension to the terminal.
There are features you write explicitly, and there are features that get created by having some orthogonal features which implicitly create a whole new range of features.
Monday 12th February 2018 16:53 GMT
It's a problem with "Open Source" vs "Free Software"
The Freedesktop people churn out "Open Source" software. It's available as source, but so incredibly complex that only they can maintain it. Since it's very fashionable to work for "Open Source" projects and they rarely deny people working on it, many beginners write code for them, resulting in even more code which only increases the dependence on some sort of "Open Source company" as well as the more or less occasional stupid bug.
"Free Software" only is truely free when the software is simple enough to be understood by a single person or a very small group of them.
Hyperoptic's overkill 10Gbps fibre trial 'more than a clever PR stunt'
Yorkshire cops have begun using on-the-spot fingerprint scanners
Secret weekend office bonk came within inch of killing sysadmin
Friday 9th February 2018 10:40 GMT
It's actually not _that_ dangerous
Electricity isn't like a swarm of animals, it doesn't "move" in water. If something like that happens, the bulk of the current flows very close to the points where the life conductors touch the water. In fact if you submerge a typical power supply, you're probably fine even close by. Even if you have some relevant current going somewhere the RCD will trip way before there's any danger.
Safetly precautions are there to keep you away from danger as much as sanely possible. However even without them not everything is highly dangerous.
BTW There's a great German short movie called "Staplerfahrer Klaus" (availiable on Youtube even with english subtitles) However that's perhaps not really SFW.
Winter is coming for AI. Fortunately, non-sci-fi definitions are actually doing worthwhile stuff
Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason
Indiegogo to ailing ZX Spectrum reboot firm: End of May... or we call the debt collector
Adobe: Two critical Flash security bugs fixed for the price of one
Wednesday 7th February 2018 10:32 GMT
It probably is, at its core
I mean we are talking about 1990s software dealing with ill-defined binary formats here. It has to deal with all the workaround of bugs in the software creating Flash files. It has to be able to parse long dead file formats in order to maintain compatibilty. All of that was written in the 1990s with its typical code quality. I'm sure that the current developers are scared about touching it, as it might bring weird side effects as bugs in that code might have been used by some files out there.
Ghost in the DCL shell: OpenVMS, touted as ultra reliable, had a local root hole for 30 years
Tuesday 6th February 2018 16:02 GMT
Re: Wasn't VMS...
"As a result Windows NT was actually based on PRISM not VMS because it was actually capable of 64 bit from the beginning, they just didn't have 64 bit Intelx86 at the time."
Well yes, but apparently Windows NT for Alpha wasn't really 64 Bit. At least that's what people said back then.
Tuesday 6th February 2018 15:49 GMT
Re: The sky is falling in
""Yo do realise that VMS's security is by obscurity? It's quite expensive to get hold of"
Well, if you consider the free hobbyist licence expensive I guess it is."
You still need the hardware which realistically is either Alpha or Itanic. Not really something people have lying around.
Tuesday 6th February 2018 15:19 GMT
"How many other old Oses run the central computing systems of major banks?"
I have one data point on that, and that's some bank having switched their old computer for a newer, Java-based solution and giving that old computer to a museum. (it was probably >20 years old at that point) The employees didn't like it because the old system was _much_ faster.
UK PM Theresa May orders review of online abuse laws in suffrage centenary speech
Tuesday 6th February 2018 15:12 GMT
Abusing people to get your needs through
Essentially she's claiming that this is for surpressed minorities, and in fact in Germany when the same ideas came forward, the Neo-left came forward and even supported those plans.
Now that we have those rules in effect, it's mostly been used against left leaning people. For example satire magazines got censored.
What the Neo-left don't seem to understand is that any kind of censorship is bad. Just because you don't like a certain opinion it shouldn't be banned, because the next opinion to be banned will be yours.
NASA's zombie IMAGE satellite is powered up and working quite nicely
Tuesday 6th February 2018 11:13 GMT
Re: Funding?
"This depends... Sometimes the receivers need special hardware to receive the data. If said hardware is lost/scrapped you need to re-create it."
There's specifications for those instruments, and typically they have some way of giving you raw IQ data at a given fidelity. This is essentially laboratory equipment and therefore rather flexible by design.
Tuesday 6th February 2018 11:11 GMT
As in any big company that takes time
Imagine you'd find a surefire way of earning your company a billion in 2 weeks if you act now and invest 10k. You will be unable to get funding for it, as it simply takes time to organize spending so much money at any company.
I mean NASA may be somewhat more efficient than most companies its size, after all it has a high percentage of engineers and scientists, however such things still take time. Budgets need to be revised, teams must be built.
CableLabs signs off MAC spec for DOCSIS full duplex
Tuesday 6th February 2018 09:15 GMT
Re: Another lease extension for the life of copper access
"I wonder what law there is on copper data bandwidth increase ?"
Well there is the channel capacity
https://en.wikipedia.org/wiki/Channel_capacity
which gives you the maximum amount of data you can get through a channel, giving it's signal to noise ratio.
If you have a bare cable, the SNR is limited by thermal noise in the receiver as well as the maximum allowable power before the cable leaks to much.
If there is an amplifier in between, it's usually the limitation as it has a maximum input power as well as its own noise.
So in reality your SNR is somewhere in between 20 and 50 dB, which is 1:100 to 1:100000 in linear units. That roughly translates to an overall channel capacity of 1-10 GBits/s, depending how rotten your network is.
You can, BTW, estimate your SNR by looking at the picture of an analogue TV channel. If the image looks perfect, you have around 40-50 dB SNR, if you can see noise you are below that, and at 20dB you can still see the picture through the noise, but it's not preety.
You're the IT worker in charge of securing the cloud for your company. Welcome to Hell
Monday 5th February 2018 10:30 GMT
Now let's play this through for a UNIX(oid) shop
If your employees want to access the data from home, just setup a VPN and let them log in from home via ssh using public key authentification. That's both secure and easy to do.
It's only when you made the error of installing Windows PCs that it gets hard. You cannot (usefully) ssh into a Windows box and use your standard text editor or e-mail software.
No, Windows 10 hasn’t beaten Windows 7’s market share. Not for sure, anyway
Monday 5th February 2018 09:38 GMT
Re: StatCounter = irrelevant, amateurish
Yes, the best example was that weird >50% share of Windows on the Internet which everybody knew was obviously fake.
Back in about 2014 or so I did conduct some research of my own on a camping holiday. Of about 100 laptop I've seen, about 80 were running Linux (usually Thinkpads), 18 or were Macs (usually with stickers on them indicating they were paid by the employer, and about 2 ran Windows.
OpenWall unveils kernel protection project
Google code reckons it's smarter than airlines, AI funding, and lots more
Forget cyber crims, it's time to start worrying about GPS jammers – UK.gov report
Thursday 1st February 2018 20:13 GMT
Re: FFS - Measure the risk first
Well atomic clocks are not "a few pounds", that's some serious investment.
However it might be a good idea to have some fibre-based clock distribution network.
BTW even if GPS would drop dead by now, the effect likely will take days of not weeks before it actually affects DVB-T transmissions.
Thursday 1st February 2018 10:16 GMT
Re: Well timestamps at a µs level...
Audio timestamps on Radio stations are increasingly hard to do. For analog radio you'd have to do them at the transmitter, as you'll have a random non-constant delay to the transmitter. (e.g. when switching to another source when your primary one was broken)
With digital radio you have SFNs which mean that your time of transmision, and to some degree, time of reception, are much more defined. However I doubt anybody would go through all that trouble considering the transmitters get their time from GPS anyhow.
I've seen the MSF signal on spectrograms and glanced over the specifications on Wikipedia. It doesn't seem to be suitable for high accuracy timing as it's far to narrowband and doesn't include anything you could reasonably well cross correlate with. So it's accuracy is limited to milliseconds in any case... you can achieve that with just any random Internet access and NTP.
Wednesday 31st January 2018 12:01 GMT
Well timestamps at a µs level...
... can be done via simple modifications on your standard longwave time signal. For example the German DCF77 has a phase modulated portion which allows for timestamps with a reprocability in the µs range.
Your cheap sub-100-Euro time receiver will ignore that, but if you're willing to spend more cash, it's right there.
Navigation is a bit more complex. Systems like LORAN are _far_ to imprecise for navigating around a city. Navigation based on which radiophone basestations you are close to you seems more sensible. Of course you can add accuracy by setting a standard for basestations to derive their timing from standard time, so you'll know that the start of a timeslot is always at n*x ms, with 1000/x being a whole number. That way you might get a bit more accuracy. You won't solve the basic problem that all ground based systems suffer severely from multipath fading.
However we now have GPS competitors from different countries. Just build multi-system receivers and you'll always have decent signal, even if country A doesn't like you any more.
Spoofing, however, is something no radio-based system can really solve.
Terror law expert to UK.gov: Why backdoors when there's so much other data to slurp?
Ugly, perfect ten-rated bug hits Cisco VPNs
Tuesday 30th January 2018 16:17 GMT
Why on earth does VPN software handle XML?
I mean seriously VPN software is supposed to negotiate a key, then take a packet, encrypt it, send it, take the next packet. It shouldn't be hard. Everything that is hard can easily be abstracted away into support systems which either are known to be moderately reliable (e.g. the operating system's DHCP-client) or run with low priviledges.
PC not dead, Apple single-handedly propping up mobe market, says Gartner
Monday 29th January 2018 10:26 GMT
Again, in the past several markets have converged on the PC
Today people do things they used to have seperate devices for on a PC. Where you previously had some dedicated word processing system, some games console, a VCR and an actual computer, you now have the PC as a more-or-less universal device. That is mostly because a decent PC can be had for less than the price of a good display typewriter, or a PC running Linux or some BSD is just as good as an old unixoid workstation, but at a fraction of the cost. Same goes with games consoles. You can now play computer versions of all the popular video games like Pong.
However now tablets and mobile phones undercut the price of PCs. For consumers who just want to have some "Internet Terminal" those are just as useful. So naturally some of the old markets are going to move away from PCs.
Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors
Electric cars to create new peak hour when they all need a charge
Death notice: Moore's Law. 19 April 1965 – 2 January 2018
Wednesday 24th January 2018 09:44 GMT
Extrapolating short term trends...
... usually doesn't work. It's simply to short of a time to make such predictions.
The more relevant trend is probably that people now are much more contempt using 10 year old computers, so the average speed of computers doesn't rise as quickly as it used to do.
Perhaps we will get another great increase in speed, not from hardware but from software. In the past reductions of complexity have brought great advances in computing. Typical examples were UNIX (much simpler than Multics) or the Internet (much simpler than the telephone network or X.25 networks).
Facebook invents new unit of time to measure modern attention spans: 1/705,600,000 of a sec
Tuesday 23rd January 2018 11:42 GMT
I wonder how that is supposed to work in the US
In the US television has the weird framerate of 30000/1001 Hz because when colour was introduced there it clashed with sound, and instead of slightly changing the audio subcarrier frequency, they changed the framerate. Therefore today all of their framerates for colour video are derived from that number. Of course seconds are still seconds, so you'll have seconds with 30 frames and seconds with 29 frames.
Tuesday 23rd January 2018 11:31 GMT
That's not news
Developers invent their own timescales all the time. For example I once made a Unix-epoch clone starting at the year 2000. IBM-PCs calculated the time in 1/18.2065 Hz intervalls, making an overflow of the 16-Bit Number roughly every 3600 seconds.
On 16-Bit systems it's common to count seconds of the week, because that nicely fits in a 16 Bit number.
Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter
Thursday 18th January 2018 16:00 GMT
There is a lot of disagreement on what's a country
I remember the Austrian Children's television asking themselves that question back in the 1980s and they got widely divergent numbers depending who they asked.
For example back then the Vatican didn't have it's own country code, so for the postal company it wasn't its own country.
Mozilla edict: 'Web-accessible' features need 'secure contexts'
Thursday 18th January 2018 09:59 GMT
HTTPS can still transport malware
and it probably already does. It's not like somehow HTTPS means that the code it transports is more trustworthy.
If Mozilla would want to improve security, they'd make a more secure alternative to HTML/CSS/JS for web applications. Something that connects the DOM directly to a web socket, with no way to run turing complete code on the client. That would bring some security.
Things like Geolocation APIs need to be disabled by default and when disabled spoof plausible, but wrong data. Giving an error message is no solution as that effectively enables applications to blackmail people into giving them the capabilities they want.
Google's 'QUIC' TCP alternative slow to excite anyone outside Google
Amount of pixels needed to make VR less crap may set your PC on fire
Tuesday 16th January 2018 17:51 GMT
One solution for it is obvious
Just track the eyes, then have 2 screens for your eyes, one that's low res and large for the background, and one higher resolution one which is optically placed at the point where you see the sharpest and at a focal distance that's close to the object you're looking at.
This would dramatically cut back the amount of data you need to generate.
Next; tech; meltdown..? Mandatory; semicolons; in; JavaScript; mulled;
Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...
Thursday 11th January 2018 15:07 GMT
Re: Trivial? Hmmm.
"For instance, one might need to program X-Y-Z axis motion with millisecond accuracy to control log and saw movement in a sawmill."
Yes, but a millisecond is a long time in a computer, and any cheap microprocessor will guarantee you timing that precise easily. In the end 99% of it is nothing more than control loops with the desired input changing at times. The actually complex stuff is not done by the SCADA people, the complex stuff is done by the people working out the best processes. Whatever they find out usually is just a bunch of numbers the SCADA people code into their software. (or have as settings)
Thursday 11th January 2018 14:14 GMT
Yes, and...
SCADA systems typically are fairly trivial at their core, you only need to gather, display and perhaps log data. The logic to act uppon is so simple that most of those systems could be implemented with simple analog cicruity. In the hands of not quite mature programmers that's actually very dangerous as they will try to fill the boredom and come up with terrible ways to do trivial things....
.... one of those ways is OPC or OPC-UA which offers a highly complex object oriented broker like structure to distribute values and events. It nicely fills the void of boredom and keeps those programmers occupied re-implementing complex interfaces instead of simply pushing around lines of text. This however fills experienced programmers with disgust, so they tend to not want to touch this. The end result is that you have lots of inexperienced programmers trying to solve problems you wouldn't have if they were more experienced in the first place. However most experienced programmers will either leave your project or not even get anywhere close to it.
Now add mobile apps and you get the intersection between app developers and people who touch SCADA with a not to long stick, and you'll probably get only the worst of developers out there.
Cisco can now sniff out malware inside encrypted traffic
Thursday 11th January 2018 11:46 GMT
They are already using it for decades.
Traffic analysis, even of encrypted traffic has been done for decades if not centuries. Workarounds for it also have been deployed for those times. A good example are "number stations". Those broadcast messages encrypted as numbers. If they would broadcast only when something has happened, the opponent could determine the amount of "chatter". Therefore they broadcast at precise schedules.
A simmilar thing has been done during the cold war. You make a passenger plane steer a bit into enemy country, then look at where you suddenly get radar pulses from you previously didn't. Those are previously hidden radar stations. If your enemy is rather stupid you can even find new radio communications links being established.
Biting the hand that feeds IT
