BlackBerry are doing OK with patches
2137 posts • joined 23 Apr 2008
Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let 'em have it
Re: SecureBoot Bites Again
Presumably the lack of the MS cert will also stop Windows installs onto Mac too ??
It includes the certificate MS uses to sign Windows. It does not include the certificate (also issued to Microsoft) that everyone else has been using for Linux. The two certificates have broadly similar names!
Or at least, that's my reading of the situation. May be wrong!
Be fair, the motherboard, CPU and memory chips are also hardware items that have to be trusted if one were to rely solely on software encryption. It's not unreasonable for MS to have assumed one has purchased good hardware.
Re: "rumuors of Microsoft embracing open Source"
@Andy Denton, 95Rune, LDS, et al
That's all fantastic insightful stuff, thank you very much. I consider myself well and truly edumacated!
The use of Electron is indeed not a ringing endorsement of their own frameworks. Or anyone else's for that matter, if one considers Electron to be the least bad option... Perhaps they've given up trying to make cash from development, participating only where it makes them relevant (eg slowly displacing Java on the backend with .Net Core), and are prepared to let The Internet Provide otherwise. OMG, what have I said?
Re: "rumuors of Microsoft embracing open Source"
And if they released the code of Skype classic, Windows version, a lot of open source purists would cry foul because not a small part was written in
Borland Inprise CodeGear Embarcadero Delphi.
Good grief. Yeurk! Er, are you sure? I remember reading (who knows where, it's a long time ago, so I may easily be in error) that it was written using Qt originally. It looked far too nice for Delphi as I remember it, or am I doing Delphi a disservice?
SIM. rental is pointless...
...if there's a whole bunch of you travelling together (eg a family). Renting a MiFi is more economical as everyone can use that, saves renting 4 separate SIMs. Rental SIMs often don't permit tethering, so running a WiFi hot-spot off one phone won't necessarily work.
Re: If only...
The Napoleonic era French Empire?
Uhh...okay. So the fact you could only buy the original iPhone with a 2-year AT&T contract had nothing to do with Apple?
The original iPhone was AT&T because they were the only network in the US running GSM. Apple back then had hardly any money, and couldn't afford to do both a CDMA and GSM phone. Therefore they picked GSM so as to be able to sell to the whole world, not just the USA. Restricting sales to AT&T was of little importance in comparison.
Worldwide Web wizard Tim Berners-Lee sticks wellington boot into Worldwide Web's giants: Time to break 'em up?
Re: Interesting point about Twitter
The problem with Twitter is the adolescent and immature run riot. No influence of any note stands in opposition, and they continue unchecked.
Absolutely. Worse still the social media platforms' business models rely on there being no restraints, no consequences for what users do. It's corporate greed that lies behind this.
I find it quite handy, with it's different way to view permissions. Shows you everything that's got access to a permission, not something that Android shows you itself AFAIK.
Re: Close but no cigar
Dear phone makers,
landscape QWERTY. L-a-n-d-s-c-a-p-e.
This makes me so sad. All I've ever wanted since 1997 was a Psion 5 with a nicer screen and a decent modem built in. I don't even want the software changed, it was just fine as it was before Nokia got their hands on it and ruined everything.
I know people who used Psion 5s and IR connected phones for all their mobile business needs. Pretty cool, especially for the late 1990s. In Japan in particular, where the road warriors struggled from meeting to meeting lugging a heavy laptop around, being able to do the same thing with nothing but a Psion 5 in the suit pocket was showing off big time. And, this being Japan, you'd not need an overnight bag either. Psion never, ever thought to do a Japanese version, they'd have made it big time had they done that.
You mean, it's telling the correct time twice a day?!
Software driven watches just sounds like a complete clash. Mankind spent centuries perfecting watches both mechanical and electronic, and then someone has the bright idea of shoving one of our least reliable inventions (software) inside. What did anyone really expect the result to be?
...but I'll wait for the iFixit breakdown.
Re: Monopolist Often Don't...
Oops; looked up wrong figures for MS and Google quarterly revenues. Google out-earned Microsoft. Still, MS makes profits setlling things to users, and that's a consistently good business model. How come dusty old MS are competing effectively against hot, young and thrusting Google when it comes to cloud services provision?
Google don't sell things to users very well, almost refusing to do such a thing. We'll probably look back on that as a strange kind of blindness.
Monopolist Often Don't...
...Give up their monopolist positions voluntarily. They have to be compelled. And eventually, even slow moving outfits like the US government get their act together to do something substantive (the EU is like greased lightning in comparison...).
There are exceptions. IBM managed to avoid it, basically by being very keen to demonstrate how good a corporate citizen they were, back in the 1970s. IBM was then very different to the company we see today.
Google seems to have no such intention. What Google don't seem to realise is that there's a fine line to tread when operating a near monopoly, otherwise corporate breakup is inevitable. Instead they seem hell bent on antagonising regulators, and even the US politicians are beginning to make grumbling noises. They are not operating an effective long term strategy.
But then again Google's management has never been good at strategy, with their one track mind on how they operate. Their Android strategy has been woeful (China, updates?). Their services strategy has also underperformed (China again). It's going to take some imagination to survive intact, and I don't think they've got it. This is the price they're paying for their skewed corporate constitution, whereby wiser more experienced investors can inject management wisdom by influencing the board's composition. Instead the voting rights distribution amongst shares is guaranteeing that the management will drive the company off a cliff edge.
The UK's Digital Services tax could be the sort of thing that breaks the company too, if the idea spreads. It's easy for other countries to copy it, and 2% can be easily scaled up. And they cannot avoid it because it's based on taxing something that can be measured externally; the ads they display. And the tax man can always compel their customers to disclose how much money they've sent Google's way too. Basically playing an under-reporting game with such a tax could be criminally dangerous.
As things are I see nothing to suggest Google is going to be a consistent cash cow, like Microsoft are. MS out-earned Google by more than 3:1 last quarter. Google are going to fail, unless they face up to the fact that everyone will one day be fed up with them and will be prepared to break them up and tax them into the ground.
Absolutely! And if I may be pardoned a small pun, nice to see them slowing up progress significantly.
Re: But *Why* did they buy them?
I'm fairly convinced that it's because of who uses RedHat. Certainly a lot of financial institutions do, they're in the market for commercial support (the OS cost itself is irrelevant). You can tell this by looking at the prices RedHat were charging for RedHat MRG - beloved by the high speed share traders. To say eye-watering, PER ANNUM too, is an understatement. You'd have to have got deep pockets before such prices became ignorable.
IBM is a business services company that just happens to make hardware and write OSes. RedHat has a lot of customers interested in business services. The ones I think who will be kicking themselves are Hewlett Packard (or whatever they're called these days).
Someone in IBM doesn't like systemd
IBMer thinks: "I don't like systemd. If I were in charge, I could close it down".
Pauses. Reaches for their Internal Memo pad (for this is IBM afterall), and sharpens their best, most impressive pencil.
Next thing we know it's giga-cheque books at dawn, and some gleeful looking IBM wonk is in charge of systemd.
Seriously though, this does mean that IBM will also control the CentOS project. Nothing particularly wrong with that in my view, IBM have been good friends to Linux over the decades, but it is a whole hunk of consolidation of a sort in the market.
This two-year-old X.org give-me-root hole is so trivial to exploit, you can fit it in a single tweet
Re: Thanks for making this public
The CVE was raised back in July. The tweet was yesterday.
Perhaps you'd be advised to keep an eye on the CVE lists if you're concerned, not everything there gets tweeted.
Re: "Quality" is a structural attribute, not a bolt-on
Oh, Agile if done properly is fine, but it rarely is. The money men don't see the value of rigour regardless of whereabouts in a programme it crops up. Agile too readily gives them an excuse for dispensing with rigour altogether.
Also one of the tenets of Agile seems to be to embrace failure, let it happen, deal with it when it occurs. That might be fine for a Web IM service, where a day or so offline won't matter, but not elsewhere.
Re: "Quality" is a structural attribute, not a bolt-on
And the OS-y you product is, the less relevant the Agile Part of your product developement strategy.
Absolutely. Also if a piece of software is your business system, you certainly don't want to be mucking about with that. Change has to be done very carefully.
I'm sure that's why you see in airlines, retailers, etc a lot of text mode software that originally ran on 3270 terminals. It's there, it does its job, it never goes wrong. If it does break the business is dead in days at most.
Not a place for agile development.
Agile, if done properly, is just another way of discovering what someone's requirements are. However it is often abused as a way of taking short cuts in development. Shortcuts lead to failure.
Re: I wish I had $3K to spare...
Well, there are worse things to do with 3 grand....
I'm quite impressed with AMD of late. Good architecture, well executed, keenly priced. Good processor performance too. It may or may not be luck or judgement that meant they avoided the worst of Meltdown / Spectre, but avoid the worst they did (Meltdown made Intel look silly). They're on my shopping list.
Re: Somehow I think the EU is going to reject this "remedy"
Who knows. Even if the EU doesn't reject this remedy, Google have potentially opened themselves up to yet another probe, eventually. By charging money, they've defined the business case for a competitor to come in and provide equivalent services (even down to the API level - fair use, right?). That competitor can say, "here's equivalent services, minus the data slurp, for $30", undercutting Google who are saying it's $40 + data slurp. Which would you take, all other things being equal? I agree that, in the round, it isn't going to fly at all well.
Suppose that did happen, and got traction. Google's only recourse is to undercut the competitor's $30. Which could easily be taken as an abuse of monopoly, given Google's current position in the Android services supply market. They could try obfuscating the APIs, but that won't fly either.
SQLite creator crucified after code of conduct warns devs to love God, and not kill, commit adultery, steal, curse...
A tablet with WORM storage. It's a bit hard to erase writing from stone slabs, takes a considerable amount of current on the block erase supply line.
Google want to start tracking credit card usage globally ("anonymously", so we are reassured). That's got to be a bad idea... That would give them more or less complete visibility of everyone's shopping habits.
Pretty sure that ANPR is in use in at least some petrol stations to alert the operators if a known non-payer has just pulled up to a pump. They can then insist that they pay for the petrol up front, before they activate the pummp.
What would be even nicer is if they'd use it for payment. If your reg was associated with an account, simply pump and drive off! They don't want that though, they want you to have to go into the shop, tempt you with added extras.
So I'm paying for the software now?
Then let's have a chat about Google's data slurping, shall we?
Am seriously unimpressed by Google.
Re: Cry "Margrethe Vestager!"...
Quite. This is yet another reason for the European Commission to get its teeth into Google, who really don't seem to be learning that the damage being done by all these negative findings will accrue.
Also how long before Samsung et al decide that shipping Android infected with Google's stuff is damaging to their business? Google free Android sounds better and better.
Re: Welcome to the real world, MS
Microsoft has an arrogance problem. They think if they want, or did something, everyone else will just fall in line.
That seems unnecessarily uncharitable in this instance. It's not like they're making Windows itself IPv6 only, or any of its services. They're just trying to roll out IPV6 on its own campus and finding it very hard. OK, they may have been slow to the party in that regard, but it's not like they're the very last.
So really we should be grateful that they're sharing their experience doing this because that helps us all appreciate the difficulties, and what might be done about them.
nobody faxes digital x-rays. They are too low resolution after faxing to be of any use.
That depends. I reckon that'd be fine for me, there's not much inner detail to see... Funny bone? Check. Brain absent? Check. Especially on Mondays. Summary? Nearly functional human being. Prescription: tea. Lots of it.
They can do it because they are somewhat less greedy about gouging their customers.
An MVNO is a customer too.
They exist because it's a cheap way for the network operators to sell more airtime without having to make their own brand more palatable to customers looking for a better deal.
Possibly a bit like Lexus vs Toyota, except Lexus would be the original and they'd contracted out the Toyota brand but kept the factory that made them.
Re: what if you 'outgrew' ".Not" (aka ".Net") itself?
I don't develop desktop applications (anymore), I don't run on Windows, and anything that's time critical (very rare - .NET core produces reasonable machine code) would be written in Rust, but only after the speed improvements are required and measured.
I grew out of C++ a decade ago, when my clients decided they no longer require desktop applications
I mourn the passing of desktop apps. In my own opinion there's something miserable about Web apps; they're slow, clunky, disregard local norms for keyboard short cuts and they also tend to be truly awful for people requiring accessibility help. The ultimate awfulness is the implementation of a pop-up dialogue box in html/JS/css; if you're creating dialogue boxes instead of just asking the local OS to pop one up for you, something has gone badly wrong, and coding has entered the realm of lunacy. Dialogue boxes like that are missing the whole point anyway; the use can't move them outside of the browser window to see what's underneath.
They're also wasteful of resources. A simple Hello World might require almost no html, but the several hundreds of megabytes of RAM needed by a modern browser to display that is absurd. Chrome especially.
I still write in C++, C (lots of real time stuff), but I'm realising that Rust is probably the place to go. It seems that Mozilla have accidentally brewed up a very good language. We're near the point where any new C++ project really, really ought to not use C++ but use Rust instead. There's simply nothing about C++ that makes it superior, whilst Rust also clears out all the nasties with memory.
The fact that Redox has got as far as it has with comparatively few developers in, what, 3 years I think shows that development in Rust can be quick.
By running it in testing without external links to the wider Internet? No Internet, no 3rd party libs live downloaded.
To shamefully mimic an XKCD edition:
1998: don't download and run code of unknown origin, lest you get a software nasty. Practice safe hex.
2018: download and run code of unknown origin, who cares if you've been given a software nasty. What's hex?
The BBC is, as usual, fawning all over Apple at this exciting time...
I see they've stayed true to the notch. It's moderately interesting, but only in a omg-I-can't-believe-Apple-are-still-fresh-out-of-good-ideas (aka omgicbaasfoogi) kind of way.
Re: I was syncing and sending SMS from my PC circa 2001...
I too am not convinced that doing SMS from some other device is not new. I have vague memories of doing something with SMS and something else (Playbook? PC via their desktop software?) on BlackBerries, long time ago.
It would be a pity if the only thing the general public remembered about the New Horizons mission was that Pluto got reinstated as a planet because of it. I'd prefer them to remember it for the vast increase in our knowledge that it's brought about. Though obviously Pluto is a planet.
In my own opinion (and I'm not connected to the endeavour in any way whatsoever, so it is at least an honest opinion), New Horizons is way up there near the very top of accomplishments by the planet / moon / asteroid / comet botherers. To pull off such a info haul with a single opportunity was pretty spectacular. And there's more to come! Admittedly the top of that list is a crowded place to be placed in...
Why not Buy BlackBerry?
I've long since wondered why no one has acquired BlackBerry. They do have a ton of IP, a lot of it is fundamental stuff (because they were the first to do a lot of the things that are now commonplace), and it's not all just software patents and keyboard designs.
For example, they were pretty good at antenna designs I recall, something that Apple could have benefited from. BlackBerry own one of the best real time OSes out there, QNX, yet Google seem intent on writing their own from scratch at vast expense (Fuchsia). That's particularly odd on Google's part because owning both QNX and Android would put them in a very strong position to shoe-horn their services into almost all in-car-entertainment systems worldwide, something that sounds strategically very important to Google, almost worth paying any price for.
If anyone wanted an IP portfolio to add to their own armoury, getting hold of BlackBerry's stash is probably a good bargain at the moment.
Re: You got me
The bloat is indeed a bad sign. Skype in its early day's could be downloaded and would do everything you wanted through a dial up connection. Anything bigger than that should have generated warning sounds within MS.
Skype over dial up was remarkable - excellent call quality, etc. I bet it can't do that anymore.
Re: On the one hand
AIUI only a few lines of implementation were copied, the rest was simply the declarations.
Yes, but the files containing the declarations were also copyrighted too I presume. However I don't know whether Oracle's submissions covered these or whether the court case considered them. Judging solely by the popular reaction "don't copyright APIs" I'm guessing that they did.
As to whether or not that's right, a copyrighted file is a copyrighted file, no matter what it contains or defines. If I took someone's non-free paper specification manual for an API and published it in my own name, I can rightly expect to be contacted by a bunch of keen lawyers eager for redress.
However it is pretty pointless making people jump through a clean-room rewrite of an API's declarations simply to avoid the copyright on them. If they want it they're going to do it (unless they're Google, or so it seems). But if that's the price of upholding strong copyright laws then perhaps that's a price worth paying.
Re: On the one hand
Ah yes, SCO. But isn't there a subtle difference between the two cases? I thought SCO were claiming ownership of the API specification (corrections most welcome, memory slightly hazy); Linux didn't re-use any of the source files from Unix. It was a ground up fresh implementation, including header files, and anyway has a different system call interface. Whereas Google simply lifted parts of Oracle's code, admitting as such as part of this case.
I'm fairly certain that had Google implemented the same API identically without simply copying bits of Oracle's source code files, it would never have got this far. People have been clean room reimplementing APIs for decades - IBM's BIOS being a prime example - without so much as a hint of legal difficulties.
Otherwise I admit to grasping at straws to explain why one historic case concerning (at least in part) ownership of APIs hasn't prevented the Google/Oracle case getting this far.
On general principles I don't like the idea of a giga-corp like Google getting away with a poorly defined fair-use decision, the consequences of which might have an unintended consequence.
Re: On the one hand
Well it depends on your view as to how strong copyright law should, or shouldn't be. Personally speaking I believe copyright laws should be strict; a grey area on that matter won't serve anyone.
Remember that the only thing that forces things like Linux to be open in the way it currently is is the strict interpretation of copyright laws. Any easing off of that interpretation damages things like GPL and software based on it. It's then a slippery slope for the GPL, whose only protection is copyright, and companies with deep pockets could make it more slippery.
And never mind Linux. Any open source copyrighted code becomes fair game. If Google are allowed to use bits of Oracle's code without permission, why can't I use bits of your source code without your permission? Of course just good manners would prevent me from doing something like that, but what about a money grabbing corporate whose only incentive is profit?
Re: Now seems like the perfect time...
Ok, but Python 2 or 3? ;)
Re: It's all lies
No, that's wrong. Microsoft have done an implementation of the Linux kernel's system call interface. The POSIX part come from plonking glibc on top of that, the necessary binary being identical to that compiled by Ubuntu, or RedHat, or whoever.
As for what Linux is, given the myriad versions of the kernel that are out there, stretching way beyond the main stream kernel, arguably the only thing that defines them all as "Linux" is the system call interface. That's the one thing Linus has been very passionate about keeping consistent and stable. It's the only thing that unifies them all. That, and some shared git commit in a repository far, far away a long time ago.
So in a sense, anything that implements the system call interface is a Linux of sorts. That includes Windows 10, FreeBSD, QNX, Solaris, GR, RedHat, Ubuntu, Android, etc.
Reportedly MS have done MSSQL on Linux by doing a Windows kernel interface shim for Linux. They can put win32.dll and everything else on that, and software that uses these DLLs has no idea that there's no NT kernel underneath. So with that installed, a Linux can now also be a Windows too. At least to some extent.
Re: Remind me again......
Anything that Redmond can do, GNU can do better.
Windows has better graphics drivers and supports more WiFi devices...
Re: "It's been quite clear for some time that funding development"
Google could have charged for its mobile OS to fund its development - but the plan was to give it away for free (more or less) to spread it as much as possible, so it would have greatly sustained the ads business - and the plan worked, especially outside US where Apple expensive phones have less market share.
Free? More or less? Don't you remember that just a few weeks ago the EU fined Google because Android is far from free? Using it relies on proprietary blobs that come with conditions attached, illegal conditions as it turns out.
Google's business model is sunk, at least in Europe, it's just a matter of when the regulators tear them apart, not if.
Sounds like an extension of the "If you can't dazzle with brilliance, baffle with bullshit" approach. Also used to great effect by large companies to limit bonuses, raises, promotions of their own employees, justify bonuses, raises of management, justify the appointment of manager's mate to high-level role, by governments when enacting new 'security' laws...
That list was supposed to be small, but I can think of so many examples on the spur of the moment that it's depressing.
Oh be fair. At least with a government you're able to vote against them, and if enough people do that then there's a change of ruling party, and possibly a change in law too.
Can't do that with Google. You can buy shares in them, but all the openly traded ones don't give you voting rights. So as a member of the public you have even less ability to change Google's behavior than your own government's...
I must say that this looks like a spectacular fail on Google's part. This new data law has been in the cards for yonks, and surely it must have crossed their minds that what they're doing is probably illegal. Did they consult a European lawyer, or rely on an American interpretation?
Kinda the polar opposite of Rust then. I'm not yet a Rusty programmer, but I aspire to be!
Re: Looking at the wrong holes
I'm with Cynic_999 to a large extent with this one. Running random third party code is asking for trouble, and absolutely requires one's machine implementation to be exactly as per the manuals in order to be safe. The manuals are turning out to be mere pipe dreams...
It is possible that we'll look back on this episode and wonder what all the fuss was about communications encryption when we weren't bothering to check what code we were running at the end points.