* Posts by bazza

2108 posts • joined 23 Apr 2008

Europe will fine Twitter, Facebook, Google etc unless they rip up T&Cs

bazza
Silver badge

Re: Long overdue

Long overdue indeed, and definitely heading the right way.

The problem for the companies is that that have no real way of policing the content on their sites. For all this talk of AI, filtering, etc. they cannot be effective at policing content unless there is a human involved in the process.

That means that for every single thing that goes up on Facebook, Twitter, YouTube, a human needs to look at it if the company is to be certain that the content is OK. For a Tweet, or picture, that's just a glance. For a video, well how long is the video?

In short, it's unrealistic for these sites to do 100% screening by humans.

Even if they focused on new accounts for an initial period before deciding that the poster was behaving, that just sets up a minor challenge for someone intent on getting dodgy stuff up on the site. Post a few pictures of bunnies, flowers, etc, wait for Facebook to lose interest, then start posting whatever you wish.

User Identity

The only way to really improve is to be able to truly identify site users, so that transgressors can be effectively barred. At the moment anyone who's account gets closed simply opens a new one and carries on posting. User anonymity (so far as the site operators are concerned. I'm not talking about one's public user name) is what allows users to get away with it.

But how can these sites identify users? Being 'free' means no real identity check.

Their only option is to become not free, to require paid subscription. If there is a financial arrangement with users, then there is a strong link to the user's identity too. Users wanting to post dodgy material are going to think twice about it, or wind up in jail.

That'll put a dent in their business model.

A subscription fee. Very Compuserve. Very AOL.

7
4

Google borks Nexus 6 with screwy over-the-air Android 7.0 downgrade

bazza
Silver badge

Re: Move along nothing to see

Anyone who sideloads an OS onto their phone should be familiar with the risk of potential data loss especially when they okay the downgrade.

Hang on a mo, that's a pretty far stretch. Unlike a lot of other software companies, Google seemingly cannot make an installer that does version compatibility checks. I mean, not even Microsoft have pushed out an update that downgrades one's OS to a previous version by mistake. Which is a shame, there's a lot of people who'd like to go back to Win7...

2
0

Google borks its Drive Windows app – after pushing out unfinished buggy version to public

bazza
Silver badge

Re: Not just MS

Seemingly not.

Doesn't look like the Chocolate Factory have their A team working on this thing. Which is a bit odd.

If they wanted to be taken seriously as a provider of stuff for business, to have one major component of their offering (Google Drive) effectively useless on one of the major OSes for businesses (Windows) means the whole thing is not worth it.

8
0

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

bazza
Silver badge

Re: C

So long as it's running server side, why not!?!

0
0
bazza
Silver badge

Re: "Google may be OK with this but ultimately it's a big risk for them"

@LDS,

These security issue may prompt the two companies to "suggest" they become the library repositories, to "improve" and "warrant" their quality - albeit some antitrust body could object (an EU one, I guess...)

It depends on how they do it. If they do it for free, make it fully available, for the public good, in the manner of a beneficial dictator, then I think the anti-trust bodies would have no interest whatsoever. If they make it so that only Chrome does it and then only for code from Google, then I think the objections would come thick, fast and expensive.

If Google or Facebook made a case along these lines, I doubt that they'll be able to bring enough of the community with them. The world hasn't been able to fully expunge Flash. There's going to be too much stuff that's important to lots of people that doesn't fit in with a potential Google/Facebook vision of how things should be. We're in this mess partly because there has been poor standards, not much adherence to those standards anyway, and the whole thing is effectively nothing more than one global hack-fest of software putrefaction which somehow has come to be seen as hot, cool and modern. There's a lot of momentum to overcome. Conforming is not in every web-developer's mindset.

0
0
bazza
Silver badge

Re: "Google may be OK with this but ultimately it's a big risk for them"

@Tom38,

Right, but we aren't talking about reality at the moment, someone posited the thought experiment "If JS was to disappear, companies like Google would be up shit creek and they don't seem to acknowledge those risks".

It's more philosophical than that.

It's a bad thought experiment because either there is an equivalent language to replace it, in which case a Dart-to-new lang compiler would remove the risk, or that there are no more browser apps possible, in which case Google write a Dart-to-C compiler and deliver native apps.

The point is that "new lang" would also eventually succumb. The problem is that all interpreters / run-times, browsers, OSes and CPUs are mathematically certain to be flawed in one way or other. We as a species simply cannot generate provably flawless code or hardware, so it's not really an option. For example, until a couple of weeks ago everyone assumed that ASLR was a strong defence, but it got thoroughly trashed by a Dutch research group who showed that it could be unwound. In Javascript. In a Web browser. That's a major calamity.

Besides, we like fast-moving, new, dynamic stuff. To be provably secure means slow-moving, mature, never changing stuff. Shiny-shiny wins every time.

There's also the point that the introduction of "new lang" would simply expose a whole load of new-out-the-box flaws that will inevitably plague a new pile of code. Just like Javascript did initially.

The only sure solution to the problem of dynamic web pages is to forget about client side execution in the browser altogether, and replace it with a Turing incomplete remote display protocol for code running server-side. A bit like HTML used to be. A bit like X server protocol, and (AFAIK) RDP, VNC, etc. We're not very good at implementing such protocols problem free either (buffer overruns, etc), but it's a much easier challenge.

If we don't go down that route then we're condemning ourselves to having to re-write the whole Internet every time our latest Web browser client side execution environment becomes too dangerous to use. Based on our experience in trying to expunge Flash from the world, it'd be very hard to replace Javascript.

1
1
bazza
Silver badge

Google is perfectly OK with this. Any attempt to tackle this issue would go through more standardization of web development, and that would tie Google hands too.

Google may be OK with this but ultimately it's a big risk for them. No Javascript = big increase in costs for Google. If you take Javascript away, what of Google's empire is left? Android? Web based Google Docs, Maps, Search, Gmail, etc are toast. That's a massive part of their business. Google absolutely need Javascript to be safe and secure.

We've seen recently that Javascript can be used to unwind the ASLR of the Web browser, meaning that Javascript exploits could be made reliable. This study now shows that the anarchy of the Web can have real consequences. It's early days in the death of Javascript, but these papers highlight that Javascript is potentially hazardous, and no on eis doing anything from improve it.

If that's not on Google's business risk register, then they're not doing their investors any favours.

1
1
bazza
Silver badge

I don't think there's anything that we can do. But a big outfit like Google could show some leadership and do something and impose it. Very Microsoft. Very evil. Very necessary?

Google had better get on with it. Their entire empire is built on Javascript, and it's not too far from being deemed to be a massive security hazard. If that actually happens, and the world at large goes off Javascript like they have gone off Java, Flash, activeX, etc, then Google are in deep trouble. "Please run Javascript on our search page, please, otherwise those ads are going to be far less effective! And we'll do a native gmail client soon, honest.".

4
1
bazza
Silver badge

No, the people fundamentally at fault are those who have done so much to push the POS that Javascript is as a standard that all should embrace and rely on, and then abjectly refuse to police it, weed out the dross, etc.

That's basically the major browser developers, outfits like Google, Mozilla, etc. They claim to have made a runtime environment that's universal and safe, yet it's turning out to be as hazardous as any other client side execution Web technology. "Use Javascript, it's safer than Flash/Java/ActiveX/etc". Yeah, right.

Automatically running arbitrary code downloaded from God knows where without so much as a first glance, never mind a second glance, is always a bad idea. Anyone trying to convince you otherwise is almost certainly selling snake oil.

14
4

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking

bazza
Silver badge

Re: @bazza

@Brewster's Angle Grinder,

That study is pretty ancient now. Nexus 1?!?!

I fear your estimate of 170mW is pessimistic. You have calculated the continuous operation power consumption. Something like "location services" need not log position continuously - it'd serve no purpose.

Looking at the datasheet for the Venus638FLPx-D, it has a fast start of 1 second, and a 10uA sleep mode. Logging position every 5 seconds (which sounds location services friendly) would take 1/5th of 98mW (the power during acquisition), or a mean of 19mW. For continuous tracking (such as would be used in a Sat Nav), it's still only 72mW.

This matches the Canmore GT-730FL that I have, and that quite happily logs GPS once every 5 seconds all day long. It's a pretty small thing, with a pretty small battery.

For a Google Pixel XL with a 3450mAHr battery, it'd take 7.3 days to run down the battery logging once every 5 seconds, and 1.9 days of continuous tracking, ignoring everything else running in the handset. Hungry that GPS chip is not. And that's before considering how else the phone might be learning position by means other than running a GPS receiver. Listening into WiFi networks, which is all location services does with regard to WiFi skyhooking, takes far less power than transmitting on WiFi.

The power is certainly being used up by something other than running a GPS chip.

Location services is only of any use to Google if positional data is uploaded promptly. It's no good calculating where the traffic jams are a few hours after they've developed for display on Google Maps. So it's in Google's interests to upload that data ASAP, which requires an Android mobile's modem to be running quite regularly, taking a chunk of power with it. Things are of course a lot better if the phone is camped on a WiFi network. But still, that 0.5W 3G or 0.1W WiFi needed to convey location data back to Google is where the power goes.

However, if Location Services were simply a way for a phone to know where it is and not a means for Google to get data on where you are, that 0.5W or 0.1W wouldn't be used anything like as much, because the phone wouldn't be constantly phoning home to Google.

2
0
bazza
Silver badge

Re: off

WiFi doesn't eat my battery too much, but GPS has always caned power regardless of which Android handset I have.

It's not the GPS receiver itself that zonks the battery. It's the 3G/4G modem in the handset that's in constant use reporting your position back to Google, who use it for various purposes such as generating the traffic overlay on Google Maps.

Don't believe me? You can buy a tiny little GPS logger for £40 that'll log GPS every 5 seconds all day long, all off a tiny battery.

Now, if this is doable in such a tiny device, how come a phone has problems effectively doing the same thing? Answer: because it's not just the GPS receiver that's involved in Location Services.

If I leave location services switched on on my BlackBerry Z30, it has no appreciable impact on battery life. BlackBerry aren't interested in knowing where you are in the same way Google are, so it's not uploading that via 3G/4G all day long.

7
7

What went up, Musk come down again: SpaceX to blast sat into orbit with used rocket

bazza
Silver badge

@MachDiamond,

Dunno why that attracted a down vote, all looked pretty reasonable to me. Must be some Musk groupies hanging around...

Replacement cost can, depending on circumstances, vary a little. If it's the first of a series of identical satellites then it's not necessarily a linear increase in cost to build one more. It can cost more if it means bumping another customer from the production line! Or if the line's order book is looking thin a deal can no doubt be arranged. They are saving on the payload design costs, which is a pretty large part of the cost sometime. The time delay can be pretty bad; some of the major rad hard electronic components are quite often hand made, not the kind of thing kept in stock just in case.

Similarly if the satellite is replacing an older one already in service then the loss of business can be small; the flight ops guys looking after the old one in orbit just start looking at the fuel gauges nervously. There's strategies they can employ; for a geo they can let the elevation position start drifting, saves a bit of position keeping fuel. It's only when they haven't the fuel to maintain azimuth do they start getting moaned at by the ITU and other operators and have to use what's remains to boost it to a parking orbit and switch it off. I think Eutelsat came close to having to do this with one of their birds after they failed twice to replace it.

But if it's a brand new service then yes, the loss of business can be crippling expensive. That's what so upset SpaceX's launch customer last autumn.

0
0

Euro nations push for vote to axe Europe's patent office president

bazza
Silver badge

One also wonders what's in it for this Kongstad chap. He seems to be going out of his way to block action. Is he best buddies with Battistelli? What reason can he have to help Battistelli?

0
0

Euro Patent Office puts itself on Interpol's level, demands access to staff phones and laptops

bazza
Silver badge

How can you be expected not to violate a patent if the patent is secret? Do you get to examine secret patents, to check if your development work may violate them, if you're cleared to work on defence projects?

Easy, you apply for the patent yourself and you'll be told that you've merely stumbled down the same avenue as someone else, now would you mind having a chat to these nice fellows about national security, the Official Secrets Act, etc, tea and biscuits provided.

Of course, the system relies on said inventor bothering to apply for the patent in the first place. If they simply just start flogging kit without bothering the patent office or the office that controls arms exports, then the nice chaps who talk about national security will pay the inventor a rather more urgent visit, probably late one night, definitely no tea-and-biscuits this time, followed by a possible prosecution concerning illegal arms / dual-use-items exports without a license.

Basically there's a whole load of laws governing what you can (fertiliser) and cannot (chemical weapons precursors) sell, and one cannot plead ignorance of those laws.

Of course, even governments don't necessarily patent everything they invent (can't trust those chaps in the patent office with everything). Rivest, Shamir and Adleman invented a public key encryption system, only to learn much later that Clifford Cocks at GCHQ had beaten them to it 4 years earlier, but GCHQ hadn't bothered doing anything with it.

2
0
bazza
Silver badge

Re: Benoit - The new Italian Dictator

The European Patent Organisation is set up in a way not dissimilar to the EU itself. It exists as a result of a treaty entered into by various separate sovereign nations, many (but not all) who have also signed up to the various treaties that underpin the EU.

And, like the EU and the European Commission, this makes the EPO effectively un-governable. Whilst it is in theory accountable to its member nations, it would take all of them to agree on a course of action if it's direction were to be forcibly changed, like sacking the head of the office.

The discussion surrounding BREXIT is fascinating. On the one hand there's a bunch of EU types promising a hard time for Britain, no trade deal, big divorce settlement, etc. On the either hand there's the German government who seemingly don't agree (they sell a lot of cars here), Sweden and Poland talking openly about having to do a deal with the UK, etc.

One way or other it's going to define who in Europe really pulls the strings; sovereign nations or the European Union / Commission? The treaties say that the nations have devolved many powers to the EU, including the power to arrange trade deals, but it's the member nations who have to decide on whether their (collective?) best interests are still being served by the EU. BREXIT is perhaps the first issue big enough to force all the member nations to truly, seriously consider that question. Here in the UK we're kinda dependent on them doing so.

Alas, the situation in the European Patent Office is so low down the list of priorities for the member nations of the EPO that it is unlikely it will be sorted out. This situation will continue to fester until the situation resolves itself "naturally", or until the Office has become so dysfunctional that politicians in the member nations are being badgered about problems with patents by companies in their own country.

Like many international treaties of this sort, there's very often little thought put into them to define what should happen when things go wrong, how indeed performance of the arrangements should be measured so as to know whether things are going wrong or not, etc. The treaties behind the Eurozone are classics of the genre, with nothing in them to define what happens when a member nation goes bust. Hence the improvised support for Greece, and soon Italy. Such ommissions in the Eurozone treaties were part of the reason why the British government ultimately deciding to not join in.

This always happens because when all the negotiators are sat in that one room talking about setting up the treaty, it's impolite to ask the awkward questions about "problems arising" which might be taken as an insult by others in the room. Appalling really.

8
3

Passport and binary tree code, please: CompSci quizzes at US border just business as usual

bazza
Silver badge

Surely the best language would be uncommented Whitespace? It would certainly take less time to write if down...

8
0

Frustrated by reboot-happy Windows 10? Creators Update hopes to take away the pain

bazza
Silver badge

Re: Fake Linux

I dunno, what's a real Linux, really?

1
7
bazza
Silver badge

I'm confused.

I was told one of the supposed benefits of win 10 was that updates meant less rebooting. Seems not to be the case. Glad I stayed on 7...

MS are being pretty disingenuous I think. The article quotes some MS flunky who seems to be trying to describe the upcoming change as somehow overturning centuries of accepted practice, instead of addressing a terrible cock up introduced last autumn. Which is bollocks; MS screwed it up and is now trying to find a way forward that still results in updated being installed behind the user's back. If they actually addressed the core issue, that updates need a reboot, then none of this world be a problem.

When of when will they learn to listen again to their users instead of their marketing 'experts', advertising executives and UI theoreticians?

66
1

Skype-on-Linux graduates from Alpha to Beta status

bazza
Silver badge

Re: What is the benefit putting a cloud in the middle?

Microsoft's Skype team on Wednesday announced the confusingly-named Skype for Linux beta 5.0 here, and yes, “we have been focused on building a new experience that is in line with Skype’s ongoing transition from peer-to-peer to a modern cloud architecture”.

Yes, I scoffed at the above also. It was an almost political statement from MS, describing the cloud based architecture as 'Modern'. It's certainly modern, but that in no way means 'better', or 'more reliable', or 'more secure' or 'more private'. Rather the opposite.

In their defence there is some minor technical merit - for example you didn't want to end up as a super-node on the peer-to-peer network if you had a shortage of Internet bandwidth or cared about battery life.

To be honest though I think the original, Estonian design was a technical tour de force, and being able to sell it "twice" was commercial genius.

Having paid so much for it I think MS have to monetise it, which is why they're doing are making these changes. But I don't think it'll work. I use Skype, so do family members, but only briefly once a week to keep in touch. I don't know anyone who uses it in anything like a major way, not for business, not as a matter of course as a way to speak to speak to people. We all just use our mobiles and the vast number of free minutes that comes with the contract / PAYG. Apart from anything else that saves killing the battery life. Who, anywhere, regularly uses anything like Skype, Facetime, instead of making a phone call?

So Skype is never going to be a source of advertising revenue on the same scale as, for example, Google get from people using Google search or using an Android phone. It's always going to struggle to justify the high price MS paid for it.

5
0

Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

bazza
Silver badge

Re: "That these products broke is an indication of defects in their TLS implementations,"

Having slagged off Bluecoat, it would be a bit embarrassing for Google if it turns out that Google had got it wrong...

6
1

BlackBerry's comeback: El Reg gets its claws on the QWERTY KEYone

bazza
Silver badge

Re: New internet law needed...

@Eddy Ito,

Marvellous post. To add to it, it's also worth pointing out that Betamax remained a viable thing for those who wanted it long after VHS "won". They've only just stopped making the tapes.

The phone market is seems to be more about ensuring that there is no choice. What we need is open hardware standards, something that has given choice in the PC market. Android is just about viable as an open OS, despite Google's gouging of the market with their proprietary Play Services binary blob. If Google take Android proprietary (they're developing their own kernel it seems) then the phone market is doomed. Google, Apple, or go hang.

Google may be about to cock it up; they're already being probed in Europe for anticompetitive practices in their control of the Android market. They could cop a big fine from that and be forced to give Play Services away for free, without let or hindrance. But if they take Android proprietary and shut out everyone else, even the myopic competition authorities in the USA can't fail to spot the problem with that. Bell got broken up, IBM nearly so. It's getting closer to time to do this same with Google.

1
1
bazza
Silver badge

Re: New internet law needed...

And there's probably a saying about people who name laws of commentary after themselves...

The rule about technical mediocrity winning has severe consequences for tech companies. There's hints that 4k TV won't sell because most of the market place cannot see the point of it. 3D is dead (though it's doubtful it was 'better'). HD TV sells well because that's all there is these days, but most of what people watch is SD upscaled, or terribly over compressed streamed video from the Internet.

Decent HiFi sound systems are a thing of the past too really, just a few small manufacturers hanging on in there. Who needs HiFi when what is being listened to is compressed, and anyway isn't the kind of noise where the lack of clarity is apparent.

But there is still at least the choice out there for the those who want it.

Why the Phone Market is Different

What seems to be different about the phone market is that there is zero acceptance at all for the niche manufacturer who wants to serve that part of the market which does care about something being better. Everyone is so fixated on being the next Apple or Samsung. No one seems to chase the part of the market where there's people who'd pay extra for something better. So we've ended up with Apple and Samsung which between them produce so much "Meh", and everyone else who try and produce very similar things but succeed in produce slightly crummier handsets (hence the phrase landfill Android). The only reason we don't use the phrase landfill iPhone is because they cost so much and are too thin to brim the refuse dump, but really the quality has been poor for some time now.

At least BlackBerry are trying to be something better than just another Android manufacturer. They're lightning fast with Android updates, something that no other non-Google Android manufacturer bothers with. They're often beating Google too. They're prepared to stick in a large battery. They're prepared to add software that is truly useful on top - Hub is by far the best mail / everything aggregater out there. A keyboard that's also a track pad and finger print reader is a great idea; so much better than stabbing away at a touchscreen trying to position a cursor.

All these things add up to something better at its core, not just something that has an expensive case.

If BlackBerry fail there'd be no choice left. And if rumours of Google's intention to make Android proprietary come true there would then be no choice at all.

6
0
bazza
Silver badge

Anything particularly wrong in thinking that a large battery is notable feature? Over in Apple land there's people who really, really want a fatter phone with longer battery life.

There's a lot to like here I reckon - long battery life, Nougat (anyone else apart from Google got Nougat running?), regular OS updates (name any other Android manufacturer who does that, apart from Google, though even they don't always beat BlackBerry on that front), good camera, Blackberry Hub, sensible control over app permissions.

For me the only off-putting thing is that it has a physical keyboard - I've long since gotten used to BlackBerry's excellent touch screen keyboard.

2
0
bazza
Silver badge

Re: The last chance saloon

It's not been helped by the lack of imagination in the market place. There's a lot of things that they've done that are technically excellent. Trouble is all the market can see is that Samsung, Google and Apple must be the best, and doesn't care a jot for anything else that has got good ideas.

A good example of how the status quo is so entrenched is that no-one these days even stops to wonder why it is that Android app permissions are not changeable by the handset owner. Well, apparently on BlackBerry's take of Android you can change the permissions, yet no-one really cares.

Apple achieved a similar trick with battery life. Back before the iPhone battery lives of 7 days were completely normal. Apple comes along with a phone that won't last a day, and sells millions of them based purely on the shininess of the product. And now that everyone considers it perfectly normal to have to charge up during the day, or at least once a day, there's now no longer a market justification for manufacturing phones that last longer than that.

Unfortunately this means that we'll end up with the lowest common denominator; Android phones that go without updates (Samsung and everybody else), Google phones that are feature poor and hideously expensive (the new Google phone is hugely overpriced for what you actually get), and expensive iPhones that are now just so annoyingly nothing other than fragile design vanity projects for Apple instead of being stylish yet workman-like devices that Apple laptops used to be [Apple's laptops are now pretty useless too].

The same happened with Betamax and VHS; Betamax was better, VHS won.

So, dead from the neck down? Perhaps they are, for believing that adding technical superiority is worth the bother any more. It's a draw to perhaps 1% of the market at best; you know, the 1% that once upon a time used to be the only people who'd by anything other than a feature phone in the old days.

The same effect causes the market for decent food to be depressed. What was the name of that Stallone film where the only restaurant in the whole world was a Tacobell, them having won the global franchise wars? We're heading that way...

6
7

Alert! The dastardly Dutch are sailing a 90-ship fleet at Blighty

bazza
Silver badge

Re: Surrender!

Whoa, hang on a minute. Being Dutch means a diet of Edam, Heineken and processed meat. That's too high a price to pay.

Man the battlements! Warm up the cannon! Prepare the comfy chairs!

3
0

New UK laws address driverless cars insurance and liability

bazza
Silver badge

Re: Driverless Upgrades

No, because if every car is self driving, and the accident rate drops to an official "zero", there'd never be any need for insurance in the first place. It would be legal madness to compel people to insure themselves against a third party liability when the law says it's the manufacturer at fault.

The new law is a little bit worrying - it says that the liability rests with the driver if they're using the car in self driving mode "inappropriately". Now, what the hell is that supposed to mean? Either it's a self driving car that can do the whole job all the time, or it's simply a car with an advanced cruise control that actually has to be watched like a hawk in case it craps out on the driver, leaving them with precious little time to wake from their slumbers to take control and avoid the terrible outcome for which they will be blamed. Rubbish.

6
0

LOST IN SPAAAAAACE! SpaceX aborts Space Station podule berthing

bazza
Silver badge

Re: Lacking Details

Ah interesting! But that is a strange design I think. Clearly the spacecraft itself was capable of determining the relative position of the ISS, didn't like what it saw and bailed. If so, why does anything have to be uplinked from the ground?

Worse still would be if that value was due to a typo; allowing human error to play a part in a safety critical operation sounds back to front. Normally (airliners, self driving cars, trains, nuclear reactors, etc) the human is there to supervise the machine, not the other way round.

0
0
bazza
Silver badge

Lacking Details

It would be interesting to know exactly what went wrong. There's nothing in the NASA release. A 'wrong' value in the software doesn't really say much.

Given that such guidance systems are essentially dealing with nothing but a bunch of velocities, it suggests that the capsule was moving at the wrong speed, or (due to a faulty sensor) at least thought it was. Not good. At least their supervisor processing spotted the problem and did the right thing.

It would be very interesting to know the flight history of their software. Was this version 'tried and tested' (they've sent Dragons to the ISS before), or has someone modified it recently?

Good luck on Thursday.

5
0

Beeps, roots and leaves: Car-controlling Android apps create theft risk

bazza
Silver badge

2001 Obligated Sketch

"Open the pod bay doors, Hal"

"Why certainly Dave, straight away, even though you sound only a little bit like Dave"

21
0

In colossal shock, Uber alleged to be wretched hive of sexism, craven managerial ass-covering

bazza
Silver badge

Re: Careful there...

The reason Uber can charge you €5 rather than €20 for the journey is because the ride is subsidised by all the VC money flowing into the company.

Exploiting their drivers with illegal (at least that's what it's looking like in the UK) working practices, and taking short cuts when it comes to complying with local laws and regulations is also something to do with it.

If Uber lose their appeal against the verdict of their last court appearance in the UK, the whole edifice will crumble. And it will make force much needed changes on to the gig economy. In short, either Uber will have to let the drivers set the price, or take the drivers on as staff and pay them a wage. Prices will have to rise, and then they'd be no better than ordinary minicabs.

25
0

Jun-OH-NO! NASA's Jupiter probe in busted helium-valve drama

bazza
Silver badge

Re: Well, crap....

Maybe, it sounds like it's the rate at which they get to do interesting science is reduced (once every 56 days), rather than a complete cessation. That's not so bad really, considering.

I agree, they most certainly have been very successful indeed. I think that the entire run of missions going back to the 1960s, 70s, including the European, Japanese, Russian and others, has overall been a stunning display of just what engineers and scientists can pull off when given the chance. The value for money, even including the failures and difficulties, has been very good indeed.

16
0

Zuckerberg thinks he's cyber-Jesus – and publishes a 6,000-word world-saving manifesto

bazza
Silver badge

Re: So the solution

It's like he's invented a bio-weapon and has lost control of it and now it's been used by some foreign power to cause immense damage at home and everyone he meets is saying "How could you be so ****ing stupid?" and is now trying to figure out how it can "do good".

Fixed it for you!

3
4
bazza
Silver badge

Re: We salute you!

In that sense the timing has worked out well. Said staffer can do just that, in their own time over the weekend...

(one imagines that The Register's editor is of the old school, cigar never more than 12 inches from mouth, brusk with absolutely everyone, master of all they survey, generous as a clam and just can't wait to shout "Stop press". Which never happens because there aren't any, and instead organises stressful stories like this just before the weekend to save on staff sick time...).

7
1

Talk of tech innovation is bullsh*t. Shut up and get the work done – says Linus Torvalds

bazza
Silver badge

Re: Linux Lord - A modular poem.

Has he spied the Weetabix yet?

1
0

ASLR-security-busting JavaScript hack demo'd by university boffins

bazza
Silver badge

Re: Java*.*

"Not true. Not everyone has broadband. Plenty are stuck on dialup, satellite, or low-end wireless."

Well I wish someone would tell the world's website developers that.

"Plus what's stopping X servers from being attacked"

It's easier to secure a protocol (which is all that X has) than to guard against malicious code run by a browser that will happily run arbitrary code (javascript). Besides, I was advocating a modernised take on X with at least some security built in (unlike the original X).

"not to mention servers full of juicy information"

They do anyway regardless. But an X server isn't in the same category as a server that stores information (such as a website), and is anyway running at the client end, not the server end.

"Frankly, I'd say the horse of privacy has bolted and will never return. Even if consumers abandon the Internet en masse, high speed private and government network will continue."

This isn't about privacy.

6
1
bazza
Silver badge

Re: Java*.*

"Then the black hats will simply proceed to crack your instance of the server side application."

Er, the point is that a client user wouldn't have an instance of the app at all on their own hardware. The app would remain on the server.

It's far easier to secure a fully defined remote display protocol than to guard against arbitrary code that may or may not be malicous. If all that's flowing between server and client is information to be displayed and mouse click events then the attack surface is significantly smaller. There would be no arbitrary code running on either server or client.

The problem for a web browser running arbitrary javascript is that the browser developer has no control over what code actually gets run in the browser. This is a much bigger attack surface, as we are witnessing right now.

"Also you need bigger servers. Client-side computing distributes some of the load."

That kinda depends on what's being served up. If a website has some enourmous database and most of its workload is running and querying that (e.g. Google's search), then hosting the application too is small beer in comparison. If someone visits something like Google Docs, a vast pile of Javascript code is piped from the server to the browser over an encrypted connection. But if that someone then clicks out of Google Doc without doing much then the amount of javascript served by the server out outweighs the amount of data that it would have taken to convey the display instead. Similarly for Google Maps, etc. As for content websites, like YouTube, they're serving up streams of video data which would be the same amount of server-side work regardless, or adverts (in which case it's someone else's problem).

Client side computing does distribute the load, but for the client, who generally has a battery powered mobile these days, that's a bad thing. Hence functionality-deficient mobile websites. Hence native apps. Hence separate iOS and Android native apps, and the two teams needed to develop and maintain both.

It would be far easier if you only had to develop the app once and have it displayed to a remote client through a standard protocol.

4
2
bazza
Silver badge

Re: Java*.*

That is certainly becoming increasingly necessary.

Articles like this show why the browser "promise" that it is safe to download and run arbitrary executable Javascript code and to do so by simply viewing a website is actually more of a "myth". Arguably it's far more dangerous than a Java plug in, because it's baked in to the browser. Noscript and things like it are themselves a poor substitute for removing Javascript altogether.

If the edifice of browser security really does crumble completely because of things like this, it is going to be an almighty mess to sort out. Almost the whole of the Internet assumes that Javascript is available. If that is shown to be hideously dangerous it would be impossible to rectify quickly without breaking almost everything. For example, all of Google's services would stop working if you removed Javascript.

Massive Strategic Cock-up

When the world decided that it was just fine to go down the route of client side execution, it rashly assumed that this could be made secure. Well, it cannot.

The proper answer is server side execution, with standardised remote display protocols being the only thing that the browser has. Things like X come to mind.

The need for client side execution has come to an end given that we all have broadband Internet.

It's far easier to prevent arbitrary code execution on a client if the only attack vector is a dumb remote display protocol instead of a full execution environment like Javascript. Protocols can be checked and asserted, but who can tell if a piece of Javascript is malicious or not?

Honestly now, what's wrong with the idea of having a HTML frame in which one has an X window (well, a thoroughly modernised equivalent) dishing up an application display from the server, instead of having that application running as Javascript in the browser? Sure, it means the server might have to do a bit more work, but that's becoming less and less of a problem. Javascript code on some websites is getting huge nowadays, surely it'd be quicker to run the application server side and push the display out to the client?

You'd also not be giving away one's application source code to each and every client.

11
2

Bruce Schneier: The US government is coming for YOUR code, techies

bazza
Silver badge

Re: but, but

Great, now our code will be overseen by people that can't code?

One of the problems is that our code is written by people/teams who can't or won't code properly either.

If a team set out to do something "properly" they'd be expensive and slow, and they'd never sell anything.

4
0
bazza
Silver badge

Re: World -> Pot

Like

6
0
bazza
Silver badge

Re: The choice

"The choice is between smart and stupid government involvement..."

Well, anytime the government is involved we know which way that goes.

That's not completely fair. The State of California has been very good in its involvement with self driving car experimenters like Google. They've been allowed to drive their cars on the roads, but the State gets the performance data and, crucially, publishes it.

The State's message is clear; they're not going to let Google or anyone else foist half finished unproven and potentially dangerous self driving cars onto the general public. And that's is exactly how it should be.

The problem I think is that regulation of things like IoT devices is that effective regulations would amount to a ban. An effective regulation would be something like "it must be hack proof".

But we just don't have the infrastructure or technology to make small embedded Internet connected devices that get updated, implement best security practices, etc. We can't even make a PC or Mac style computer that, when put into a home, won't become littered with malware within moment of someone browsing some dodgy website. What hope is there for some IoT device that's got to cost less than $50?

Elections

Any sane politicians know that when something predictable and bad goes wrong, they get it in the neck for not having intervened beforehand. And because they're elected, generally they lose their jobs as a result. So they regulate, and transgressers pay a fine or go to jail. It's a healthy set up. So if Internet connected air-conditioning systems start being seen as a threat to the electricity grid, they'll likely act before some script kiddie comes along and trashes the grid by getting every air conditioner to switch off at the same moment.

What makes the current situation appalling is that "dangerous" things now includes automated trend-sensitive "news" selection algorithms on Facebook, Google, etc. These permitted fake news to play a significant role in the US election. The dangerous part is that the current crop of elected politicians owe their employment to the result of that election. So they don't see a problem with the situation, and aren't necessarily strongly motivated to do anything about it. Especially as it would mean imposing editorial controls on social media, the operators of which are amongst the most active lobbyists.

That's a huge threat to democracy in general, and makes it more likely that one ends up with a week government that is more favoured by someone like Putin.

National Firewall

One aspect I'm not sure Bruce Schneier covered is just what a government can do about dodgy software, IoT devices, etc.

Suppose some software or IoT device was identified as being a major problem, and had to be stopped, disabled, etc. How effective would a product recall be? Not very - people are very lazy when a device's bad behavior doesn't actually impact themselves. Suppose that some foreign-hosted Web service was spouting fake news and wasn't conforming to appropriate editorial rules during an election?

What would be required is something like a government off switch, or the ability for the misbehaving device's or website's network traffic to be blocked.

The latter sounds like it would need something not unlike the Great Firewall of China. I think that that's what we're going to see being discussed in the coming years. It's going to be a heated debate.

But we may have to accept that if we want government to actually be able to intervene quickly and effectively when some Internet thing or some foreign website is misbehaving, it's going to need something with teeth, not just the power to issue a recall notice or a cease-and-desist letter (which won't work abroad anyway).

3
0
bazza
Silver badge

Re: Well, maybe we should not put software in everything

@Tornado42,

Car systems already use "data diodes" to separate critical systems from non-critical stuff like the radio, etc. They're generally not optical as one normally perceives a data diode, but they aim to accomplish the same end result.

Mistakes in implementing this separation is what cost Fiat-Chrysler a $500million fine.

3
0

Munich may dump Linux for Windows

bazza
Silver badge

Re: Replacing Linux with Windows, based on *cost*?

Indeed. I can't think of a decent one for Windows either, since Office 2016 borked Outlook.

I am still using 2010...

2
0
bazza
Silver badge

Re: Replacing Linux with Windows, based on *cost*?

Don't forget that 'cost' includes training. That may be the part of the equation that they're worrying about.

Also I suspect that Linux is falling behind in some respects. I cannot honestly think of a decent mail client for Linux these days; there's almost no momentum behind Thunderbird and Evolution.

23
23

Chap scripts remote Linux takeover for sysadmins

bazza
Silver badge

Re: good stuff

Just wanted to check - do you mean that it's decent style is unusual, or that it's purpose is unusual, or both?!

2
0

Oracle refuses to let Java copyright battle die – another appeal filed in war against Google

bazza
Silver badge

@AC,

"This is not a fairness issues"

I was actually making a mild observation that Oracle were seeking to get a different set of evidence heard, rather than simply making a dumb appeal with nothing more to bring to the bench, and thus not quite fitting in Einstein's observation of which FrankAlphaXII so pleasantly reminded us. But you seem to have taken it rather to heart. Bad luck.

"Oracle has lost case after case after case on this."

Actually, on cases that have reached a final settlement Oracle (of which I'm no especial fan) have done quite well. Google have been found to have breached Oracle's copyright, and that's settled. AFAIK that's about the only part of this whole sorry saga that has actually been finally, conclusively decided.

"They keep adjusting and changing the premise, just hoping that some of their crap sticks to the wall."

Well? They're allowed to do that you know. If you don't like the way the legal system in the USA works I suggest you take that up with your local congressmen (assuming you're resident in the USA).

"Google developed Android and based their API on Java well within the legal and moral framework of the time."

We don't know that yet. The court cases have not been fully exhausted yet. As for "moral", if you think a legal judgement is somehow not moral then I suggest you take that up with local congressmen to see if they can have the law brought more into line with your own view.

"The owners of Java had also open sourced it"

So?

"there was a clean room environment of it and the owner endorsed and supported it, and still does!"

OpenJDK was endorsed, not Dalvik. Dalvik in not Java byte code compatible goes AFAIK against the terms under which Java is licensed. Breaking "Java" is something that has previously cost companies money, e.g. Microsoft.

"Replicating someones API has always been seen as okay in computer programming and is done by many major and small companies. "

Not okay anymore in the USA. Google lost that one. It's OK in the EU. Dunno about the Far East - Japan has some pretty restrictive copyright laws.

"As has already been stated this is a complete myth often peddled to try to get a corporation a reason for doing some wrongdoing (sorry we didn't pay our taxes, it was our legal duty)."

I've never once heard of a shareholder who doesn't want their company to exploit every opportunity to pay minimum tax whilst sticking to the letter of the law or make a large profit by any reasonable means. Lawyers-at-dawn is easy-peasy for a large company like Oracle.

"Just look around, plenty of corporations pay full taxes and don't use tax havens so why aren't they being sued by shareholders or being hauled into jail."

I look around and I see a lot of companies who aren't massive multinationals and therefore cannot exploit all the tricks availabel to Google, Apple, etc. If such shennanigans were an option for every Mom'n'Pop outfit, their accountant would be advising them to make use of them.

" Well, you should be. If you are in IT then increasing the avenues for lawsuits in the software environment can only ever be a bad thing."

I know very well that a weakening of the copyright laws is going to be a very bad thing for everyone. If one's copyrighted material can be abused because someone else has deemed it "fair use" that sounds bad for, well, the smaller outfits I guess. We don't all have the legal resources to take on a behemouth like Google.

"You may not like Google but jump in to bed with Oracle and you haven't solved anything!"

I never said anything about favouring Oracle, that's something you've dreamt up all on your own.

2
6
bazza
Silver badge

@oldcoder,

"I don't think the GPL code is at risk - it has already gone through courts."

It has, kinda, here and there. Where it has touched the courts it has been treated as a copyright issue.

Google's so-far-winning argument is something like that it is OK to break someone's copyright; they've already been found to have breached Oracle's copyright (an odd decision, but it's beyond all argument now in the USA), and they're claiming fair use.

If that sticks, it chips away at the enforceability of the GPL. GPL basically says "do what you like, but publish the source code, and no mixing with other licenses". There's a risk that some lawyer in the future might contest that such generosity cannot fairly be paired with such restrictions.

1
8
bazza
Silver badge

Re: @bazza - "fiduciary obligation"

@AC,

"Put simplistically, the directors (and by extension, the company) are required to serve in the "best interests" of the company and again, by extension, the shareholders. The shareholders may deem that their best interests are served by the company maximising its profits but that's down to them and to vote and take action if they feel their interests are not being served. Furthermore, how do you define "maximise profit" - one shareholder may be looking to maximise profit over a single year, another shareholder may be looking for maximum profit over a much longer term (and which could involve losses in any one year)."

I think it's easier to couch it in terms of the opposite; not going after a potentially lucrative and attainable opportunity might lead the shareholders to conclude that the company / board isn't trying hard enough. Sure, there's differences over what period a company might seek to make profit, but turning down the opportunity altogether wouldn't look good in the eye of all the shareholders.

Given the size of the Android "market", and the effort for Oracle being nothing more than paying a bunch of lawyers (3rd least respected profession?!), it's not entirely inexplicable why Oracle are doing this. If they eventually win (either quickly or slowly) and Google have to cough up a few $billion, well done Larry, have another yacht. Oracle's shareholders would probably be quite pleased (though less so if they also hold Google shares, a not unlikely scenario).

2
2
bazza
Silver badge

Einstein did indeed say something like that, but I don't think he had court cases in mind. And to be fair to Oracle (let's suspend opinion for one moment) they're saying that the appeal is not a straight re-run.

Oracle are not being insane, like any other company they have a fiduciary obligation to maximise profit by any realistic means possible. They own Java, and monetising Java is potentially a very lucrative way of cashing in on the success of Android. If they're not seen to be pursuing every opportunity properly their own employment is under threat from aggrieved and out of pocket shareholders.

I am somewhat concerned about the outcome. If Google ultimately win with their "fair-use" argument (they have already conceded in court that they have broken Oracles copyright) then what other copyrights are vulnerable to the same treatment?

All of GPL licensed source code comes to mind.

Personally speaking I'm not to fussed if Oracle beats Google. I'm no fan of Oracle, but Google is a company that is increasingly unpleasant. They’re making a ton of cash parasiticly, they have a virtual monopoly which they're not shy of exploiting, their services are actually pretty rubbish these days (e.g. search returns adverts, not results, route editing in maps is broken), they're pushing inefficient technologies on to everyone (Web browsers should be about content display, not a VM), they waste their shareholders' money on dubious glory projects (self drive car that isn't and won't ever be) and on fines related to their business practices in Europe.

And in pursuit of cash they naively participated in the most damaging disinformation campaign ever mounted against a country's electoral process (so did Facebook, probably Twitter). What on earth did they think they were doing when they turned on their automatic "News" algorithms?

11
22

Chrome 56 quietly added Bluetooth snitch API

bazza
Silver badge

Er, Hang On...

Isn't this kind of thing just adding stuff to Javascript that makes it less "safe"?

After all we don't like Java plug-ins because they allow websites to do things like this.

4
0
bazza
Silver badge

Re: aaaaaaaaaaaannnnnnnnnnnnndddddddddddddd that's why....

I remember reading somewhere that Firefox logs the WiFi networks that it can see and sends that all off to Mozilla...

4
0

Forums

Biting the hand that feeds IT © 1998–2018