* Posts by bazza

2088 posts • joined 23 Apr 2008

Can't login to Skype? You're not alone. Chat app's been a bit crap for five days now

bazza
Silver badge

Re: Any good replacement that would be simple for elder users to install?

Try BBM. Works on iOS, Android (including new BlackBerries), BB10 (old BlackBerries). My family is using it, crumbly parents included. The video / sound quality is pretty good, and so far zero problems with availability. It does some things really well.

1
1

Trump White House mulls nationalizing 5G... an idea going down like 'a balloon made out of a Ford Pinto'

bazza
Silver badge

Re: JohnFen What race?

With the rush to 4G, 3G is in danger of being forgotten, which is kind of a missed opportunity. There's 3G spectrum out there, and a growing stockpile of spare kit; it may as well be used properly.

I know that 3G networks are nasty to set up well (ask any network engineer about cell breathing). But a well set up network is still a very good thing. Anyone with experience of Japan's NTT Docomo's 3G network whilst on a Shinkansen train doing 190mph in a tunnel and still getting 20Mbit/s will testify to the potential 3G had / has.

It's very easy for us Europeans to tease the US about the poor state of some of its infrastructure (power, wireless networks, etc). However I don't think many Europeans really realise just how vast and empty large chunks of the US really are. It's vast.

It's a major engineering challenge to provide things like power and comms to places which are very nearly empty. Same goes for Canada, Australia, Russia, China, Africa, etc.

5
2
bazza
Silver badge

Re: What race?

Indeed, who? And if it comes to "racing" against other countries, the US is nowhere near the front. AFAIK the Japanese, South Koreans, and large chunks of Europe had 4G long before the US...

Japan and South Korea seem to deploy networks so quickly that the ink has barely had time to dry on the standards documents before they have national coverage and an array of competing providers. I know they have smaller geographic areas to cover, but even so.

There's a kind of nationalisation here in the UK; network operators are under some pressure these days to share base station sites. That's not so very far removed from turning all the operators into virtual networks on a single physical network...

Some kind of sense? Perhaps. I suspect that a radio network works and scales far better when it's the only network, instead of having to compete for spectrum, cell tower sites, back haul network capacity, etc.

10
1

I want life to be boring, says Linus Torvalds as Linux 4.15 debuts

bazza
Silver badge

Re: Retpoline

Apparently they got the idea from John Lewis.

0
1

FYI: Processor bugs are everywhere – just ask Intel and AMD

bazza
Silver badge

Er, there's OpenPOWER from IBM (current and open source) and Sun used to give away SPARC designs for free (I think Oracle still do).

OpenPOWER is particularly attractive, there's a bunch called Raptor Engineering doing a completely open source machine (chips, board schematic, firmware and Linux) based on it. There's lots of reasons to buy one of those!

29
3

Death notice: Moore’s Law. 19 April 1965 – 2 January 2018

bazza
Silver badge

Re: Absolute tosh!

@Charles,

IOW, caching is basically a case of "Ye cannae fight physics," hitting a hard limit with the Speed of Electricity.

I think we can do a little better than the DRAM that's currently used. HP's memristor is (apparently) faster than DRAM. As well as being non-volatile and with no wear life problems and huge capacities. So a SIMM based on that would be quicker. But still not quick enough to eliminate the need for a cache.

As things are today it's kinda nuts; the signalling rate down those PCB traces is so fast that they're RF transmission lines, and there's more than 1 bit on the trace at any one time! It was the Cell processor in the PS3 that first used that style of RAM connection. Sigh - I miss the Cell; 100GByte/sec main memory interface. It was one helluva chip.

Unless, of course, latency comes into play. Why do you think network computing has such limited use outside the controlled environment of LANs? Because the Internet is itself an untrusted, unreliable environment. You're simply trading one set of disadvantages for another.

Not really. We already have an elaborate certification system to establish that the website I'm getting data from is in fact the website it says it is. All I'm talking about is changing the data that's recevied. At present it's a blend of html, javascript, css, etc. That's not a problem if it comes from a website we trust, but the javascript is potentially disasterous if it comes from a malicious website. However, if what my "browser" received were simply a remote display protocol then I don't care what the website is showing me, it cannot (assuming the protocol implementation is good) run arbitrary code on my machine. There would be no such thing as a malicious site, because there would be no mechanism by which any site could launch arbitrary code on a client's machine.

I suppose I have to trust the site to run the code they've said they will. But I do that anyway today; for example I trust Google to send me the correct Javascript for what is to be done.

As for reliability - services like Google Docs are all about the Internet and Google's computers being reliable (or at least they're supposed to be).

And for many, the reason the code MUST run client-side is because you need the speed you cannot get other than from a locally-run machine. Ask any gamer.

That's true enough; a game that runs in a browser is better off running client side instead of server side. I suppose I'd counter that line of argument by asking what's wrong with a proper piece of installable software instead (I know, I know; web, write once run anywhere, etc etc).

But for the majority of what most of us do with the web I dare say that we'd not notice the difference. Furthermore the monstrous size of the pages some websites dish up these days is ridiculous (www.telegraph.co.uk is appallingly bloaty). We really would be better off getting a remote display data stream instead; it'd be less data to download.

As far as I can tell there is no real disadvantage for the client in having server side execution viewed with some sort of remote display protocol (unless it's a game), and only positive benefits. The server's worse off though; instead of just dishing out a megabyte or so of html/javascript/css/images, it'd have to actually run the darn stuff itself. That would take considerably more electrical power than the likes of Google, Amazon, consume today. The economic model of a lot of today's "free" services would be ruined.

I think that it's unfortunate that the companies that would lose a lot by such a massive change (Google, Facebook, etc) are also those with a lot of influence over the web technologies themselves (especially Chrome from Google). Instead of getting web technologies that are better for clients, they're in a position to ensure that we keep using technologies that are better for themselves. That's not so good in my view.

Interestingly I've been taking a close look at PCoIP a lot recently. One of the directions Teradici seem to be headed is that you use that protocol to view a desktop hosted on AWS. That's not so far away from the model I've outlined above...

5
2
bazza
Silver badge

Re: Absolute tosh!

This is sheer prophecy - i.e. total BS

It's a bit like when scientists claim that we currently know everything worth knowing except maybe some constants to an even higher number of decimal places. It's happened many times through history and these prophecies have always been wrong.

Who knows knows what innovations will come? Nobody does.

So long as DRAM is slower than CPU cores, we'll need caches and speculative execution to keep things as fast as they currently are. Given that DRAM latency is effectively governed by the speed of a signal along the PCB trace between the CPU and the SIMM, I'd say we're pretty much stuffed.

Stop Executing Arbitrary Code

One aspect overlooked in a lot of the discussion is that this is only, and really only, a problem if you are executing code on your machine that you don't trust. If you trust all the software that's running, then you have no need to patch or redesign to avoid Meltdown and Spectre.

The real problem behind this is that these days pretty much everything we have in modern software involves running code we don't trust. This might be Javascript in a browser tab, or hosting VMs on a public cloud. It would be utterly crazy if we reversed a whole 22 years of CPU design progress simply because our modern approach to running software is, well, ludicrously risky.

I say a better approach would be to retreat from arbitrary code execution, and start thinking about how we might have remote presentation protocols instead. There's no particular need to run the code client side, just so long as the code output is visible client side. So far so very X-server. However, we should recognise that it's impossible to exploit an properly implemented execution-less protocol; perhaps we should consider it as a way forward.

7
2
bazza
Silver badge

Re: Speculative execution

We're headed back towards the Transputer in more ways than you'd imagine.

Firstly, today's SMP execution environment provided by Intel and AMD is implemented on an architecture that is becoming more and mode NUMA (especially AMD; Intel have QPI between chips, not between cores). The SMP part is faked on top of an underlying serial interconnect (Hypertransport for AMD, QPI for Intel).

So, the underlying architecture is becoming more and more like a network of Transputers, with the faked SMP layer existing only to be compatible with the vast amount of code we have (OSes and applications) that expects it.

And then languages like Rust and Go are implementing Communicating Sequential Processes as a native part of the language; just like Occam on Transputers. Running CSP style software on a SMP environment which is itself implemented on top of NUMA (which is where CSP shines) simply introduces a lot of unnecessary layers between application code and microelectronics.

Sigh. Stick around in this business long enough and you can say you've seen it all come and go once before. Possibly more.

Having said all that, I'm not so sure that a pure NUMA architecture would actually solve the problem. The problem is speculative execution (Spectre) and Intel's failure to enforce memory access controls in speculatively executed branches (Meltdown), not whether or not the microelectronic architecture of the machine is SMP, nearly SMP, or pure NUMA. A NUMA architecture would limit the reach of an attack based on Spectre, but it would not eliminate it altogether.

7
1

It's 2018 and… wow, you're still using Firefox? All right then, patch these horrid bugs

bazza
Silver badge

Re: Where's the Rust?

It'll be interesting to see where they go with Rust. From what I've heard the parts that have been Rusted-up are remarkably good, so perhaps they are strongly motivated to get on with rewriting the remainder.

From what I've seen Rust is rapidly becoming the language to use. High level enough to make life easy (though the learning curve is a bit steep), fast, and some really nice tricks, yet low level enough to be a systems language.

The warning signs for everyone are in the Redox OS project; they've done an awful lot of code in a pretty short time. From ground up to an OS that boots and runs a GUI in the time they've taken is pretty impressive. It would interesting to compare their progress to Google's Fuchsia (AFAIK written in C/C++)

6
2

'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

bazza
Silver badge

There do seems to be some signs of desparation eminating from Intel at the moment. This kind of fault is a real, real danger to the commercial health of a company such as Intel. They're going to need a new or modified core design pretty damn soon.

Intel are fortunate that AMD's chips aren't completely SPECTRE proof, which is muddying the waters somewhat. Can you imagine what would be happening if AMD's chips weren't affected at all? Intel would be struggling to sell a single chip at the moment.

50
1
bazza
Silver badge

Re: Why are the patches so late?

Writing microcode isn't the easiest of jobs I imagine... I can see that under normal circumstances it might take quite a long time to develop.

Also the kernel changes are pretty significant. AFAIK the Linux kernel patches were already in the can, but only because someone else had thought such an architectural change might be a good idea.

13
1

Linux's Grsecurity dev team takes blog 'libel' fight to higher court

bazza
Silver badge

Re: GRSec.

It can only be a matter of contract law if it's actually in a contract. However if GR security spot you leaking their code, exercising one's GPL2 rights, all they need to do is refuse future purchase orders from you. There doesn't actually need to be anything written down anywhere at all in any contract whatsoever, and they don't need to have told you in advance. I'm guessing that's how they've done it, and they've just relied on word getting around the industry. Law cannot ordinarily make you sell something you don't want to sell.

Sneaky? Certainly. Illegal? Probably not.

If they have written it into their contract, that would be very bold indeed, and certainly much more challengeable, but certainly still not a slam-dunk gonna lose in court document. I think that we should presume that it doesn't exist and that GR has actually got a position far stronger than most people think.

I come back to my point about disturbing a hornet's nest. If this does ever come to court, and GR win (which I think they will), then where does that leave everyone else? What's worse, a GPL2 license of doubtful but untested strength, or a GPL2 license that is confirmed broken by a court case. If GR win then anyone else can take GPL2 licensed code (not just the Linux kernel), sell it with unwritten constraints, and there'd be nothing that anyone can do about it from that point onwards. How about if, purely hypothetically, RedHat decided to follow suit? Not that I can ever see RedHat doing such a thing of course.

The ultimate solution to all this is to relicense Linux to satisfactorily reflect what the kernel community generally actually wants in this modern era. That is going to be difficult; some of the contributors are dead, and their code would have be expunged / re-written. The longer this is left, the worse this problem with GPL2 not really being fit for purpose will get.

0
1
bazza
Silver badge

Re: GRSec.

At one point Spengler's work was marvellous and free and actually had a rational point.

I would not be entirely surprised if opinions differed. I'm not saying that the mainstream kernel community's approach to the immense CVE list is invalid; it's perfectly acceptable in a normal, open society. But it's not one that everyone wants. And opinion shouldn't be allowed to stop someone else doing something about it, even if most people think that what they've done is crazy.

Perens's opinion is one I happen to share. And have shared. (Historically) I was the initial SA deploying linux at an enterprise and there was some push at *that* time to pull in GRSec patches, however the conflict between the GRSec agreement and the RH agreement at the *legal* level at the time was already a substantial issue. It was made worse by the "pay only" model that Spengler took on...

What I do find objectionable about this whole situation is the use of public opinion to sway public perceptions of what the license actually says. Contrary to what most people think, there is no obligation under GPL2 to do anything more than sending source on a CD-R in the post, on request. Even punched paper tape is, technically speaking, acceptable. There is no obligation to do even that after three years. There is no obligation to distribute the source to the entire population of the planet, only to people you have given a binary to. There is no obligation to send the source code again simply because some of it has changed. Clause 6 mentions "The Program"; not any other program, or future versions of it, and applies only if you actually choose to distribute it to some one. There is no obligation to onward distribute source code you have acquired, unless you distribute a binary built from it (just as well, otherwise we'd all be in trouble).

We Don't Want to be in a World Where License Terms Can be Changed Retrospectively

The role of public opinion in this is important. Most people are of the firm opinion that open source always means "I can download it from some server whenever I like". Some licenses are like that. GPL2 really is not.

However, if a court eventually caves in to the weight public opinion stoked up by people like Perens and forces a re-interpretation of the GPL2 to include terms like making it available on a web server to all and sundry, then a very important thing will have happened:

The source code would have been forcibly released under a different license terms by a court not acting at the request of or with the consent of the author(s).

That would be an atrocious precedent to set. It seriously threatens the certainty of all software licenses. It would mean that all GPL2 code everywhere was now fair game. And if GPL2, why not some more proprietary licenses?

That would cost us all dearly, in the end.

There's enough of a problem brewing with Google resorting to claiming "Fair Use" in its dispute with Oracle over Java. If Google ultimately win that one (it's still rumbling along), and Peren's firm opinion gets adopted as a precedent by some court somewhere, then as far as I can tell all bets are off, source code (either proprietary or free) can no longer be adequately defended by copyright law.

And it's copyright law that licenses such as GPL2, GPL3, etc utterly rely on.

So I'm annoyed with Perens for stirring up the pot. Is the Linux source code licensing situation ideal for what most contributors want? No, frankly it's crap. But it's nearly 30 years too, too late to correct that. Are the actions of GR legal? Probably yes. Are they in any way significant to what the rest of the Linux world does? Completely not. Could this all turn into a clusterfsck for the rest of us? Quite easily. Why risk that? Leave sleeping hornets nests alone I say.

Inevitable

Situations such as this were always kind of inevitable with the GPLs. Their copyleft nature is their very own weakness; any flaw in their terms is unrecoverable. Fixing the perceived flaws by stretching the copyright laws that the licenses rely on is going to weaken the licenses in other ways.

Personally speaking I think that GPL has not been of significant benefit to Linux or other projects when compared to, say, the BSD license. FreeBSD is even more freely licensed than GPL2, and that's not done FreeBSD any harm at all (in terms of community activity, code quality, etc).

GPL2 has also been a significant barrier to getting useful freely available code into Linux (ZFS, DTRACE, device drivers, etc). Getting stoked up by people like Perens about GPL2 adherence simply raises the barriers to becoming more accepting of other licenses, which brings its own problems.

To get around some of these legal barriers and issues we see projects like Google's Project Treble emerging. That stands a very good chance of fixing device driver issues on Android (and thence everywhere else), but it will then be significantly different to the mainstream. Fragmentation is a bad thing; it dilutes effort.

3
8
bazza
Silver badge

Grsecurity claim this means they're abiding by GPLv2, Perens says it breaks GPLv2. I suspect Perens is right, but the IP lawyers will have a bun fight over it in court.

I'm not so sure. There is no mention anywhere whatsoever in GPL2 about future releases. You don't even have to distribute the source of the binaries you have distributed after 3 years, and you certainly don't have to put it on the Internet open to all.

0
5
bazza
Silver badge

Re: Way to damage your own credibility

Whatever happened to freedom of speech?

Nothing. What the US constitution does not guarantee is a lack of consequences arising from what one has said.

A factor that is also often overlooked by the commentariat is that Perens is not just some random commentard. He's been an expert witness in court cases involving open source license disputes. So it is reasonable to consider his opinion to be rather more weighty, regardless of whether it's right or wrong. That might cost him dearly.

0
4
bazza
Silver badge

Re: Way to damage your own credibility

What happened was that loads of people didn't send them any money and / or ripped off theirs trademarks and company name. This behavior included quite large outfits such as (reportedly) Intel.

So it's not surprising that they got fed up that.

0
5

Meltdown/Spectre week three: World still knee-deep in something nasty

bazza
Silver badge

But we've also heard an industry-wide silence about CPU-makers’ roadmaps for a Meltdown-and-Spectre-free future. Rumours are rife that a generation of products will have to be redesigned, at unknowable expense and after un-guessable amounts of time.

It varies. Right now I'm not sure that Intel has anything in its product portfolios that you'd actually want to buy. AMD, Oracle SPARC and IBM Power are less affected but they still have to sort out Spectre.

So far as I can see the only sure way out of this is to not use speculative execution. Welcome back to the Dark Ages of CPU architectures. Things will get very slow...

Whilst there's a single cache, memory system and speculative execution there is no true fix for this. One could lock the cache whilst a branch is executing, but then you would have to wonder about thread preemption. It's a real mess.

6
2

Who's using 2FA? Sweet FA. Less than 10% of Gmail users enable two-factor authentication

bazza
Silver badge

Re: Well, of course

If you've called some who has an Android mobile and your name in their contacts list, Google has your mobile number. As does Facebook, and everyone else they've let into their contacts list no matter what phone they're using.

1
1
bazza
Silver badge

Re: Gunkmail

Whilst most people don't care about what's in their Gmail or about someone else hacking in, Google care a lot. A plundered Gmail account and it's contact list is the food of spammers everywhere. If this happens too much then Gmail is discredited and Google's reputation as a repository of your most important information sinks a little more. Google's profit relies in part on Gmail being secure.

As it is it is woefully underperforming. Google want people to seriously use it, to trust it entirely, because the value of the analytics they derive from it goes up as a result. With only 10% of people turning on 2FA that kinda means most people have zero intention of letting Google into their more official, financial, important lives. That questions the value of advertising with Google.

For example I don't know anyone who uses Google Pay or Apple Pay. Using a credit card for touch transactions is simple and way easier for the kind of shopping people do.

8
1
bazza
Silver badge

Re: Of course they don't use it

Companies the size of Google, apple and Microsoft have to abide by their privacy policies, the might of EU and US government would crucify them in public if they were not following them.

Sure, but whilst their privacy policies say they won't share your number with anyone else, it's what they do with it themselves.

For example all Android devices report the caller ID of phone calls back to Google, who then look it up in the owner's contacts list and build up a handy network of who calls them and who they call. So even if you've not explicitly given them your phone number and your contacts, they'll have it simply because of the likelihood of your having called someone with an Android device who has given them that.

Meanwhile you've no relationship with Google, and they're free to do whatever they like with your number.

In some countries this storing of records without permission to hold them is illegal, but they do it anyway. It's simply too complicated for politicians and regulators to keep up with. Doing little more than targeting ads supposedly more accurately is a way of monetising this without it being too obvious.

15
3

Oracle says SPARCv9 has Spectre CPU bug, patches coming soon

bazza
Silver badge

Re: Solaris

It certainly has a long track record and it's always been pretty good. I've watched with amusement as Linux has gradually reinvented things that Solaris has had for a long time.

I miss trade good old days when to do any serious work you needed a decent SPARC workstation with one of their high end monitors. PCs ended up out developing them alas.

Nowadays I worry that the same fate will befall PCs; no one is buying them, it's all smartphones and tablets. Well, not enough people are buying them. But the world needs people to have access to cheap desktop computers; whatever else is the engineering / content creation going to be done on? That market cannot be allowed to collapse.

12
3

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

bazza
Silver badge

Re: Confirmation checkbox needed

Would it have killed them to have a second person sign off on the 'go' command? They way they set it up, it was only a matter of time before a disgruntled worker triggered it anyway.

Trouble is that you know for certain that when you actually really, really need that second person (ie a real missile is really on the way), they'll have gone to the kharzi for a few minutes easement. And by the time they've done experiencing hell on earth, it'll be too late and it'll arrive for the rest of us in the shape of a rather larger mushroom cloud.

23
2

Wait, what? The Linux Kernel Mailing List archives lived on ONE PC? One BROKEN PC?

bazza
Silver badge

The plastic film for DDS tape drives came from a single Japanese manufacturer too. They went out of operation following an earthquake and there was a temporary shortage as a result. DDS was important at the time.

12
0

Audio tweaked just 0.1% to fool speech recognition engines

bazza
Silver badge

"Think “Alexa, stream smut to the TV” when your friend only hears you say “What's the weather, Alexa?”"

Judging by some of the clips on YouTube, Alexa is perfectly capable of doing that already...

This kind of thing should act as a real warning to anyone planning an automated call centre. It means that fraud is a real risk. If "Tell me my balance" can be tweaked into being interpretted as "transfer the funds", followed by "No" being tweaked into a "Yes", a bank could get into deep trouble. Any playback in a court case would show that the punter had said one thing and that the bank interpretted it all wrongly...

Generally speaking, at least here in the UK / Europe, it'd be interesting to see if a recording of someone's voice (as made by a voice recognition system) counted as a personal data record. If so then a failure to process it accurately (and to the detriment of the customer) would be a Data Protection Act problem. £5000 fine.

20
0

WikiLeave? Assange tipped for Ecuadorian eviction

bazza
Silver badge

Re: He may regret waiting

There's certainly wisdom in "getting it over and done with" whilst the going is good.

I recall that years ago a US official said that whilst they might not have liked what Assange has done, it was far from clear that he had in fact broken any US law. If you were to apply US law to none US citizens handling US classified material whilst not on US territory, you'd have to have arrest warrants out for members of the KGB, etc. And a whole load of Allied nations would be somewhat wary... And that would be ridiculous.

30
0

BlackBerry and Baidu buddy up on autonomous autos

bazza
Silver badge

BlackBerry do seem to have forged some juicy agreements with some key players in the automotive sector. Not surprising I suppose - QNX is a properly good OS.

In principal Intel could have turned VxWorks into the OS of choice for car makers. It lacked a decent graphics stack. Intel basically did nothing worthwhile with it.

BB and their predecessors put a decent graphics stack on top of QNX, plus other things. Good graphics on a good RTOS is a truly great thing for user interfaces.

On a side note, I'm enjoying my shiny new BlackBerry Motion. It's a splendid piece of kit.

1
0

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

bazza
Silver badge

Though I may be wrong. SPARC might be susceptible to Spectre...

11
0
bazza
Silver badge

"Underlying vulnerability is caused by CPU architecture design choices. Fully removing the vulnerability requires replacing vulnerable CPU hardware."

SPARC it is then. That seems to be about the only server grade semi competitive CPU out there that's completely resistant to both Meltdown and Spectre.

The guys from Sun / Oracle must be feeling smug. I wonder if they had theorised about the possibility of this kind of thing and had designed for it, or were they simply lucky?

12
4

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

bazza
Silver badge

Re: Gamers largely unaffected by KPTI?

Pure guess here - it may be just one single kernel transition to update the world per frame. Which wouldn't be so bad (50 per second?).

8
0

Honda pores over in-car navigation software with Alibaba – report

bazza
Silver badge

Re: Mental Note for the future.

At the moment it's not too bad. The built in SatNav is essentially the Android version of Garmin's. So it's actually quite good. It's a bit cheap because even if it gets an Internet connection through your phone it won't fetch traffic updates.

Having found that the ICE is basically an Android tablet I sniffed around inside. There's a browser. So I tried downloading and installing the Amazon app store. Which nearly worked but the version of Android underneath is so ancient it refused to install.

In theory you could get an .apk file on a USB stick and install that.

Currently the absolute best SatNav is a modern Internet connected TomTom. They're fantastic driving tools. They do a few things that Google, Waze etc. just don't do, and it makes a big difference to the driving task. They have a decent Web back end too, so you can do pre-drive route planning very effectively. You can even get your route changed over the Internet whilst you're driving. So one's partner could update where you're headed too, or the route you'll take, whilst you're driving it.

I have one of these with built in cellular, world maps (well, to the extent TomTom have maps anyway, not Japan which is annoying). As a driving aid it's unsurpassed.

BMW's built-in stuff is poor by comparison. It works, kinda, but you're always left thinking that a TomTom is better. BMW share this SatNav with a bunch of other European car manufacturers. They'd all be better off building in a TomTom.

0
0

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

bazza
Silver badge

It depends on what's going on in a system. If it's IO heavy, this could be quite bad (lots of interaction with the kernel). If it's compute heavy, possibly this isn't too bad. And it also depends on whose code is running. It's only a problem if you run someone else's code arbitrarily on one's computer.

For Google this isn't too bad. The bulk of their machines are running Google's own code and dishes up search results to Internet clients. For search, maps, Gmail servers Google could take the risk and ignore the patches because they're not running arbitrary code. That's a good thing because the bulk of Google's costs is energy.

For outfits running other people's code (Amazon?) this could be bad because they're all about running other people's code for them. So they need the patches, it will slow them down. And a lot of their cost is energy, so their cost is going to rise.

For the rest of us mere users our computers are going to be slower and therefore use more energy for the same tasks.

The real killer is if this exploitable in Javascript because a huge amount of what happens these days relies in users having Web browsers that are configured to accept and run Javascript from anywhere. Which all of a sudden looks hideously dangerous. That could be a massive problem for Google; if we all switch off Javascript then Google's services don't work. And nor does anyone else's.

5
2
bazza
Silver badge

Re: Hmmm...

Who knows. With Linux of course we can tell. With Windows, possibly benchmarks are our friend if MS are keeping stum about the matter.

From a security point of view it would be better to leave things as they are if the hardware is not effected; better to be running mature code than to be running what seems like a major update out together in a bug hurry.

38
3
bazza
Silver badge

Oh....

....crap.

23
0

Judge rm -rf Grsecurity's defamation sue-ball against Bruce Perens

bazza
Silver badge

Re: Everybody is entitled to an opinion

Perens is not just a.n.other person. He’s been a fairly high profile expert witness in some court cases related to open source licenses.

His utterances in such matters can therefore be considered to have been said with deliberate intent, rather than the spurious ill judged mumblings of a commentard like me. Thus the consequences, should GR ultimately win, would be more severe. I don’t know why he’s bothering to take the risk. If as many people argue GR is an irrelevance, why stick one's neck out?

Indeed, why raise the whole spectre of the corner cases of GPL2 (which is what GR are relying on) when really we'd all rather pretend that GPL2 is fit for the intent of projects like the Linux kernel, when actually it comes up a bit short? If GR did win a GPL2 enforcement case, what's to stop a company like RedHat doing the same thing?

6
0

We have standards, says 3GPP as group starts to lay groundwork for 5G

bazza
Silver badge

Well if history is anything to go by, the South Koreans will have a nation wide 5G network up and running within the week. Those folk don't hang around on these things.

5
0

Meet R2-DILDO: 'Star Wars' sex toys? This is where the fun begins

bazza
Silver badge

Alec Guinness would be rolling his eyes...

1
0

Yes, your old iPhone is slowing down: iOS hits brakes on CPUs as batteries wear out

bazza
Silver badge

Re: I wonder...

So the question is, if the battery is replaced does the OS take away the deliberate slow down?

Or is that an unanswered question, the answer to which might be a bit rubbish and Apple don’t really want to answer it?

10
0

NASA says New Horizons' next stop might have a moon

bazza
Silver badge

Three Cheers...

...for the boffins who constantly remind us that, whilst we do know quite a lot, really the universe is never going to run out of surprises.

Plus top marks for some first rate science, engineering, flying and teamwork.

I mention flying because it can’t be trivial to intercept the shadow of a rock that’s a few billion miles away. It’s not like there is a dark shadow racing across the ground to aim for. Plus it’s a really valuable trick that no other telescope in the world can do, so keeping it funded seems quite important!

Altogether now, hip hip?

23
0

Tech giants at war: Google pulls plug on YouTube in Amazon kit

bazza
Silver badge

Re: More of a loss for Google

And it’s seems that Echo has been a bit of a success, whilst whatever it is that Google are offering gets a market “Meh”.

That’s based on the fact that I know several people with the Echo, and no one at all with Google’s (ie a very scientific and objective measurement...).

So Amazon are winning it, Google aren’t. Kinda makes sense; you can’t really buy stuff from Google like you can from Amazon. Amazon has stuff sell, google don’t.

Google are like “yes you can buy from us, well really it’s a targeted search system not a buying system, we’ll cream off the top but any purchase is between you and the vendor leave us out of it don’t come to us when they’ve pinched your money and posted you a picture of a cabbage instead of the 1TB SSD you ordered no we don’t have our own distribution centres your items will all be delivered separately”.

Google are trying to get to the top of the market the lazy way, ie not having physical presences anywhere other than data centres. It shows. A mate has a Pixel phone, he cracked the glass, but there is no (or was not, may have changed now) spares distribution system or repair network he can go to to get it fixed (it’ll probalably be a market stand job). If it were Apple or Samsung there’d be no problem. Both are in the business of selling hardware and have the supporting infrastructure to suit.

18
1

AMD scores EPYC gig powering new Azure instances

bazza
Silver badge

Re: Team Red Winning Again

Seconded.

AMD’s encryption for VM guests is very interesting. You can trust that the host nor other VM’s can ever see inside your VM (if you accept the paperwork). That is quite a distinguishing feature, or so I’d have thought. Can’t get the from an Intel host.

3
0

WW2 Enigma machine to be seized from shamed pharma bro Shkreli

bazza
Silver badge

Re: Enigma

Yes, but what Alan Turing broke was the newer Enigma with the plug board, which had stumped the Poles. That was a very clever piece of thinking in his part.

The history has been firmly established for many decades now, and the Pole's hugely important role in the endeavour has been widely acknowledged for a very long time.

On the shoulders of giants and all that.

101
0

Expert gives Congress solution to vote machine cyber-security fears: Keep a paper backup

bazza
Silver badge

Going part way as you suggest - paper but machine countable - is a plausible option.

However the benefit of manually counted paper votes is that the result is harder to argue about, gives stronger attestation of the result. If a machine count were contested you'd then have to manually count it; that takes a lot of organisation and time to do if unprepared which is likely unacceptable in such circumstances. May as well be prepared, so why not do a manual count in the first instance...

At the end of the day it's all about perceptions. It maybe acceptable to a population simply to know that there is a permanent paper record and that a manual count could be done if required and individuals can verify that the vote they cast is recorded on their piece of paper. Personally speaking I'd be very interested in the design of the counting machine, because that's the place where something nefarious would be attempted.

4
0

Dawn of The Planet of the Phablets in 2019 will see off smartphones

bazza
Silver badge

Pocketalypse

Seems like we're heading back towards lugging laptops around...

26
0

Hey girl, what's that behind your Windows task bar? Looks like a hidden crypto-miner...

bazza
Silver badge

Re: Finally, a reason to move the task bar

Yet the same trick works on Linux and everything else too. It's the HTML/Javascript standards that allow this, and they're everything to do with Browsers, not operating systems.

18
1

Pro tip: You can log into macOS High Sierra as root with no password

bazza
Silver badge

It requires physical access so it's not a vulnerability. It doesn't matter how often I hear this one it makes me laugh. Somebody with physical access can access all your data and that's not a vulnerability? What exactly do you consider a vulnerability then?

The article has been updated; the trick works from the command line too. So any application that an attacker can get run on the computer can get itself root privileges. So whilst there is no remote vulnerability, it's only one successful social engineering attack away from that.

Pretty dangerous I think, and that alone justifies the early and global dissemination of the news. Leaving this one to fester in private would have left all users everywhere very vulnerable to malicious software.

9
0
bazza
Silver badge

Re: How worse than Single User Mode?

Is it exploitable over a remote desktop connection? That would be worse.

According to the update to the article it can be done on the command line too. So not vulnerable to a remote attack unless the perpetrator can get something run on the computer first (malicious but otherwise innocuous app, etc). Fishing attack might open up the doors for that.

I have to say that between Apple and Intel we're seeing some stinking cock ups in recent times. It's almost funny. All we need now is for Windows or Linux to join in and we may as well throw every single computer in the planet into the bin. Apart from the ones running Solaris.

4
1

Summit for the readers who are hot for petaFLOPs: Server nodes flashed at SC17

bazza
Silver badge

Obligatory Comment

Yes, but will it run Crysis?

0
0

Royal Navy destroyer leaves Middle East due to propeller problems

bazza
Silver badge

Re: I knew it was a mistake

Or rather the routes used by the gas carriers from Qatar to the U.K. Aren't being watched over.

If that traffic were stopped we're in for a chilly winter here in Blighty.

21
1

Phone fatigue takes hold: SIM-onlys now top UK market

bazza
Silver badge

Re: Who gets paid for stating the bleedin' obvious ????

I honestly think I need to stockpile a few iPhone SEs for when my 5S finally dies (3 years old and no reason to replace it)

I see a lot of SEs around here. Lots of pluses - cheap, they work, they're not burdened with pointless frippery, small, battery life is ok. I have one at the moment. The OS / UI sucks, but I don't really care any more.

Probably getting a BB Motion - monster battery life. It's Android of course so that's another horrid UI...

0
1
bazza
Silver badge

Re: @m0rt

You say Blackberry, but I hear that my Priv will soon stop getting patches.

Maybe, but it is 2 years old now. To be talking about a cessation of patches on a 2 year old Android is nigh on unprecedented.

Most other Android phones seemingly drop off the manufacturer's radar after 6 months...

IPhone is different of course. BlackBerry is still sporadically updating BB10.

Hopefully the situation with Android will improve, with Project Treble in Oreo. For those manufacturers who don't put a thick skin on top of Stock Android, staying patched through Google's channels should become easier...

0
0

Forums

Biting the hand that feeds IT © 1998–2018