* Posts by bazza

1922 posts • joined 23 Apr 2008

As iPhone 4S battery suckage spreads, fixes appear

bazza
Silver badge

@Peter 66, Apple Long Term Support

"Can we admit that Apple have supported their products longer then any other manufacturer have supported an Android phone?"

Absolutely! Though of course there are tales of Apple withholding new features from older phones "because they're not powerful enough". Shame for Apple that the hackers generally get them going on older phones anyway. And then there's the things that most Apple upgrades seem to break...

So Apple are definitely along the right road when it comes to updates; updates yes, but still trying to force people to buy new handsets.

Android is terrible for updates and, if any kind of common sense prevails, will end up costing Google dearly.

MS and RIM seem to have updates well under control. In the case of MS it could become a significant reason to give a Win Phone a go. It might not be perfect (though initial reactions seem positive), but a couple of meaningful upgrades in the handsets' lifetimes seems a real possibility. Service packs and updates have kept Win XP viable for ages; why not the same in the mobile market?

1
0
bazza
Silver badge

Sounds like it's a lemon

It's incredible how Apple get away with such crap software. We've all come to expect that the first iteration of an iSomething will be rubbish, and some how the market thinks that's alright.

But Blackberry has their first outage in years lasting a couple of days and people are reaching for their lawyers.

Either Apple customers are complete mugs who care not about service reliability and a Blackberry outage is such a rare event that it warrants extraordinary attention. Or no one takes iAnything seriously so long as it's shiny but otherwise rely upon Blackberry's services like their lives/businesses depend on it.

In short, what gives?

37
3

Safe as Windows: Smartphones' security nightmare

bazza
Silver badge

Interesting comparison

The networks really want to be able to skin handsets so as to emphasise their brand. Google in effect said "Do whatever you want, here is the source code". But Microsoft seems to have said "This is what it's going to look like and you can't change it". That allows MS to push updates direct to users.

The networks and handset manufacturers may not thank MS for this; no skinning by the networks, less sales of handsets as updates from MS keep older ones going. But end users will benefit.

RIM and Apple do their own thing anyway, though I agree with Stallman concerning Apple's walled garden.

0
0
bazza
Silver badge

Couldn't agree more

The lack of updates is going to mark Android out as the one to avoid. Bugs will always come to light and get fixed but unlike Google, RIM, Apple and MS can get fixes out to end users.

So how many people will continue to be willing to invest in expensive but difficult to update hardware? Potentially not many. So Android will have to become disposable, therefore cheap, therefore low spec...

2
0

Applied Micro leaps ahead in ARM server race

bazza
Silver badge

OS porting

You raise a fascinating point about the whole HP ecosystem. I suppose we have to consider the possibility that in the long run HP will port VMS to ARM. Now that really would be a strange event in history indeed!

2
0
bazza
Silver badge

@Mage

"Intel can use their design expertise and fabrication to make an ARM that Texas, Samsung or Qualcomm can't compete with."

Yes they could easily do that. But that would mean that Intel are just another supplier in amongst a whole host of others. Intel's wafer baking expertise would mark them out though.

However, I'm pretty sure that Intel are desperate for the world to stay with x86 for servers, because then they'd keep the whole thing to themselves. At the moment they have only AMD to contend with. In the ARM market there's hundreds of other companies to compete against, and it would be difficult to dominate them all.

The moment Intel start fabbing ARMs will signify that they've finally admitted that x86 is a crappy, out of date architecture. That would really make them wince, especially as it would be an admission to their shareholders that the game is up, the big days are over.

5
0

ARM specs out first 64-bit RISC chips

bazza
Silver badge

ARM have to hurry?

"Intel has a lot of time to make Atom a better chip, and AMD still has time to do whatever it is going to do. ARM needs to move faster – or AMD will."

Intel haven't moved very fast as yet. If this doesn't chivvy them up a bit I don't know what will. It's almost as if Intel's strategy has been to wait for ARM to pose a serious threat and then pull out all the stops on a proper low power development.

That seems awfully risky. Intel have to make huge improvements all round because ARM's performance / Watt is beginning to look seriously good. AMCC are talking about 3GHz quad core ARM64 in the middle of next year! There's no word as yet on power consumption, but if it conforms to the norms of what ARMs seem to achieve then it's going to be a very cool running chip indeed. Whereas Intel have to pull off a large step change in their chips' power figures and get it right first time.

Look at it another way. ARM64 fails, ARM and Intel survive as they currently are. ARM64 succeeds, Intel lose out, ARM win big time. Intel won't be threatening ARM in the mobile market anytime soon. They way I see it Intel are probably in it for survival at the moment.

And look at it another way again. Itanium must surely be a dead end now. Intel can't possible afford to waste engineers on Itanium when the ARM threat has to be addressed. Very soon no one is going to be at all interested in Itanium servers unless Intel can somehow make them low power too, and I don't think we've even begun to hear the merest peep about that on any roadmaps.

7
0

HP hooks up with Calxeda to form server ARMy

bazza
Silver badge
Thumb Up

Quite right

But it is highly likely that MS have realised this and that is why there is all sorts of ARM-ish noises coming from them. Of course Linux is already there really but has to cope with the wide variety of ARM SOCs. But if MS can standardise ARM machines in a way similar to PCs currently are then that would help Linux too.

Watch out, Intel.

1
0

Apple gets patent for ‘unlock gesture’

bazza
Silver badge
Unhappy

Oh that it were that simple

I applaud the sentiment, but I fear it won't work that way. All they need to do is get a court ordered import ban, and that's it. The state will then do the dirty work :(

6
0

Anonymous shuts down hidden child abuse hub

bazza
Silver badge

No, the police didn't do a good job there at all. But only the legal system can put these people behind bars. And putting them behind bars is necessary. Publishing a list of usernames may embarrass those that stupidly used their real names, but it won't send them to jail.

The police certainly need technical improvement. Sitting on the outside moaning (and in the case of Anonymous making their job harder) won't help any children at all.

3
2
bazza
Silver badge

Important point missed though

I too think that getting rid of such servers is no bad thing. But the article goes on to say:

"or making it difficult to argue that evidence has not been corrupted by hackers."

There's a very real danger that none of the users of the servers that Anonymous compromised can be successfully prosecuted now (depending on jurisdiction I suppose). This would mean that they'd be free to disappear into the background and carry on their disgusting practices, only more carefully than before. How's that going to help children?

It is supremely arrogant of Anonymous to think that they're the only people who can do this, the only ones who can "save the world", whereas they are probably making things worse in the long run. If they want to make things better they should get proper jobs, perhaps in law enforcement.

12
5

Leaked Nokia WinMobes ready for midrange scrum

bazza
Silver badge

Fragmentation?

"With so few users, Windows Phone hasn't had the chance to fragment or sprawl just yet."

Aren't you missing the point of Microsoft's entire strategy? They're allowing some diversity in spec, quality, etc. whilst ensuring that there's a level playing field for all when it comes to software, thus deliberately preventing fragmentation.

Android is rapidly moving to the point where software Devs have to account for 4 or 5 actively used versions of Android on dozens of different hardware specs. Maintaining their software across all of that so as to maximise sales is a big job.

In contrast, whilst there might be fewer Windows phones they're all the same from the software Dev's point of view. So the Devs win on maintenance costs, which may well amount to higher software sales at the end of the day.

The old maxim "Write once run many" has real commercial clout if you're a software Dev, and Android is surely going far away from that.

3
1

Deep inside ARM's new Intel killer

bazza
Silver badge

Because

They're not especially slow or low performing. They tend to be well matched to the things that people actually want to do. That's why they've been so successful in smartphones in particular.

What interests me and many others is whether that right-sized characterstic translates over to the datacenter. Your average Intel chip is doing a hell of a lot of things. But to make economic sense it has to, it's burning through 100+ Watts. So could you do the same amount of work with a few ARM chips? If the answer is yes then you use them, because you'd likely save a lot of power. Even if it took 10 ARMs that'd still be OK - that'd be about 20 to 30 Watts, saving 70 Watts. 10 ARMs would be 10 cores at 1+ GHz - not bad really when you think about it.

1
0
bazza
Silver badge

@fearnothing

The Core series was nothing more than a couple of Pentium 3's stuck on to the same package with a miserable excuse for a front side bus to join them together. Hardly any work was involved at all, and it was seen at the time as something of a desparate measure.

The fact that it took them 'two years' to accomplish that is not very impressive at all, frankly. In that timescale *the* Skunk Works team were quite capable of delivering entirely new types of aircraft such as the F117a prototype, the U2 (the A12/SR71 took a little longer, but not much).

However, Core was a marketing success which as is so often demonstrated far more important than technological success. Intel were able to exploit the fact that most customers would open the spec, note "dual core" and look no further. However, with power consumption becomming ever more important the customers are likely to take specs more seriously.

All it will take is some large-ish datacenter operator to fit out with ARM based hardware and give it a go. Not that straightforward, granted, but LAMP is LAMP be it on x86, ARM, etc, and MS are busily putting all sorts on to ARM so it's getting easier. It is quite likely that that datacenter operator would achieve a major power saving. And that is a major cost saving. And that is a major profit increase. And that *will* get noticed by others, because their shareholders will start complaining. And that will get Intel into big trouble, because they can't respond without tossing x86 in the trash bin and starting again.

2
0
bazza
Silver badge

Tiny market

"...Linux-running..."

Without passing judegement on Linux per se, my guess is that the perceived market demand for such a thing is simply way too small to interest any large manufacturer.

But market perceptions have a nasty habbit of being wrong. Remember IBM's estimate that there would only ever be a need for 5 or 6 computers in the whole of the US? What a mistaka to maka!

I'm hoping that whatever MS are upto with ARM will result in an open ARM platform just like the x86 platform is at the moment. MS bought an ARM foundry license, (a *lot* of wonga) so it seems they're hell bent on building an ARM platform of some sort.

Microsoft, and latterly Linux, benefitted enourmously from IBM's architectural openness that spawned the whole PC ecosystem. MS have some form in this area too. The PC'97 -> PC2001 series were sort of along the lines of an architectural spec that served to standardise PC hardware. That definitely served MS's commercial purpose - they could sell more Windows licenses as a result. It also helped other things like Linux too for the same reasons. Maybe, just maybe, MS have decided to try pull the same trick with an architecture based on ARM.

MS commercial interests to do so is that they could spawn a whole new major round of platform evolution just like IBM did back in the 1980s with the first PC. I think that their purchase of an ARM foundry license is evidence that they're aiming to create a whole new ecosystem, from server -> desktop -> mobile.

Whomsoever successfully pushes ARM into the server market stands to make a shed load of money. Those datacentre operators are desparate to reduce their electricity bills, and they'll spend big on hardware to do so. Energy costs, as well all know very well indeed, are king.

I wouldn't mind betting that MS have worked out that by defining the hardware they'll be in a good position to sell a very large number of software licenses too. The implication is a substantial replacement of the PC computing world as we know it, not just annual incremental sales. All that MS and the hardware vendors have ever sold they get to sell again, in ARM form.

Of course, if Intel actually stumped up a decent low power chip that would mean the world would just continue with incremental license purchases rather than complete replacement. That wouldn't make MS anything like as much money. Essentially I'm arguing that Intel's failure to produce a proper low power chip is an enourmous once in a lifetime commercial opportunity for MS.

It's a very large market to aim for, it must surely be tempting for them to go for it. And if it makes their mobile strategy work too, so much the better. And where there's servers, there'll be desktops and laptops, and also Linux devs who'll inevitably work out how to penguinise it.

Anyway, assuming that I'm foretelling with accuracy, your quest might be successfully pursued merely by sitting tight and waiting for it to happen, perhaps sooner rather than later. The only loser would be Intel, and they won't be happy at all.

0
0
bazza
Silver badge

Because

Intel can't buy ARM. Just like Apple can't, nor Qualcomm, TI, Marvell, or anyone else. The competition regulators all over the world would have a monumental fit (or at least they ought to).

If any of the mobile players succeeded in taking control of ARM they would gain a de facto monopoly position, or at least the strong impression of one. An actual monopoly would clearly not be good for any end user whatsoever.

I would argue that the richness and diversity of the mobile market is traceble solely to the way in which ARM have licensed their CPU designs with an even and fair hand to all device manufacturers. They (perhaps accidently?) created a level playing field in which many manufacturers could thrive.

ARM survive because they themselves don't actually make anything, or sell anything directly to the public, so they're not really operating a monopoly either. And by being obviously modest about their licensing fees they cannot be accused of exploiting their dominant position either.

8
0
bazza
Silver badge

Poor old Intel

ARM have moved the goal posts once again. Intel are going to have to do something pretty amazing to make x86 anything like relevant in the mobile space, something they've completely failed to do over the past few years.

I don't think that there is any physically feasible way for Intel to make x86 compete with ARM in terms of performance/Watt. x86 is just too inefficient in its use of transistors. If there was a way you might imagine that Intel would have found it by now, but they haven't. And afterall, Intel have always been masters of silicon processing first, architectural geniuses* second. I can't see their current strategy paying off.

Perhaps one way in which Intel could have an orthogonal but effective strategy is to get in to screen technology in a big way. That's definitely an area where *big* power savings could be made, ARM might do a 20GFLOPS core that takes no power at all, but it's useless without a screen. Alright, so screens are not Intel's core business, not anywhere close, and there's a lot of competition in that field already. But they're wasting their cash right now so they might as well spend it on something that may bear fruit. It might also prove to be a company saver when Intel wake up one morning and discover that ARM have pinched the server market from under their noses too. With Microsoft porting Windows to ARM, and the LAMP stack already quite well established on ARM, I can't see Intel hanging on to servers for much longer.

1
0

Dixons stores knock £150 off RIM PlayBook

bazza
Silver badge
Happy

Actually...

Feeling crazy I went and bought one.

It's very good if you've already got a Blackberry. And quite a lot of people have got Blackberries.

The way messaging works if you bridge it to your Blackberry over bluetooth is quite impressive. Whatever you do on one is automatically mirrored on the other. All your contacts, email, blackberry messaging, wifi network details are magically shared. To achieve the same thing with iSomethings or Android involves a bandwidth hogging trip to a cloud. You can even see you phone's photographs on your playbook. There is the usual array of twitter and facebook clients too.

The browser is fab. Proper flash built in to so you get to see web pages as their designers intended. That goes a very long way to making up for the smallish app store. The OS does proper multitasking like it is a full desktop operating system. Impressive, and I'm sure I will find a use for that soon.

There are reports of people successfully putting the beta of the next OS on to playbooks. Amongst other things that gives you Android app compatibility, and hence *all* Android apps. Pay attention, that is going to make a playbook a very serious contender, especially for those who don't need built in 3g.

I've not found much evidence yet of things like magnetic compasses or full 6 axis accelerometers so sky viewing apps look to be off the cards for the moment.

0
0

Toshiba demos monster hi-res tablet display

bazza
Silver badge

Careful...

With a display like that if each pixel emitted just one photon each you'd be getting some serious facial heating going on...

1
0

Gov: DAB must battle on, despite being old and rubbish

bazza
Silver badge

Ha!

In this country DAB delivers a bit stream of 128kbps for an MPEG2 codec, limited by what the broadcasters choose to transmit. Comparing that to the UK's FM network, it's not as good as the sound quality that can be got from a good FM receiver with a reasonable signal strength. The coverage is poor in comparison to FM, and in patchy reception areas the quality drops to AM levels of awfulness or disappears entirely. DAB's only plus points is extra stations, if you can get them.

As for not having to tune or faffing with an aerial, what sort of prehistoric FM radio is it that your comparing DAB to? FM radios have had presets and RDS for a very long time now, and the FM transmitter network is very well designed for generally superb reception.

Having said that, I have got DAB in the car, and when I can get it I like R4Extra. I just wished they'd ditched DAB and gone to Digital Radio Mondiale instead.

5
1

Devs still frozen out of Android ice cream source

bazza
Silver badge

Desparate measures?

Google still desparately trying to fix their mobile strategy?

Android has got to count as the most naive piece of thinking ever. Did they really think that every handset manufacturer out there would pick up the Android source code and build it as is? Were they really convinced that all those send-the-user-to-Google things would remain in every Android handset? That's self believe bordering on being delusional.

Android was becoming a way for handset manufacturers to do a minumum of software engineering to get users to go to their own services, not Google's. Having realised this way too late Google are trying to put the genie back in the bottle but pissing off a large number of people on whom they rely in the process.

And they've still not solved the update problem either. Apple, MS and RIM are all in the position where end users are getting relevant updates pretty easily. Not so with Android. Most Android users are missing out on some pretty critical security updates as a result. That's going to drive it to the cheap end of the market where handsets are more 'disposable'.

And there's at least one stupid gimmick in Android 4. That face recogniser / smile to unlock thing sounds rubbish. Consider this: you've had a terrible day, the markets have crashed, your best friend died, you got soaked in the rain, the trains are cancelled, and all you want to do is phone the wife/husband and get the fire lit so that when you eventually get home you can at least drown the your sorrows in a warm comfy chair in front of some crackling logs with a bottle of whisky to help. And to make that call you have to look at your phone. In good lighting conditions. And smile. And it'll probably be as buggy as hell anyway.

3
7

Apple iOS 5.0 downloads drive all-time UK net traffic high

bazza
Silver badge

Cache?

Seems that Apple have completely lost contact with storage and network reality. iTunes won't cache, iDevices now seem to wipe their caches (previously stated as being suitable for persisitent on device storage). What's Apple got against harddisks and flash chips at the moment?

0
0

Apple and Samsung discuss... CPU production deal

bazza
Silver badge

Surreal

It is a bit odd that mortal enemies on one front are quite happy to do deals on another.

So are Apple still not really designing their own silicon?

0
0

FSF takes Win 8 Secure Boot fight to OEMs

bazza
Silver badge

Difficult for OSS

Secure boot would be a sensible safeguard for most people. Can't blame MS for looking out for the majority vote. OSS could do the same thing and negotiate with the hardware vendors to have OSS keys in the hardware too.

Ok, so who holds the OSS keys then? The whole point is that they can't be public knowledge, isn't it? But the whole ethos of OSS is that nothing is private. Seems like a situation that's impossible to resolve.

I think the best that can be hoped for is that the hardware vendors include an option in UEFI to allow non-signed boots. Or maybe the vendors tell MS where to poke it (an unlikely outcome I suspect). Otherwise what am I going to run OS/2 on?

2
0

iPhone 4S: Our *hit list

bazza
Silver badge

Antennagate?

That is all

2
0
bazza
Silver badge

iCloud

All your data are belong to us. Then us deleted data all, ahahahahahahah!

1
0

ICANN rescues time zone database

bazza
Silver badge

@Eddie Edwards: Wrong Precedents

Apart from using UK precedents in reference to a US case, you've missed the critical difference.

The OS and GPO are the originators of the OS maps and the UK postcodes. The scores in Wisden are public knowledge - everyone who watched the game knew the score - but the statistics are their own work. Moore's Almanac is a mixture of things that are public knowledge and their own work. For instance, Moore's don't actually do their own tide table calculations do they? Nor do they set the horse race fixtures either. But the 'predictions', despite their doubtful probabilities, are Moore's works.

The information that Astrolabe is claiming as theirs did not originate in their precious encyclopedia, it is merely recorded within. Astrolabe have never been the originators of official timezone data; state legislatures are. And since when were laws copyrighted?

If the time database had merely put up a scanned image of the pages from the encyclopedia that would have been ripping off their compilation. But they didn't, the database merely said that the information happened to be recorded in the encyclopedia. It amounts to free publicity for the encyclopedia, nothing more.

I just hope that there aren't enough lunatics out there to make the publicity that Astrolabe are getting from this case profitable in terms of additional book sales offsetting what I hope are the crippliingly high legal bills that are justifiably heading their way.

0
0

RIM BlackBerry Torch 9810

bazza
Silver badge

@Anton Geijsendorpher: different to mine

I've an original Torch (my first ever BB), and have had absolutely no problems with it whatsoever. It's never frozen, there's been no apparent bugs, the battery lasts very well and I certainly wouldn't say it was slow.

This isn't a network provider 'customisation' issue is it? I'm on Three in the UK, who don't seem to have messed with it too much. I don't know what the other networks do with BB.

I hate the way the networks feel the need to mess around with the software in phones. It creates massive problems for end users, amply demonstrated by the way that Android phones never seem to get updated.

0
0

Dell signals Windows 8 fondleslab range

bazza
Silver badge

re: Hot News: Dell touting to be Microsoft's and Intel's bitch

Er, haven't you seen all the fuss about Windows 8 on ARM? Microsoft didn't spend $millions on buying an ARM *foundry* license (a rare thing indeed) for nothing you know.

MS may well end up with all bases covered with everything from ARM phones/tablets with fancy GUIs to servers with a healthy dose of corporate integration throughout. That could be a hard thing to resist. It could wipe out Blackberry. If the offering attracts enough content it will make a big dent in Apple/Android too.

0
0

Sony asks for 1.6m LCD TVs to be returned

bazza
Silver badge

@Mike Richards, it's getting tricky

"Today it's sub-standard components in television."

It's becomming increasingly difficult for manufacturers to source reliable components. There's a large number of knock off fake components being manufactured by dodgy rip-off merchants (mostly in China it has to be said). These are finding their way into the component supply chains, and it can be very hard to spot the fakes. Ironically, even Chinese manufacturers are falling prey to this problem. The fakes are naturally of lower quality, often don't meet the original specifications, or sometimes are just an empty package with the right printing on the top!

I don't know if this is what's happened to Sony with these tellys. But given the scale of the issue it will becoming increasingly common for consumer electronics to fail early, or potentially be dangerous in some way.

0
0

Chaos feared after Unix time-zone database is nuked

bazza
Silver badge
WTF?

Only in America...

That is all

37
3

Judge cracks down on Bayesian stats dodginess in court

bazza
Silver badge

@AC, re: An enlightening book

That case the BBC is raising is indeed madness. What is the world coming to when the default view is that someone must have committed some crime if we cannot otherwise explain a sequence of events?

There's already a couple of criminal offences (purgery and perverting the course of justice) on the books that are woefully under applied when it comes to considering the care with which some experts have assisted the legal system. With expertise comes responsibility, especially in relation to understanding the true limits of their own knowledge. If the scientific experts involved in the legal system can't be relied upon to remember that most important of scientific tenets, perhaps the thought of facing criminal charges might focus their minds somewhat.

For example, imagine you have performed no research on the exact question at hand (e.g. can the environmental / biological factors causing SIDS persist in the family home?). Imagine further that you have no peer reviewed work to back up a statistics-backed assertion that you're about to make and are not formally qualified as a statistician. How hard is it to stop, think a bit and say "I don't know."?

Similarly, if the Court and legal officials don't understand the scientific process, why are they allowed to accept an act on the word of single expert witness? Have they never heard of scientific concensus?

0
0
bazza
Silver badge

Adversarial vs. Inquisitorial

I don't think that the adverarial system here in the UK works at all for scientific evidence. It's too easy for both sides to put forward 'experts' who are disagreeing, and where does that leave a Jury?

The legal system should be asking the scientific world how evidence is assessed. The scientific world would rightly say 'peer review and concensous'. No consensus, no conviction. That is an inquisitorial process, which the people involved in the legal system don't like that one little bit.

The SIDS cases were appalling. A non-expert in statistics presented unchallenged 'facts' that were in fact horseshit. At no point was he required to show that he was qualified to do so. Why wasn't he charged with purgery? Why weren't the Court's officials charged with gross negligence???

0
0
bazza
Silver badge
Thumb Up

Mean, median or mode?

That is all

0
0

Check your machines for malware, Linux developers told

bazza
Silver badge
Thumb Up

@tim

It's a mystery to me why anyone would down vote such sage advice. Here's a counterbalancing up vote.

1
0
bazza
Silver badge

@Santa from Exeter, @Destroy All Monsters

@Santa from Exeter

http://www.theregister.co.uk/2011/08/31/linux_kernel_security_breach/

Paragraph 3:

“Intruders gained root access on the server Hera,” kernel.org maintainers wrote in a statement posted to the site's homepage shortly after Hawley's email was leaked. “We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.”

That's from the horses mouth, so to speak. If you don't like what *they're* saying, tough sh*t.

@Destroy All Monsters

"You are implying that there is some new trick going here."

Yes, it's fair to say that I am. But given the length of time it's taken so far to find out what mechanism the exploit used I'd have thought that they would have been able to test for and eliminate the known tricks by now. In contrast, something new could take ages and ages to discover. Presumably the attacker was competent enough to clean up log files to hide their methods.

If one is responsible for a business critical system running on Linux then one is going to have to at some point consider the likelihood of such an inference being correct. I guess that the lack of reports of mass compromises of Linux servers on the web is encouraging, but it is hardly a guarantee.

Ok, so the damage done to the Linux source code is nil (the widespread distribution and signing of Linux source code has been well done). But I think that the real problem is the means by which the attack was carried out. I genuinely hope that it turns out to be an oversight of configuration on the part of the sysadmins at kernel.org. But I personally find the cagey nature of how this is being reported less than reassuring. I've never bought into the arguement for non-disclosure until a fix is ready. If that takes a long time then all the users are ignorant of their vulnerability whilst the attacker has a free run. At least give the users a chance to secure their own systems by telling them what's going on. We all hammered Microsoft for such behaviour.

It's interesting to analyse the motives of the attacker. Money? Not likely from kernel.org I'd have thought. Altering the Linux source code? Unrealistic, maybe, and building in a secret backdoor would seem superfluous given the mastery they'd already have to have over Linux and many other things to achieve that. Maybe a naive and doomed attempt at altering the source code? Could be. Showing off? Who knows. Purely as an attack vector on kernel.org users and similar? Seems to be few pickings to be had from that. Dry run for a later attack against some other Linux website? Not exactly a discrete way to practise.

2
0
bazza
Silver badge

Guarantees?

1) At least one of the developers was careless or unlucky enough to get compromised

2) Does that guarantee that they won't get compromised again?

3) If just one person doesn't do the checks then the whole thing may start all over again

4) We still don't know what the compromise mechanism actually was

5) We have to conclude that the compromise route is still partially open to an attacker

0
0
bazza
Silver badge

Laugh

Linux's invulnerability turns out to be an illusion, just like for every other OS. Vociferous proponents now have egg on their faces, and for the moment it's not washing off.

I'm not sure about superior breeding. Microsoft have dealt with security, bugs, etc. quite well over the past few years. Windows went through security hell, but seems to have emerged stronger from the experience.

The lack of information on this flaw in Linux is beginning to look very shabby indeed. It's an open source OS, everyone out there should be able to examine the code for the flaw. Looks like the only person who did was the attacker.

The best information we have seems to be that authorised users on Linux boxes can achieve privilege escalation to get root access, and that there is no way of stopping them doing so. That state of affairs doesn't really recommend Linux to anyone does it?

3
10

Ten reasons why you shouldn't buy an iPhone 5

bazza
Silver badge
FAIL

@gmichael225

"1 is a compromise to maximise battery efficiency, and besides, a decent battery should outlast the phone."

Wow, you really have been conned by Apple. Properly designed / built electronics will always outlast a battery. There's a gazillion old Nokias, cars, TVs, radios, computers (even some Apple ones), planes, tanks, ships, etc. etc. out there that prove the point quite adequately.

Your view is clear evidence of how Apple have succeeded in getting the gullible to believe that an expensive piece of equipment failing is 'reasonable'. It isn't. You're being deliberately led by the nose into buying new and expensive hardware every year.

Just admit that you *want* a new one every year (nothing wrong with that, it's your money not mine), but don't foolishly attempt to justify it with spurious arguements.

1
1
bazza
Silver badge
Childcatcher

Flame proof underwear?

LP is clearly feeling brave today. 171 posts for and against already...

0
0

Ellison: 'There'll be nothing left of IBM once I'm done'

bazza
Silver badge

re K machine

+++

"We didnt build it but we use a similar architecture for our processors" does not sound like terribly good PR.

+++

Well, its not bad publicity either, and it is a small attention grabber.

I completely agree that Oracle are quite capable of cooking up their own bad PR! Like them or loath them, SPARC getting improved is only a good thing, but I think we'd all prefer a more modest communicator of that news... And indeed it will take more than a single benchmark to out do IBM.

1
0
bazza
Silver badge
Thumb Up

@tom 99

Seems you're a deserved member of the group of a select few people I know who have properly read up on modern CPU technology.

IBM are in many ways infuriating. They're always coming up with neat tricks like this which have applications way beyond IBM's core business, but the only way you can get it is to buy a bloody banking system off them. It is admirable how they stick to what they do best and not waste shareholders' profits on supporting the few small fry like me who'd like to use their tech for something other than an entire country's credit card transactions processing...

2
0
bazza
Silver badge

@kebabbert

"Again, if you are doing it right, you never use floating numbers in finance. Every calculation is done with integers, and you keep track of the number of decimals separately. No rounding will occur. No floating numbers are needed. As I said, I work in a large finance company."

Hmm, well I'm not sure that you've wholly understood what that part of POWER is. As you say, floating point is no good. I gather that the *decimal* accelerator (not the FPU) in POWER is doing the sort of arbitary precision sums you've outlined. Hardware acceleration of that is obviously going to bring benefits, or so IBM would have you believe. And it's difficult to disagree with the evidence of their sales figures.

"Those are trivial calculations, done in COBOL on Mainframes. Not very sexy."

Not sexy, but clearly very profitable. Profits don't have to be earnt in a sexy way, they just have to be big! I'd say that on an absolute scale skyscrapers, suits and MBAs are not really significantly sexier...

Yes, I'm familiar with the technology that the high speed trading world uses, and I'd certainly agree with you on the inappropriateness of mainframes in that role! But generally I think that Solaris/Linux on even top end server and network hardware is behind the curve when it comes to low latency, largely because they're stuck with stodgy sluggardly interconnects like Ethernet, Myrinet and Infiniband.

The high performance embedded signal processing world has been much more focused on low latencies than the mainstream server world. The 'unconventional' interconnects found in that domain (VXS's and OpenVPX's sRIO, and external interconnects like sFPDP) are all about low latency. That's because it's a key driver in the sorts of applications (radar, etc) implemented using such hardware. If you've not done so already, it's worth a bit of investigation.

Anyway, hurry up and earn your profits. There's a good chance that the whole high speed trading thing will get banned soon, especially if it gets fingered for causing a major market wobbly. I'm pretty sure that no one in the finance industry could say whether or not it meets the Nyquist stability criterion, but those of us who know what that means generally think that it doesn't and don't believe that anyone's checked to see either.

Even if it doesn't fall over it's doomed stagnate, eventually. As soon as you've all bought premises as close as possible to the stock exchange and have all chosen the optimum hardware and algorithms for the job, you'll all be as good at it as each other at it and there won't be any technological advantage left to exploit. Anyone started checking to see if they're plugged in to port number 1 on the Exchange's Ethernet switch?

On the otherhand if stagnation spurs the finance industry into developing even lower latency kit (the mainstream IT industry won't, they care merely about throughput) then I would be quite grateful.

3
0
bazza
Silver badge

K Machine?

"Also, IBM "has" currently 212 systems in the top500 (yes, really), Oracle "has" 12."

Maybe, but the fastest of them all is SPARC based. Half million+ SPARC cores and counting...

Ok, so Fujitsu makes the chips, but it's still good PR for Oracle and the SPARC commnunity.

0
0
bazza
Silver badge

Ambitious

I admire the corporate ambition on display. But I think that there's a lot more to IBM than just integer performance. I think that Ellison is underestimating IBM and their appreciation of their customers' needs.

There's plenty of hardware out there (Sparc, Itanium, x64) that should theoretically mean that IBM's hardware offering is lacking in appeal in one way or other (performance, cost, or whatever). But apparently that's not reflected in IBM's sales figures.

I think that IBM are actually quite subtle as to what they put in to their hardware designs. My favourite example is the decimal arithematic hardware acceleration on the POWER processors. That's absolutely perfect for massive banking applications having to process international transactions. As Boltar rightly points out in the post above, ordinary floating point is not accurate enough. Almost no one outside that niche knows that it's in there. But it shows that IBM have really thought about banking applications all the way down to the CPU design. And guess what - IBM sell to a *lot* of banks and financial processing outfits.

Whether or not Ellison understands that point I don't know, but it is important. IBM clearly has means of offering cost effective systems to their customers in ways where individual benchmarks are irrelevant. The customer ultimately cares about only service-per-dollar. This has allowed IBM to sell a surprising amount of mainframe gear for many decades now. So much so that everyone seems to have given up saying that the mainframe is dead.

Anyway, whilst Ellison may witter on about Java, there's a shed load of COBOL out there, new and old.

Having said that, I do like what they've done with SPARC.

9
0

HTC Android handsets spew private data to ANY app

bazza
Silver badge

@TheRegistrar: An update? Are you kidding?

And exactly what speedy and pervasive update mechanism is available to HTC to ensure that every HTC phone out there would actually receive such an update? Ah yes, none.

0
1
bazza
Silver badge

From HTC:

All your data are belong to us.

0
2

Pandemonium as Microsoft AV nukes Chrome browser

bazza
Silver badge

Win7-x64 + current Chrome

All's OK here...

2
0

Firefox devs mull dumping Java to stop BEAST attacks

bazza
Silver badge

@mangobrain: Chicken and Egg

>>>>>>>>>>>>

The problem here is that the server side also needs to support TLS 1.1/1.2, which OpenSSL - probably used in the majority of Apache HTTPS servers - doesn't. If the server only supports up to TLS 1.0, then whatever the client advertises support for, the version will end up downgraded to 1.0 as part of the initial negotiation.

<<<<<<<<<<<<

Yes indeed, but that doesn't excuse Mozilla from implementing TLS1.2. Even MS have that in IE9, it's just that it's not switched on by default. I gather that Opera supports it too.

The sensible solution is to implement TLS1.2 in all browsers. That would allow website operators to upgrade and start mandating it for secure connections without losing their users. A sensible solution has a feeling of inevitability to it, especially if some market-viable browsers already support it. For example, It would be viable right now for online banking sites to say that you have to switch on TLS1.2 in IE9 or use Opera and bar Mozilla and Chrome. It would cause a lot of phone calls, but they could do that right now.

If Mozilla are going to be lazy buggers and say 'not our problem' then Firefox risks getting labelled as being insecure by design. These musings from the Mozilla dev team might be indications that they're not taking the issue seriously, but this is not the first time that's happened.

But if I may get back to your good point about OpenSSL What is the OpenSSL community doing in not supporting TSL1.1/1.2? It's like they've heard of it, agree that it offers better security, but frankly can't be bothered to incorporate it because they've not got the time or inclination. TLS1.2 was defined by RFC5246 in August 2008 (outrageous quoting from Wikipedia). That's more than three years ago. I don't think that that counts as a hearty demonstration of proactive steps to maintain the worth and reputation of their software. They're essentially conceeding that they're quite happy to be outdone by Microsoft...

1
0

Schoolteachers can't teach our kids to code, say engineers

bazza
Silver badge

Tuppence ha'penny's worth

About the only useful thing they taught on O level 'Computer Studies' was some veeery basic architectural stuff, and the fact that computers could be programmed. The rest of it was up to us kids really. There were those who were self starters who went and taught themselves a bit of BASIC, maybe Pascal, etc, mostly on Spectrums and the few PCs that were around. Then there were those who just weren't interested. I left school knowing C quite well, which in those days was pretty much the most useful thing you could know!

For those of use who were interested, it worked just fine. Electronics Engineering at university added some polish (i.e. learnt architectures properly), but the whole point of university is that it is certainly up to one's self to learn.

0
0

Forums

Biting the hand that feeds IT © 1998–2017