* Posts by bazza

2175 posts • joined 23 Apr 2008

Q. What's today's top language? A. Python... no, wait, Java... no, C

bazza Silver badge

C is Getting Rusty

I to am an ardent C programmer. It's been a superbly useful tool over the decades. I have done some pretty big C systems very successfully with C.

However, I am intrigued by Rust. If they standardise that, there's a very good chance that I'll convert. It's usable as a system's language, it doesn't need a runtime, but it has some nice high level languages ideas, and does Communicating Sequential Processes too. There's lots to like!

US Homeland Sec boss has snazzy new laptop bomb scanning tech – but admits he doesn't know what it's called

bazza Silver badge

So says Homeland Security boss John Kelly has, although he doesn't know exactly what that tech is.

Could it possible be a sledgehammer? I'm told they're excellent for cracking walnuts.

Crazy bug of the week: Gnome Files' .MSI parser runs evil VBScripts

bazza Silver badge

Re: Please tell me it doesn't have a dependency on WINE

Here's a NMI (non-maskable interrupt) - see icon

bazza Silver badge

Re: Over complicating things

Ah, the fond memories of OpenLook. About the only thing I didn't like was the way it maximised windows.

FreeRADIUS fragged by fuzzer – by invitation – and fifteen fails found

bazza Silver badge

Re: One problem...

It's not standardised yet, it's still a young language. But the signs are promising. It looks like a language worth standardising, ISOified.

If that happens, then one would have to truly consider the choices made in future systems projects.

bazza Silver badge

“C is a terrible language for security”.

Only if written wrong...

RUST is looking quite cool. There's a growing and strong argument in favour of re-writing lots of stuff in it.

There's a whole OS (redox?) coming along nicely, with a kernel written in RUST. The speed with which it's been written is pretty impressive.

The language seems to be a happy balance between ideas taken from high level languages and being a suitable systems language.

The curious case of a Tesla smash, Autopilot blamed, and the driver's next-day U-turn

bazza Silver badge

Re: Hmm

Agreed. If Tesla were stupid enough to bribe someone who is the subject of a minor police enquiry, when it'd be oh so easy for the cops to obtain the data through a warrant, they would be risking that enquiry becoming a major affair. I can't believe that the company would do that.

Nonetheless I suspect that the police department is now going to request the data. If it's missing (for example, there was no cellular coverage in the area), then things could become more interesting... No coverage gives Tesla plausible deniability, and an enterprising police department might want to explore the depths of that.

Anyone any good at data forensics on Teslas? I mean, apart from Tesla?

On the whole though it sounds like Autopilot was off. If they've leaned on the guy to change his tune, they did so pretty quickly and that probably means they do have the relevant data in their servers. They may well have already furnished the police department with a copy of their data; we just haven't heard that part of the story yet.

Pastor la vista, baby! FCC enforcers shut down church pirate radio

bazza Silver badge

Re: I wouldn't say it was ALL downhill.

And Kenny Everett. Briefly. Several times. They, like everyone else, we're serial Everett hirers / firers.

Sadly missed, both of them.

We could certainly do with Kenny's documentary series being back on air. I reckon some world politicians would be appalled at the continued atrocities being committed by the Thargoids, and would set out to do something about it. That's something we need them to do.

UK spookhaus GCHQ can crack end-to-end encryption, claims Australian A-G

bazza Silver badge

What we should be asking is how they intend to PREVENT messages such as im.qq.com from being secured

If it's ad funded, the law can go after the advertisers, and ultimately the law can go after the telcos and ISPs too. The software may exist, but it can be made unprofitable and, perhaps, its servers unresolvable.

For example, the Google boycott that started in the UK and spread has shown governments all over the world how to get a grip on online services. It became socially unacceptable to advertise on Google, so Google lost some revenue. If that social unacceptability became law, the boycott is country-wide and they lose even more money.

Cue lots of talk of extra moderators and AIs, all across the industry. Will it be enough? Who knows, but they need to try hard. One day it could be that if WhatsApp annoys the cops in a country, Facebook risks losing all advertising revenue in that country.

If enough countries get fed up with a particular service's uncooperative responses to law enforcement warrants, their money stream gets cut off.

It's a cunning tactic. End users don't notice, apart from the lack of ads.

It's a disaster in the making for the social networks because they really cannot trust their users to self moderate, so they have to do it instead. This kind of governmental pressure on their revenue stream is only going to increase. For example, Gov wants to clamp down on on line bullying? Make it socially unacceptable to advertise, pass a law to back that up. Facebook's (or whoever's) AI and moderation systems will have to get better and better, which sounds more and more expensive.

Now, if they knew for sure who their users actually were, that's a different matter. The buck can be easily passed is a user is legally identifiable.

Guess who doesn't have to pay $1.3bn in back taxes? Of course it's fscking Google

bazza Silver badge

Re: Change the law, then

France can change the law by ruling what they consider is taxable. The eu law says sales cannot be taxed twice. If they rule there is one contract with ireland and one with france then they can tax each service once.

They might rule that, but there is no actual contract made with Google France. That's effectively what the French court ruled.

It would be pretty difficult for French law to say there is a contract in France when no agreement is made in France. There wouldn't be a piece of paper with Google.fr on it to point at. There wouldn't be a financial transaction in France to point at. It would be a stupid law that says something exists when it plainly doesn't. What would the law do, magic such a piece of paper into existing?

The only thing that does exist is a flow of cash moving from French bank accounts to an Irish company. That could be taxed.

But to tax that flow is the imposition of a services trade barrier with Ireland, something no EU member nation can do according to the treaties they've signed. France could withdraw from the treaty if they want, but that is FREXIT.

Or they could persuade the Irish to not tax it, but that doesn't sound like a good idea for the Irish balance of payments. Can't see that happening.

bazza Silver badge

Re: Change the law, then

Can't change the law. It's not their law that matters.

Effectively the French court has pointed out that the French government cannot do anything about it. They cannot even make a law change that will have any effect. The relevant legal / tax jurisdiction is Ireland, and France's impotence in the matter is a consequence of the EU treaties that France is a signatory to.

The only change France can definitely make that allows them to redress the imbalance is to prevent free trade of services and goods, AKA FREXIT.

Of course, they could try and renegotiate the whole of the EU trade arrangements, but that'd be very difficult.

If we think BREXIT is dramatic, we've not seen anything yet. The spectre of protectionism in Europe and across the world is looming. Some people will be better off for it. Most won't be.

The idea behind free trade is to spread the cash round, bring everyone up to a similar level. It doesn't work if mega corporations simply accumulate cash, taking it out of the world economy altogether (Apple's cash pile, etc). Free trade is being allowed to become socially useless.

Ubuntu Linux now on Windows Store (for Insiders)

bazza Silver badge

Re: But...

Shouldn't Canonical object to this misuse of their trademark?

Apparently they gave it their blessing. But as their stuff is open source and freely available, fork-able, etc there is nothing they could do to stop it anyway. Bit like CentOS vs RedHat.

bazza Silver badge

Re: But...

Oh, sort of Wine in reverse then?

Not really. WINE emulates win32.dll, and other high level dlls. These are exclusively used by Windows binaries to access kernel services. The reverse of WINE would be sort of like a reimplemented glibc.so for Windows.

This is a Linux kernel system call shim for Windows. So a real Linux binary calls a function in the real glibc, which in turn makes Linux kernel calls just as if it were really running on Linux. And the shim translates that into the equivalent windows kernel call(s).


The reason why Wine does what it does is because the Windows kernel system call interface has never been published. So they had to emulate the next layer up (win32.dll).

Because the Windows kernel system call interface is not public, no one can do a windows kernel shim layer for Linux. Apart from Microsoft.

Which is exactly what they're doing with their port of SQL Server to Linux. Instead of using Wine or doing an actual source code port, they're emulating the Windows kernel on Linux.


Ultimately this kind of abstraction of kernels will mean that people will stop caring about which kernel they're running. In theory you could construct an OS that looks like Ubuntu, smells like Ubuntu, feels like Ubuntu, but just happens to have a Windows kernel and Windows drivers instead of the Linux kernel and it's lesser set of drivers.

If MS were giving the kernel away for free so that the Linux Distro companies could do this if they wanted to, such frankenOSes could be quite useful. All the same freedoms as commonly enjoyed now (who ever really does their own kernel hacking? Not many...), but with rock solid driver support. The Linux kernel community might care for GPL2 and open source purity, but quite a lot of people just want an OS that works on their hardware for free.

bazza Silver badge

Re: new fangled Windows Subsystem for Linux

Essentially 21st C version of the old MS Services For Unix, slightly updated.

It's not even remotely close to being that.

if you want to dual boot, or run Ubuntu in a VM on Windows (the reverse is better), then get Ubuntu or any other Linux distro (or BSD etc) in the normal way.

Why bother? If an Ubuntu user land installation cannot tell the difference, why both dual booting or going the whole VM route?

bazza Silver badge

Re: But...

This is the new fangled Windows Subsystem for Linux. It allows linux binaries to natively call their expected APIs under a windows OS, through a very lightweight translation layer.

To add to that excellent post, it's basically the same trick that Solaris, FreeBSD and QNX also do to support Linux binaries.

It works so long as the Linux binary is compiled for the same CPU that the OS is running on. So Solaris x86 can support Linux binaries so long as they were also compiled for x86. QNX can do it on ARMs.

bazza Silver badge

Whoops! Typo


Thank you for your forbearance.

bazza Silver badge

Regarding your latter point, that'll be leap yes only...

LHC finds a new and very charming particle: the Xicc++ baryon

bazza Silver badge

Re: Awe

I would offer them a beer but I suppose they would be too busy looking for the next quantamy quarky higgs thingy to come along.

Nope, beer works well no matter what, offer away!

In fact beer was the inspiration for the bubble chamber, a now sadly obsolete detector type that used vast quantities of superheated liquid hydrogen to form bubbles around the tracks of particles which were then photographed.

U wot M8? Oracle chip designers quietly work on new SPARC CPU

bazza Silver badge

Re: Scale

What's age got to do with it?

There's features in Solaris that Linux is still trying to replicate. ZFS is one of those.

Sparc/solaris clearly matter to enough people to make comparisons to Intel / Amd / Linux / Windows irrelevant. They want it, Larry's selling it. Or maybe Fujitsu are.

IBM is similar. There's enough niche applications for which mainframes based on POWER are ideal to be worthwhile making them. For example POWER, with its decimal maths coprocessor, is fantastic for currency exchange calculations. Some people want to do a lot of those ultra reliably every day of the year.

Zero accidents, all of your data – what The Reg learnt at Bosch's autonomous car bash

bazza Silver badge

Re: Zero accidents?

Yes, that's kind of the problem behind the whole self driving car "bubble". It is impossible to achieve whilst guaranteeing that there will be no accidents.

The only way to achieve it with technology we have now or at any point in the next 100 years is to turn all the roads into closed access, no bikes, no motorbikes, no pedestrians, no horses, no human driven cars, fenced off zones with standardised carriage widths, zero potholes, no fog, no snow, no heavy rain, no flooding, no fords, no ice, no deer running across the road, etc. We already have those, they're called railways (e.g. Docklands Light Railway in London). Except there we use steel tracks and wheels instead of tarmac and rubber and they don't mind fog or rain or deer so much, they don't have potholes, but admittedly do seem flummoxed by the wrong sort of snow, leaves, etc.

In short, a certifiable self driving autonomous anything needs to have an artificially controlled environment kept clear of any hazard or risk that cannot be controlled by the system designers.

There's a serious amount of money being put into this bubble by a lot of badly advised investors. For companies like Bosch it's slightly different - it gives their engineers something to do when they might otherwise be twiddling their thumbs.

I think that at best the thing that will come out of this whole thing is a super-advanced cruise control that still needs a sober licensed driver paying attention sat behind the steering wheel. Trouble is that that is of very little appeal in the car market. For example, who'd genuinely pay £10k (guessing the premium here) extra for a system that still can't drive you home pissed after a decent night in the pub? That's a lot of taxis. And for a long time to come the price of all this equipment is going to outweigh the total cost of most cars anyway. Doesn't bode well for the mass marketing of these things.

This bubble will eventually get burst. The ones who are first to do their systems engineering and certification engineering properly, and some decent market research to see the true sales potential of a partial solution, will get out and sell their project to one of the other big players.

While USA is distracted by its President's antics, China is busy breaking another fusion record

bazza Silver badge

Re: let me guess...

Hmmm, well apart from the failed efforts back in the 50s, 60s, the progress has been ahead of track since the 1970s. The JET project in Culham in the UK exceeded its research objectives, and that has now been expanded into the ITER project. There is a plan, but it is quite a long plan, but for the past 40ish years it's been running according to (or better than) plan. More or less.

ITER won't produce power, but it is aiming to be able to sustain a plasma. Once that's achieved, fusion power is a certainty, not a hope.

bazza Silver badge

Re: Worse..

If the Chinese can crack it they will be absolutely flooded with every possible malware the US can throw at it...

Sensationalist clap trap.

China and the USA (and Russia too) are members of the ITER project. China is helping build it, just like everyone else. Even the Iranians are talking of joining in. As member nations, they all have equal access to the intellectual property developed by the project. A lot of the other projects are in support of the joint ITER effort, as is the norm with large, international, collaborative scientific research projects.

ITER is too important to be cocked up by politicians. One can only hope that Trump doesn't decide that America is too important to mix it with the Old Foes.

Create a user called '0day', get bonus root privs – thanks, Systemd!

bazza Silver badge


I can't have 1234 as my username. That's my password.

Hang on a mo, I'll just log in and change it for you.

There, how's that?

Microsoft boasted it had rebuilt Skype 'from the ground up'. Instead, it should have buried it

bazza Silver badge

Re: Market research


"Carrying 2 phones in this day and age is nuts,"

I couldn't disagree more strongly with this sentiment!

my phone is *my* phone I don't want work shit anywhere near it. So what if I have two phones? it's not like they're the size of a brick. At the end of my working day I throw it in my lappy bag and walk away.

Ah, well that was the beauty of BlackBerry Balance on BB10. There is a cryptographic separation between work apps, data, calendars, email, contacts and your own personal apps, email, contacts, etc. The cryptographic separation is pretty good, and has a lot of approvals from DoD, MoD, etc. Work could remotely control / wipe their partition, but had zero ability to see, wipe, or control the personal partition. You couldn't copy / paste from work apps/email to personal apps or email, and vice versa.

The result is that Work can be confident that their data won't leak through your personal accounts and apps, and you could be confident that work cannot see or control your personal stuff. If you want to boot work off it altogether, simply signing out to sever their connection and wipe all the data.

Fence Sitting

The best bit is that OS's own calendar app could sit on the fence between the two partitions, and see down into both your work and personal calendar, so you could easily manage personal and work appointments even though neither calendar backend is aware of the other. Similarly for the email client, contacts, etc.

This is the feature that many other mobile management packages lack; you have two separate calendar applications to check before making appointments, two places to look for email, two places to look for contacts, etc.

Two Phone Numbers All At Once

BlackBerry also bought a company that did something clever with virtual sims. So you could have a work number live and dialable that will connect to your phone, whilst your own personal number on the phone also works. AFAIK you could block the work phone number whenever you wanted.

I think you could also turn off notifications from the work side. You get to 5pm, and switch off the work partition and number, and no one else can do anything about it.

Too Clever

All in all it is a pretty sophisticated approach to BOYD, with a far high level of functionality than things like Knox, or IronMobile. It allows the handset owner to strike the balance they want between work and not-work, and be in control of their stuff without having a free reign over the work stuff.

But the number of people who could be bothered to see if anyone had done anything more sophisticated than Google or Apple is quite low, and still fewer were in a position to be able to persuade bosses of its merit.

That type of technology is something that genuinely helps working people have less stuff to carry and have an easier time running their lives. Trouble was that Google and Apple have shown the world that you can make $100billions by simply the needs of working people.

bazza Silver badge

Re: Market research


That's the consumerization of tech, that's how the iPhone also ate BlackBerry. And it's not always a bad thing, if it brings more money for increased development spending etc. (People preferred the iPhone over BB because it was better!) But, you have to do the consumerization right. Apple 1, Microsoft 0.

BlackBerry's response to iPhone, BB10, has some marvellous technical features that make for a really good BYOD solution. The problem they had was:

1) Apple had already "educated" people as to what to expect from a smartphone, so neat technical solutions to the BYOD problem didn't get any interest,

2) it was too late.

The results are that these days, certainly where I work, everyone has a work mobile and a personal phone. Carrying 2 phones in this day and age is nuts, but that's what most British workers with a need for a mobile phone end up doing.

Apple could buy BlackBerry really easily, absorb that tech, but the results consumerisation are clear; there's no real money in supporting business users anymore.

We see it in other areas. BlackBerry Travel is a superb app, and always has been since long, long before iPhone and Android came on to the market. If you and colleagues did a lot of travelling it was fantastic - it managed all your flights, hotels and car rental, kept you up to date on delays, etc. It would even tell you which gate to go to before the airport's own displays. It still works today, but is being shut doing this September. Apparently the company behind it, WorldMate, are deciding there's no future in competing against Google's equivalent. But in comparison, Google's equivalent is a poor, poor imitation.

BB10 Skype

On the plus side, Skype on BB10 (a warmed up version of the Android skype) is unchanged. Doesn't work amazingly well, but works well enough and doesn't make a fuss about it.

bazza Silver badge

If they can do this to a simple thing like Skype, what might they do to Office?!?!

bazza Silver badge

Re: It's Great!

So it's attempting to say, "pay attention to me, not the person you're talking to"?

I'm not sure that MS have fully understood this communications thing...

SpaceX halts Intelsat 35e launch twice in a row

bazza Silver badge

Re: Violation Of Abort Criteria

It is certainly a "no shit, Sherlock" excuseexplanation. It's not like there's anything that's allowed to look a bit iffy, launch anyway, it'll be fine.

Google DeepMind trial failed to comply with data protection – ICO

bazza Silver badge


"We accept the ICO's findings and have already made good progress to address the areas where they have concerns. For example, we are now doing much more to keep our patients informed actually bothering to write to our patients to tell them that we slurped their data and about how their data is used. We would like to reassure patients that their information has been in our control at all times and has never been used for anything other than delivering patient care or ensuring their safety, but as much as we'd like to do that it's doubtful that they'll have any reason to believe us and will likely win if they choose to sue"

I'd that a good enough fix?

Intel AMT bug bit Siemens industrial PCs

bazza Silver badge

Re: " It..checks the number of characters of password received against the actual password,

Just to be clear you're implying that they don't even check the actual password against the entered password? Are you sure that's what you mean as that's a real "WTF?" moment right there.

Unless things have changed since I last read about it; they do check the entered password against the set password, but only if the entered password has more than zero characters. Give it a zero length password and it thinks that everything is a-ok. It was down to a misuse of the strcmp() function.

It's a serious cock up. Knowing the basic architecture and functionality many people have been theorising able the possibility of this kind of bug, but this was an absolute peach. There's going to be more I suspect.

How to pwn phones with shady replacement parts

bazza Silver badge

Re: Error 53

I sometimes wonder if people ever stop and think about why phone manufacturers like Apple are fond of sleek, smooth materials like glass, used in places where glass is not required.

Looks nice? Sure. Breaks easily? Fairly easily. Encourages you to buy a new one when the back of your old one is trashed? Yes.

They're certainly not made for durability, which plastic is actually much better at.

Not that durability requires plastic. When Apple had the opportunity to move over to sapphire glass, which is nigh on indestructible, they decided not to. Part of that decision might have been the motivation to not make a phone that really would last forever.

bazza Silver badge

Re: Error 53

I think partly yes, and then again no.

It's possible, so guarding against it is a good idea.

On the other hand, the cost/reward ratio for someone doing this isn't that favourable. You'd have to do some serious bank account drainage to make it worthwhile I suspect. And if it became a common thing people would simply stop using the dodgy repair guys, lesson learned.

I think Apple's reasons were more related to revenue "protection".

Not that scary or that hard: Two decades of VLANS

bazza Silver badge

VLANS Are Useful

That is all.

Australian regulator will decide if Uber drivers are staff or contractors

bazza Silver badge

At what point do the VC investors pull the plug? The way things are going they're going to burn through all the money and have nothing to show for it except for a lot of disgruntled drivers, a poor reputation as a company and possibly a whole bunch of unpaid fines. Not very good material around which to build a compelling IPO...

They’ve been going for a while now, and AFAIK there's little evidence to suggest that they can ever be profitable. Why waste more money on it? If they closed down Uber now, they wouldn't have to pay redundancy to all those drivers who look like becoming staff in the near future.

Don't panic, but Linux's Systemd can be pwned via an evil DNS query

bazza Silver badge

Re: Hang on, all y'all ...

Unfortunately most anti-systemd trolls are childish and couldn't code their way out of a paper bag

No. A lot of people had already written a ton of perfectly good code, which RedHat/Pottering then consigned to scrap heap using their control of another key project to force everyone else to follow suit, replacing it with a pile of code that has repeatedly been shown to be full of security flaws like this one.

RedHat / Pottering might be able to code their way out of a paper bag, but their strategic decisions have put everyone including themselves inside several thick hessian sacks tied at the neck. It's going to take a long time to get out of the sacks.

GNOME may as well be closed source.

Anyone through about re-doing systemd in Rust?

bazza Silver badge

Re: Hang on, all y'all ...

The point is that someone, and we all know who, has used their corporate position (i.e. control of the Gnome project) to force a big pile of code onto the rest of the Linux world, and has made the classic mistake of making it do too much, for no good reason. For example, what earthly reason is there for an init system to be providing a dns reverse lookup service?

By unnecessarily replacing lots of existing working code with a lot of new code, it's inevitable that there's a shit load of vulnerabilities. These are going to take decades to find and fix. And because of the unnecessarily wide scope of systemd and it's privileged position in an OS, bugs are potentially dangerous.

And because a ton of scripted code has been replaced by a ton of C code, arguably there is more classes of bug (like buffer overruns) to be worried about.

This has been a backward step in system security. It will be a long time before we can trust it. There are very large groups of bug hunters out there who have every intention of using them for malicious purposes, and systemd is great for them. Even if Pottering can point at an empty list of issues for systemd, that doesn't mean there are no security bugs.

Search results suddenly missing from Google? Well, BLAME CANADA!

bazza Silver badge

Enforcement is easy enough. Fine Google. Or if Google takes its corporate presence outside of Canada, pass a law banning Canadian companies from using their advertising services and fine them.

The ad boycott that started in Europe caused Google to lose cash. That's when they started paying attention. It became immoral to advertise on Google, something advertisers don't like, so they withdrew their accounts.

Imagine if it also became illegal?

The world's legal systems haven't really even begun to catch up with the implications of dominant global online services. In the meantime Google especially (and a few others) are making a ton of what could be described as dodgy money. The Europeans are more active at working out whether what they're doing is actually legal and openly competitive, and increasingly they're finding against Google.

Now Google is a wealthy company and should be able to anticipate some of these rulings. They know they're the dominant player, and consequently it is inevitable that some of their website features will attract attention. Now they have to explain to their shareholders why their American style business strategy was the best one to use globally. It wasn't, it's costing shareholders money, and it looks like it's going to get worse.

bazza Silver badge

Re: Does this mean...

...all heck will break loose.

Doesn't sound too bad. Does it tickle?

Google hit with record antitrust fine of €2.4bn by Europe

bazza Silver badge

@Ken Hagan,

Intel and Microsoft also changed the world for good. If you are too young and uninformed to remember or know how, I suggest you do some reading up on how the world was back then. If they have both become fat and lazy and exploitative in recent years, well they are in good company: Google have gone the same way.

At least AMD seem to be giving Intel a hard run for their money again. Competition there is good at the moment. Intel have totally failed to dominate the mobile CPU market. MS dominated with Windows, NT, domains, and then Active Directory. The fact that they got forced to open up those protocols (for a modest fee) was a good thing. The Samba team got the funds together, and that means that there is now an increasingly viable alternative to Windows Server for domain administration. That too is a good thing. MS office doc formats are publicly available, another good thing they were forced to do.

My point is that, yes, Intel and MS have pretty strong positions, but there has been regulatory intervention, even in the USA. Whether there's been enough or not, I don't know. However with Google there's seemingly nothing they can do that annoys the US regulators, which seems worse than the situation we had / have with MS/Intel.

bazza Silver badge

Re: If you were to invent a really great device...

@Doug S

"What percentage of all advertising is a recently invented really great products that most people haven't heard of yet, versus the assortment of me-too products that bring nothing new to the table, useless products that bring nothing at all to the table, assorted scams that are a drain on society, or worst of all, political ads?

I'd say about 0.1% or so is really great product you haven't heard of, at a guess. And I'm probably overestimating at that!"

Your analysis is probably right. Advertising is, to some extent, corporate blackmail. "If you don't advertise with us, we'll make sure that your competitor does". I'm sure it's not said like that, but that's what all publicity departments feel like.

The problem these days is that Google and everyone else have invented a whole new vast array of "places" where adverts can appear. Pre-Internet, there were only so many bill boards, only so many magazines / newspapers, only so many TV channels / ad stops mid show. Nowadays there's practically every single web page on the bleedin' planet, with the notable exception of Wikipedia and the BBC. Google of course are responsible for a big chunk of that; too responsible in fact, according to today's ruling and €2.4billion fine from the EU.

According to the UK Internet Advertising Bureau here UK online advertising is approx £7billion per year. Acknowledging that all advertising is ultimately paid for by consumers, performing some crude calculations on that is quite revealing. £7billion / 60million people = £116 per person per year. Working that out for just wage earners, I reckon that's close to £280 per year, extra money spent on things we buy simply because they're advertised online. Apparently non-internet advertising is about another £7billion, so all told we're spending something like £560 per year just on being advertised at.

Of course, that's a crude analysis, but it's kinda hard to argue with. Advertising doesn't look like good value for money when looked at that way. If one were to ask anyone on the street whether they'd pay £280 per year to use Google search, maps, mail and a few other websites, having already spent £700 on a phone, I doubt there'd be many takers.

I'd quite happily pay £12 per year to use El Reg, ad free. I bet that'd be more than the dear old thing earns from me through ads (and I mostly don't run an ad blocker on El Reg).

Linus Torvalds slams 'pure garbage' from 'clowns' at Grsecurity

bazza Silver badge

Re: Linus exhibits all the qualities of pure sociopath

If it wasn't for him, we'd be limited to Windows, and maybe what OSX would've been.

That's very doubtful. FreeBSD's origins predate Linus's efforts, and FreeBSD's itself first hit the Web very soon after Linux. Had Linus studied the History of Art instead, FreeBSD would have come into existence anyway (it was well on the way to completion). FreeBSD is pretty good.

Then there's the NetBSDs and OpenBSDs of this world.

You're also ignoring some perfectly good commercial OSes; QNX, INTEGRITY, VxWorks are all excellent. QNX in particular is quite interesting, in theory it's capable of being the basis of a desktop OS (you could use it like that back in its very early days). INTEGRITY could too, though that would be a massive piece of work. VxWorks is well and truly stuck in the world of embedded systems, but is (like the others) pretty good at what it does.

bazza Silver badge

Re: SELinux is not the answer.

I am no SELinux expert, but isn't one of its problems that it can be configured badly, to the point of uselessness? Of course, "configure", "badly", and "uselessness" are all very subjective words, everyone has different requirements...

Doesn't BlackBerry's spin of Android run GR patches? If so, anyone know whether it has resisted exploits that have worked on other flavours of Android? Linus might not like the GR guys, but if their code is working then there must be some merit in it.

AES-256 keys sniffed in seconds using €200 of kit a few inches away

bazza Silver badge

Re: AES was not cracked, cut the click bait


But most of the worlds encryption users are now running ARM based phones or tablets. The majority of x86 are either work related laptops or in server rooms and now seriously outnumbered by ARM based gadgets etc.

Whilst that's true, there's still an effort / reward balance to be considered.

Look at Oyster cards on the London Underground. Are they the ultimate in security, the most impenetrable of contactless subway ticketing, proof against nation states and even capable amateurs? No. Do they need to be? Not really, it costs more to clone / hack one than the cost of just paying the fare.

So yes, it might be that someone could build a sniffer the size of a ruck sack, and start picking apart keys on random communications decrypted by crypto co-processors commonly found on, say, ARM SOCs in phones on the tube, in a coffee shop, or IoT devices in someone's home, etc. But to what purpose? I don't really see the point. It'll still be a needle in a haystack, and even if a phone is only moderately well screened (like they probably are to pass EMC accreditation), there's little prospect of being able to make anything of it.

Certainly if it ever became a problem it's so easy to counter it.

bazza Silver badge

Re: AES was not cracked, cut the click bait

Indeed. I feel they set this up to succeed.

Nothing wrong with that of course, but it would have been far more impressive had they pulled off the same trick against an x86 server running a busy workload as well as doing crypto operations. There would be far more background noise to obscure a useful signal. Also due to the mixed workload there's not likely to be an obvious signal to latch onto in the first place. And it'd have a metal case.

Therefore I don't see this result leading to any changes in practices. If there's someone who can get within a couple of meters of one's infrastructure then you've already got a problem. Installing a keyboard logger or something else like that sounds more productive for the attacker.

Florida Man to be fined $1.25 per robocall... all 96 million of them

bazza Silver badge

I think he should be made to listen to each and every single one of those 96million calls too.

Not Apr 1: Google stops scanning your Gmail to sling targeted ads at you

bazza Silver badge

Re: Spamfilter to be crippled too?

You mean the one they got by buying Postini? The one that became worse once Google got their hands on it? That one? It's OK, but they made some needless changes that then made it harder to integrate, and harder to use. And a paid for, unscanned anti spam service became just as paid for but with added scanning for ad data mining.

I doubt this change will alter the spam filtering aspects of their service. It's a completely different scanning process (not looking for key words, just looking for commonality between emails, and specific patterns in binaries, etc.

F-Secure's Mikko Hypponen on IoT: If it uses electricity, it will go online

bazza Silver badge

It's simple really, they're a vast company and can afford to do it properly.

A lot of these IoT things are being done by quite small companies without the long standing software dev team who's only job is to keep up with Linux patches, etc. It's make it work, sell it, abandonware it ASAP and move on.

Belkin seems to be fairly well behaved too.

In the Epyc center: More Zen server CPU specs, prices sneak out of AMD

bazza Silver badge

Re: That SEV mode looks really interesting

They just have to not check the box for encryption.

Fine, provided the hypervisor writers remember to make that a checkable option...

On the topic of hypervisors, it does open up a new avenue for malware. Malware could stand up its own hypervisor, with encryption enabled, or use a hypervisor offered by the host OS, and run its paylaod in that VM. There's then nothing the host OS could do about looking inside that VM. There's plenty of reasons why malware wants discreet, unobservable runtime on someone else's hardware.

Uber CEO Travis Kalanick has resigned, says report

bazza Silver badge

Don't. Just. Don't. Mention. That. Possibility.

On a more serious note, there's now an infamous ex CEO on the loose, and the passage of time will diminish that to merely "heard of him, must be good". He will end up being someone's boss somewhere at some time in the medium term. So now we're all kind of playing CEO roulette...

Microsoft admits to disabling third-party antivirus code if Win 10 doesn't like it

bazza Silver badge

Re: Nothing new under the sun

Sadly these days MS seems to be responding, "our lawyers are more expensive than your lawyers, and we can afford to keep them busy for the rest of eternity".

Doesn't mean they win, but they do seem prepared to go to court against their users!!!!! Customer Relationship Management at its finest...

Biting the hand that feeds IT © 1998–2019