* Posts by Charlie Clark

5121 posts • joined 16 Apr 2007

Oh UK. You won't switch mobile providers. And now look at you! £5.8bn you've lost

Charlie Clark
Silver badge

The costs of switching

While I would encourage everyone to keep abreast of the average costs of the various services they use, it should also be noted that there are always costs associated with switching: researching, form-filling, etc. Very often the optimal approach is switching tariffs at your existing provider. But that won't make companies like uSwitch very happy.

3
0
Charlie Clark
Silver badge

How it works in Germany

The company to which you are moving requests permission from your existing network to port the number. Normally this means they provide you with a form to do this. In this way their interests are aligned with yours when you want to switch. There are also strict timelines for the procedure with the disabling of the number on one network and enabling it on another having to take place within 24 hours (much less in my experience).

In contrast the UK system seems to place the burden on the customer to arrange keeping their number. This also gives the existing service provider leverage against any switch, which is anti-competitive. Still, as the right to keep the number was one of those nasty, burdensome regulations handed down from Brussels, it's probably only a matter of time until it's revoked and you don't have to worry about switching networks because you won't be able to keep it. That's what "taking back control" is all about, right?

8
2

Meet the chap open-sourcing US govt code – Paul, an ex-Microsoft anti-piracy engineer

Charlie Clark
Silver badge

Re: Go for it!

Really, various agencies should be tasked with producing open source software.

That sort of implies they should be software maintainers. Maybe not such a great idea. But many places already have processes based around the data ("Open Data") they release and the various APIs they provide.

1
0
Charlie Clark
Silver badge

OTOH

It's not as if other countries haven't had the same problem. Even the UK finally managed to get over itself and get on with it, though I think different bodies have different licences where a simple BSD-inspired Crown Copyright Licence would probably have sufficed.

Export are a real PITA and restrictions apply to anything cryptographic, one of the reasons why OpenSSH is based in Canada. It's sort of nonsense in an open source world but try telling that the politicians.

2
0

Your next PC is… your 'Droid? Remix unveils Continuum-killer

Charlie Clark
Silver badge

They have great vision but I suspect it's going to be a while before they get there: the devil is very much in the detail on these things but building up from the phone is the way to go. Just not x86.

I was pleasantly surprised the other day when I enabled multi-window view on LOS 14.1 on my S5

2
1

Java and Python have unpatched firewall-crossing FTP SNAFU

Charlie Clark
Silver badge

Re: Oops, especially for Oracle

I can't say I'm surprised about Python; the way it does some stuff looks inherently insecure, and the lack of static typing probably makes security testing much harder.

The relatively low number of CVEs listed for Python would suggest that your hunch is ill-founded.

As thames says, static typing doesn't really help you when it comes to security testing, which is usually about handling conditions, including stuff in the protocols, you didn't plan for. In the right situation Java will be just as dynamic as Python. Gary Bernhardt's comparison is worth watching.

Security testing never ends: there will always be new exploits because there's always something you haven't thought of. The important thing is how we as developers respond when informed that our software is vulnerable. Personally, I've already fixed a potential XXE vulnerability this year. What have you done?

1
0

Google bellows bug news after Microsoft sails past fix deadline

Charlie Clark
Silver badge

Re: With a monthly patch cycle

Of course with the schedule being set to a fixed day of the month it means that there will be either 13 or 14 weeks for three such

They've been releasing out of cycle patches increasingly often. But it really doesn't matter: if there is injury as a result of this then I can't see any jury sympathising with them. Maybe they just need a massive fine to take these things seriously enough.

The software industry repeatedly manages to worm itself out of strict liability by promising to release updates. But there are many, though obviously no criminal attempt to cover things up, with VW's recent software manipulation, which while settled by the regulators, is still open for civil suits.

3
0
Charlie Clark
Silver badge

Re: ...the company all-but-accused Google of...

If however there is no known zero-day…

Think of this again in terms of strict liability and a possible case for negligence. Remember, Google initially notified Microsoft in March 2016 and most of the forensics tools they're using are freely available.

Unknownzero-day exploits are obviously worth more so there is an incentive to keep them from being disclosed.

4
0
Charlie Clark
Silver badge

Re: GDI32?

You don't mean 32-bit applications, you mean legacy stuff using MFC, including from the bug report Office 2013. GDI has been known for years to have security problems, which is one of the reasons it was supposed to have been thrown out in Vista

Anyway, backwards compatibility should be available through emulation or thunking: the application shouldn't care whether it's talking to the hardware or something that looks like the hardware. It's just another corner that was cut.

7
0
Charlie Clark
Silver badge
FAIL

Re: ...the company all-but-accused Google of...

Google is weaponizing vulnerability disclosure…

I think I'll add this to my fake news filter…

Go and read the original bug report from March 2016 and see if you still think that.

10
0
Charlie Clark
Silver badge
Facepalm

Re: GDI32?

It's interesting isn't it? Wasn't GDI supposed to have been replaced by some kind of presentation manager in Windows Vista?

3
2
Charlie Clark
Silver badge

Re: With a monthly patch cycle

but I think 90 days is pretty short for making a bug public

I think the limit is fairly arbitrary. If the team at Google can find the bug then who's to say others with less "honourable" intent can't? I guess you have to balance any potential risk posed by Google's disclosure with that by Microsoft's inability to close it properly.

In any case the original bug was reported in March 2016: it's only the follow up that's from November. That seems like more than long enough to me.

12
0

Love lambda, love Microsoft's Graph Engine. But you fly alone

Charlie Clark
Silver badge

What?

JOINs in relational databases would be prohibitively computationally expensive

JOINs shouldn't involve computation and they're usually themselves in-memory lookups.

SQL might be shit for graph work but that has little to with graph databases. But graphs and topology are a different branch of maths than relational calculus.

As for transactional stuff: if it isn't ACID then it will break and you will lose data. Analytical processing can benefit from parallelism, just as it can live better with redundancy but the SparkSQL approach allows you to keep the API while playing with the storage.

2
3

Microsoft makes cheeky bid for MongoDB devs on Azure security grounds

Charlie Clark
Silver badge

Re: Meh

The problem is not taking security seriously enough to properly design and implement your system.

As if that were the only problem with the DB. But, hey, now you can connect the browser client directly with the server DB for better performance. If you're worried about security, you'll never be a hipster!

0
0
Charlie Clark
Silver badge
Mushroom

Meh

I think asking the next door neighbour's kids to look after your data is safer than using Mongo DB. But as hipsters all we care about is: is it JSON and webscale?

The end of the world isn't far off.

5
1

Global IPv4 address drought: Seriously, we're done now. We're done

Charlie Clark
Silver badge

Re: CGNAT?

I would be interested to know where the 100,000 registered systems statistic comes from, it sounds like a made up on the spot statistic.

You tend to hear it from anyone involved in peering, so CDN vendors or the like. But for them 100,000 systems is an awful lot of stuff to manage: routing on IPv4 is getting worse as a result of growth here.

0
0
Charlie Clark
Silver badge

Re: "nat-has-nothing-to-do-with-security"

We have all seen what happened when instead of routers with NAT; people had "modems" which directly attached the computers to the Internet - a lot of systems compromised with ease.

I think you'll find that millions of systems are compromised with ease at any one time. Protection via NAT was coincidental, much like security through obscurity, and it didn't take long for hackers to work around any "protection" afforded by NAT.

1
4
Charlie Clark
Silver badge

Re: CGNAT?

works just fine

For you. At the moment. CGNAT has to do a lot of what should be totally unnecessary shit just so that "it works for". At some point this translates into higher cost and poorer service…

1
1
Charlie Clark
Silver badge

Re: Address allocated but not live

In other words don't move my cheese.

IPv6 isn't perfect but the lack of addresses in only one problem that it attempts to solve for which there is no solution in IPv4. IPv4 was designed for a couple of million devices (address contention is not a problem you ever want to have on a network) and it's a testimony to how well it was designed that it copes with billions of devices on it and the huge volumes of streaming traffic it handles.

A comparison with HTTP is imperfect but still perhaps useful. For many years it was acknowledged that HTTP 1.1 had limitations (no TLS, no multiplexing) but there was a lot of inertia to overcome so no work was done on HTTP 2. A few years ago, Google and others started working on an imperfect replacement SPDY to help mitigate some of the problems they had due directly to HTTP 1. The ideas formed the basis of HTTP 2, which while still not perfect is being rolled out around the world and will soon be given privileged access. This, in my opinion, is how the IETF is supposed to work and I wouldn't be surprised if Google and others start privileging IPv6 traffic once the numbers are right.

0
0

Google claims ‘massive’ Stagefright Android bug had 'sod all effect'

Charlie Clark
Silver badge

Re: Finally a sane article on Android security

Mikel,

I agree with most of what you say but I think Jason Bloomberg below makes the better point. People harping on about security flaws in Android aren't necessarily Microsoft (or more likely Apple) shills or fanbois. They're more likely to be just excitable users or occasionally journalists writing clickbait. All software companies should take security seriously. In the Android eco-system this is acknowledged to be less Google's problem than the manufacturers and I don't see it improving without regulation.

Sometimes you have to go outside the Google Play Store – I do it to get stuff that is geo-blocked for some reason – and this should be possible in any market. Google handles this correctly by disabling it by default but allowing the user to disable it.

Ant-virus products are mainly fig-leaves but can be useful for some users even if they only spot VBA mischief. Firewalls, depending on your definition, can be very useful, but, yes there is also industry that has spotted a niche by scaring rather than educating users.

6
1
Charlie Clark
Silver badge

Yet another way to read this is that the really nasty exploits

Not really. If the easiest way to compromise a phone is to get the user to install something then that's the thing to do.

4
1

Amazon Chimes into video-conferencing: Look out, Skype, Google

Charlie Clark
Silver badge
FAIL

awful writing

This article really epitomises why you shouldn't write one sentence paragraphs! It reads like a stream of unconnected statements.

0
0

The Register's guide to protecting your data when visiting the US

Charlie Clark
Silver badge

Re: passports

Some countries make special dispensations for this scenario.

Yes, for example Israel and Iran will refuse entry to anyone with a visa from the other country. Extra passports always available for this sort of thing.

9
0
Charlie Clark
Silver badge
Go

Opportunities?

This kind of security is incredibly expensive to do at scale (the state within the state is one of the things that bankrupted the Soviet Union). So, even if the CBP can get enough staff to cope, big if, it won't be long before economics dictate that they do less strict checks and use less well-paid people and contractors wherever possible; as happened in Europe with all the security theatre at the airports. This is a smugglers dream: low-paid security bods, cleaners and catering staff off multiple new and safer routes around the surveillance because quis custodet custodes? Time to start buying shares in M.A.F.I.A. ! ;-)

6
0

Google to cough up $20m after Chrome rips off anti-malware patents

Charlie Clark
Silver badge

Re: Shocked I tell you...

Then you're not thinking properly. USD 60 million is, in the words of former head of Deutsche Bank Rolf Breuer, "peanuts" to Google.

However, having to call the lawyers every time someone says "hey: I've got a patent on that bit of code!" can throw a real spanner in the works. And, remember this isn't necessarily about copying an implementation, which is what patents are intended to regulate, but basically marking territory. It's probably also worth noting that Chrome is largely open source and Google indemnifies the software precisely to prevent suits like this landing on Joe Bloggs for coding this for Chromium.

Over-zealous interpretation of patents is a great way to stifle innovation and, hence, competition. If Google hadn't decided the world needed a better browser then IE 9 would probably be the dominant browser, no one would have bothered writing JIT compilers for JS and a lot of the services we take for granted wouldn't exist. I'm not a Google fanboi and I don't use Chrome, but in my view there's no doubt they've made a significant contribution to the development of a standards-based web. BTW. Microsoft itself has also suffered at the hands of patent trolls though the Eolas' patent at least.

11
3

Munich may dump Linux for Windows

Charlie Clark
Silver badge

Re: Get it right

I think you're assuming that by "cloud" I mean a heap on unreliable bits of SaaS on the internet and waving goodbye to all their data. In fact, businesses are looking hard at running their own SaaS "clouds" as a way of simplifying infrastructure: you get a device and the network is configured to provide you with the apps you need and make sure the data is only where it should be.

Hipster companies do tend to make a lot of mistakes but their focus on doing as little system administration as possible has its merits as an approach.

1
0
Charlie Clark
Silver badge

Re: Charlie Clark

Really the same applies to most software now :( MS buggered about the the UX in the great 8.1 failure, Macs have been getting dumber

The MacOS UI hasn't changed all that much since I switched to it (2006). Most of Apple's fucking about has been with I-Tunes to make it more like the IOS one. I-Phones have had all the changes but I've never had one so I don't care. I guess they do regularly fuck up the POSIX stuff. :-| and they did dumb down the disk manager.

Put it this way: I've managed with the same system for 10 years on 4 different devices, just migrated painlessly each time. That is worth a lot.

4
0
Charlie Clark
Silver badge

Re: Replacing Linux with Windows, based on *cost*?

Really, this "training for users"

Not really, it's just as much about management of the environment: distribution of patches, updates, new software, etc. I've heard that Windows 10 does some good things in this respect but also that it enforces an update cycle that not everyone is happy with.

My experience in this area is limited (I use MacOS): client Win 7 seems to need reboots daily now for some reason, but every time I boot a Linux box I become convinced that the UX team hates me.

I'm not trolling, just pretty meh on this.

7
6
Charlie Clark
Silver badge

Get it right

The proposal will be voted on next week, but its passage is not guaranteed as the ruling Social Democratic Party is in coalition with the Greens and the latter party opposes the change.

At least according to Heise, Munich is currently run by an SPD/CSU coalition. The CSU in particular loves to do sweetheart deals with large companies.

I was chatting with a mate of mine about IT strategy for the next few years and it seems Microsoft has been reasonably successful in lobbying companies to give them another round. This is probably the last one before everything moves to BYOD + docking station + cloud.

The migration costs alone probably make this a zero sum game but there's no denying that it's not as easy to get support for a large Linux desktop installation as it is for Windows.

0
2

Samsung's Chromebook Pro: Overpriced vanilla PC with a stylus. 'Wow'

Charlie Clark
Silver badge

Intel, sigh

Show me something like this without TPM and that only runs Android and runs on ARM (so no app problems) and have some cash.

1
2

Grumpy Trump trumped, now he's got the hump: Muslim ban beaten back by appeals court

Charlie Clark
Silver badge

Gorsuch is strongly in favour of states' rights. Any judge likely to rule in favour of states over abortion bans, is just as likely to rule in their favour against overreach of the federal government. And there are going to be plenty of those going forward.

But, in any case, given that he'll best questioned on this in the hearings, he would have to recuse himself from the case, should be approved by the time any case is brought.

2
0
Charlie Clark
Silver badge

Re: Trumped

Most of the Middle East countries seem to have little problem with his ban, did you know that?

What the ones with the good ties to the US like the Emirates and Saudi Arabia? You might want to look at the list of countries from which there are known international terrorists and wonder why they're not on the list.

As a European I'm looking forward to all the business from Iran and elsewhere that will come our way as the US withdraws from international trade.

18
1
Charlie Clark
Silver badge

Re: "SEE YOU IN COURT, THE SECURITY OF OUR NATION IS AT STAKE!"

Ploy all along, I think he knew it wouldn't fly, that it'd get struck down

There are several problems with this:

  • the way the order was drafted and communicated
  • the attacks on the judiciary
  • but, most importantly, he's not running for election: the campaign is over
He no longer needs the votes of the saps who voted for him in November. But he is going to need cross-party support in Congress to pursue his agenda, which may include attempts to reduce the powers of both the legislature and the judiciary, and the courts, particularly the Supreme Court, to get anything done. And this is going to be the biggest challenge: popularity contests and nowtrage aside, at some point things like a budget and raising of the debt ceiling have to be done. Appeal to the base at the moment have no effect. The attempts to discredit the media will continue but with the courts that's going to be more difficult and the US setup is specifically there to prevent rule by decree.

Campaign mode might resume next year in the run up to the mid-terms with the hope of gaining a super majority in the Senate to push for constitutional change, which is clearly what Bannon, et al. are after. Trump, as ever, just wants to be popular.

12
0

Euro bloc blocks streaming vid geoblocks

Charlie Clark
Silver badge
FAIL

Re: This could backfire on them

This is nonsense. Why should the price for a product in one country in a single market differ from that in another country in the same single market, purely because of copyright? The geo-blocking has to go because it is in breach of the single market, pure and simple. Geo-blocking is discriminatory and removes opportunities for arbitrage. Well, except that with digital products, you essentially have new forms of arbitrage such as VPNs and torrents.

Copyright holders have for years flooded new markets with lower prices to drive out local productions only to raise prices once they have dominated the market. One side-effect of this has been to fuel the black market in places like China and Russia.

1
0

Google gets smooth early Android releases. OEMs are struggling

Charlie Clark
Silver badge

OEMs largely only have themselves to blame

If they contributed more actively to things that use AOSP then not only would they be able to release security fixes (the most important part) and OS updates much more frequently, but they would have less work doing so.

LineageOS (the successor to CyanogenMod) already has an impressive list of devices and, minor problems aside (do make sure you backup before trying it, is working well. Smoother than CM13.1 on my Samsung S5 and battery life seems better – could be down to Doze. Notifications on CM 14.1 were definitely more of a problem.

IMO Google will only be in trouble if they stop providing timely updates to AOSP. But this would also give OEMs more power and also drive people away from the services they're hoping to make money on.

6
0

BBC and Snap. But, why?

Charlie Clark
Silver badge
Mushroom

To be fair

it's not just SnapChat but all these commercial services disguised as "social networks". It's an egregious breach of the rules for any public service channel to promote any of them all in the name of engagement with the public.

7
0
Charlie Clark
Silver badge
Go

Re: Why?

I thought it was Trendy Tarquins? (cf. Summer School)

1
0

Update or shut up: Microsoft's choice for desktop Skypers

Charlie Clark
Silver badge

Only had brief experience with Slack's conferencing stuff but the experience was dreadful: resource hog with lots of dropped connections. Still very much a "work in progress".

Google really knows their network and codec shit: give Hangouts a go.

0
1
Charlie Clark
Silver badge

Old news

I stopped using Skype once MS starting enforcing MS logins for using it and I could no longer use the minimalist and usable client for MacOS. For chat there are hundreds of alternatives and for conferencing Hangouts has been more stable for years. Video chat has only ever really had novelty value but, again, Google has this nailed.

I have one customer where I have to use Skype for Business on their hardware and network. While it generally seems to work for me, many users complain that it is unreliable for voice so they dial-in on their VoIP lines which are sharing the ethernet with their computers.

3
0

Apple weans itself off Intel with 'more ARM chips' for future Macs

Charlie Clark
Silver badge

Re: Why not?

Arm + FPGA?

Already happening in HPC and even Intel is offering it to large enough customers. It's nice if you need to change things over time but things like encryption and codec's can just go straight into silicon and reduce unit costs.

0
0
Charlie Clark
Silver badge

Re: Fell apart

Well, IBM looked at the order volume and just wasn't interested in putting more resources into it.

3
0
Charlie Clark
Silver badge

Re: Why not?

Judging the performance of a CPU by its clock speed is so 1990.

He isn't: you can run workload tests. The only area I see Intel consistently on top is in heavily single-threaded stuff. Given how easy it is to add specific hardware acceleration to ARM there's no reason why Apple couldn't do this with its own chips.

But, while this might make sense for the phone chips because of the volumes Apple sales, it's probably quite happy at the moment for Intel to take all the risks on hardware development, negotiate a nice price and keep a fat margin. But a shift to a full ARM stack at any point is probably possible for Apple. My guess is that they'll wait until we start seeing a lot of Android-on-ARM notebooks.

1
0

Apple CEO: 'Best ever' numbers would be better if we'd not fscked up our iPhone supply

Charlie Clark
Silver badge

Re: Repatriation

Buying a cellular provider would be doubly stupid because they'd become a competitor to all the rest who operated in the same market(s) it did.

Possibly, but the current wave of vertical integration is heading this way anyway with AT&T buying Time Warner and Verizon's plan for Charter. So maybe go the whole hog with Disney and buy Sprint or T-Mobile (both have owners who'd like the cash). While I'm sure they'd be able to convince a lot of I-Phone owners to switch to their network, the bigger problem is that the change in the business culture: they don't want to become HP after Compaq!

0
0
Charlie Clark
Silver badge

Re: Repatriation

Look at Microsoft's history with their many large acquisitions, or Google buying Motorola, or the king of bad acquisitions in tech, Hewlett Packard.

While I agree with you generally it's probably worth looking a bit deeper: Google bought Motorola for the IP and flipped the carcass to Lenovo in a textbook "private equity" move. Google now has a nice patent portfolio for "patent trumps". Microsoft buys were probably more a mixed bunch: AQuantive stands out as a real turd hence the write-downs but some of the other deals (Skype and Nokia) were bad "business" but probably good for investors. These purchases were done with some of the cash stockpiled outside the US so they were very tax efficient for some investors.

HP, well poor HP lost its way when it bought Compaq and it's been downhill all the way since then. Maybe, just maybe, the split will a technology company to step out of the "consultants and services" shadow that is the real money pit.

0
0
Charlie Clark
Silver badge

Re: they'd have even better figures

The remarks about Qualcomm are very ironic.

2
3
Charlie Clark
Silver badge

Re: Repatriation

So Apple and co are going to repatriate trillions of dollars into the US.

Only if this can be done in a tax-efficient way, which usually means share-buybacks coupled with debt issuance.

Numbers were better than predicted but only 7% more Macs doesn't look good considering this was the first full quarter with new, more expensive models.

1
1

Microsoft's device masterplan shows it's still fighting Apple

Charlie Clark
Silver badge

The PC market is nearly dead

I was helping a friend look for a new computer this week and shocked by what was available in the shops. But just as much by the lack of customers actually eyeing the kit.

Manufacturers are still making the same mistakes they have for years and pushing sub-standard machines for Windows: 2GB on a modern machine isn't acceptable. This is real landfill, to use one of Andrew's favourite terms, and isn't helping the Windows cause. There is one potential brightspot: the I-Mac clones such as those from HP but these really need to be in the shops and on display.

The irony is that while I'm moaning about the spec of notebooks around the € 500 mark – okay but I'm not sure I'd like to work with one – (below this there are too many compromises) I'm fuming about Apple's prices. But, guess what, Apple's MacBook Pros (without the idiot bar) compare well to similarly specc'd and weighted (max 1.5 kg) notebooks but Lenovo seems desperate to give me a touchscreen (no, I really don't want one). Yes, there is a price differential but it is not sufficient for me to want to switch to Windows for development and nearly all the Linux GUIs make me cringe (I quite like some of the KDE stuff but there isn't everything I need in my stack). So, for me at least, it's going to be a Mac again (though no fecking I-Cloud or Siri) but maybe I'll pick up something like a Pi-Top as well.

Going forward: if anyone makes a serious go of Android-based keyboard devices then they could do quite well because what both IOS and Android apps do really well (among all the crap) is focus on the user.

Microsoft and Intel investors should be worried.

4
5

Intel's Q4 was 'terrific' and 'record setting' says CEO as profits dip

Charlie Clark
Silver badge

Exchange rate

They'll probably focus on the recent strength of the dollar deflating non-US revenues.

0
0

Apple eats itself as iPhone fatigue spreads

Charlie Clark
Silver badge

Re: Told you so

I think you may be surprised when the actual results are announced. While they might not be what some people expected or predicted, Apple will still be pocketing very large profits. Your price comparisons are not quite accurate (equivalent specs including weight are similarly priced) but Apple probably does need to be careful on the high-end of overdoing it.

2
0

President Trump tweets from insecure Android, security boffins roll eyes

Charlie Clark
Silver badge

The phone doesn't matter

Making political pronouncements via Twitter is simply cretinous: it privileges one media organisation over the rest.

1
0

Forums

Biting the hand that feeds IT © 1998–2017