* Posts by Charlie Clark

5402 posts • joined 16 Apr 2007

Softbank tears off chunk of ARM, feeds it to hungry Saudis

Charlie Clark
Silver badge

It needs the money to fund its purchase of the satellite company OneWeb (and service its Sprint and ARM-related debt). IOW: it's all available to the highest bidder. As for those jobs: safe as the ones at Vauxhall…

10
0

Messaging app used by Trump aides 'riddled with security bugs'

Charlie Clark
Silver badge

Re: Umm, hang on..

I thought it was only 47 days? At least that's what Kate Bolduan told me last night: good show, excellently anchored. Oh, hang on. Can't trust them journalists can you? I hope someone respectable on social media (oxymoron?) has some more reliable kind of clock. Like one that runs only when the government isn't being obstructed by Congress or the courts or simlar (pace Idi Amin).

2
1
Charlie Clark
Silver badge

As if the software is the only thing to worry about…

In any system that is worried about information being compromised — we note that leaks can be both the work of great patriots and despicable spies (or is it vice-versa) — the technology is rarely the biggest problem, the people are.

Lovely weather here.

7
0

Windows Server ported to Qualcomm's ARM server chip. Repeat, Windows Server ported to ARM server chip

Charlie Clark
Silver badge

Re: Hyper-V?

On a server you're probably even less inclined to want to run some kind of emulation code and even more inclined to want to take advantage of hardware design (bandwidth and acceleration): think of Netflix's requirements for example.

4
1
Charlie Clark
Silver badge

Famous last words

And there is absolutely no point showing off the software port if it's just going to be shelved and forgotten.

So, not like Windows NT for DEC/Alpha or MIPS then? ;-)

We'll have to see what the server market makes of this but ARM-based notebooks would be a welcome change at the lower end of the market where both the price of the Intel chip and the Windows licence eat into margins, meaning that manufacturers are even more likely than usual to cut corners with shit components.

10
0

Google, Microsoft bump bug bounties

Charlie Clark
Silver badge

Re: Oh, so fixing normal bugs is no longer a priority?

Since when has bug-fixing ever been Microsoft's priority? Where's the public bug tracker? MS does produce some good software but it also seems to treat users with contempt.

1
0

YouTube TV will be huge. Apple must respond

Charlie Clark
Silver badge
Thumb Down

Fairly wild speculation

For example, but converting just a fraction of its 1 billion viewers . If this is a US-only rollout then the international audience size is irrelevant. The rest of the article is full, as is Faultline's wont, of similar misleading claims.

17
0

Pence v Clinton: Both used private email for work, one hacked, one accused of hypocrisy

Charlie Clark
Silver badge
Facepalm

Re: Fail on El Reg's part.

Mainstream Media rag

Conspiracy theory…

0
0

Why so sad HPE, IBM, Lenovo? Server sales? Let's see... ah. Oh dear

Charlie Clark
Silver badge

Only Dell and Huawei exhibited growth for the quarter

Coincidentally neither company has to produce public accounts.

2
1

Europe's data protection rules set a high bar for consent – and UK ICO welcomes your thoughts

Charlie Clark
Silver badge

Re: question

Simple answer — yes

3
0

Dyson backs Britain plc with $2.5bn AI and robotics investment

Charlie Clark
Silver badge

Knock those down to China levels and they will offset the increases.

I thought Dyson had already done that years ago when off-shored production to Asia? And also moaned about how difficult it is to get good engineers in the UK?

The experience of developing economies suggest that it takes at least a generation to train people up to graduate level. So, this sounds like very much like the "North Sea Singapore" version of Brexit. Nothing wrong with this per se but I don't see it going down with those who favour the "keep foreigners out" one.

Personally, I prefer business leaders to keep out of politics as much as politicians should keep out of business. I have a Dyson vacuum cleaner and I wish the company success but I'm a little sceptical as to what this investment will really amount to.

2
0
Charlie Clark
Silver badge

Given Sir James's battles in an industrial landscape dominated by German interests…

This is nonsense. A bit like cars or PCs, vacuum cleaners were for years sold by equating power with performance. While German manufacturers may well have lobbied effectively against changes to the model, particularly when the EU decided power limits on vacuum cleaners (along with other domestic electric appliances) were a good thing, but so did pretty much every other manufacturer. The shenanigans about vehicle emissions were even more blatant but, again, everyone else seemed happy to go along.

Meanwhile German customers have discovered Dyson devices and seem to love them so why should Dyson try and cut itself off from this market?

Yes, the rules aren't perfect, and they are often gamed, but as a result of them every EU household (and elsewhere because of the size of the market) now has more efficient appliances than 10 years ago. If you're not happy with these regulations then the correct thing to do is to challenge them; and if you suspect foul play by the competition, then expose it. What certainly won't work will be every country trying to draw up and enforce its own regulations: we have years of evidence as to how bad this is for trade.

9
3

TWO BILLION PCs to sell in next five years

Charlie Clark
Silver badge

Re: They are still predicting PC sales to increase

t can't keep dropping forever, but it could easily keep dropping through 2021.

They certainly can keep dropping forever as PCs get replaced by other devices: docking stations for something even more mobile than a notebook.

Tablet sales, I have no idea about, I think bigger phones have been eating tablet sales and if they start doing folding phones so the screen gets 2x the size it'll eliminate more potential tablet sales.

Beefed up tablets will replace notebooks just as notebooks have replaced PCs. If phones continue to grow in size then any difference between them and tablets becomes moot, either way it's fewer PCs being sold.

0
0
Charlie Clark
Silver badge

Re: Improvement?

Only IBM is able to make faster chips; all x86 can do is add more cores, cache and SIMD instructions. So, no, except maybe for video encoding (and here you might as well use your phone) you probably won't notice any difference.

4
1
Charlie Clark
Silver badge

Re: You know what would increase PC sales?

So you're saying Win10 is a good enough computer OS for people that don't need computers? Sounds reasonable.

That works for me personally. Anecdotally, the people I know who've recently bought computers with Windows 10 find it okay – this includes those who deliberately avoided Windows 8 – but not a lot of people are buying new computers.

1
0
Charlie Clark
Silver badge

Re: You know what would increase PC sales?

I think this argument has been and gone: Windows 10 is "good enough" for the average consumer. In the meantime they've learned to love their smartphones and smart TVs and hardly ever need anything else.

3
4
Charlie Clark
Silver badge

Re: The market is saturated

At some point does the extra energy consumed by the older hardware outweigh the capital cost of replacing it with a lower energy version from a more recent architecture?

Well, you'd need seismic shifts such as those from mainframes to minis or minis to PCs. Otherwise you're looking at max 50 W difference which would be a couple of quid a year at most (50 W all the time is 12 kWh a day).

So new hardware when the old stuff fails or for more convenience, such as having a computer so mobile you can carry it with you all the time and even make phone calls with it.

2
1
Charlie Clark
Silver badge

Must try harder

The prediction is that the tablet market: standalone and detachable will shrink. If anything this is where the market is going. Except that there is no guarantee that it will be running Windows on Intel silicon.

3
0

Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

Charlie Clark
Silver badge

Re: Forgive my ignorace, but...

In extremis they can make it an offence to use or even develop encryption (Germany has laws in place which make the legal development of forensic software more or less impossible). Individuals might be prepared to live with paying the fine / short custodial sentence, but service providers would generally rollover. Then we get into the tricky area of people using service providers with other jurisdictions and the game of whack-a-mole.

Meanwhile the criminals who this kind of nonsense is supposed to target are already breaking the law and the governments own systems would most likely become more vulnerable, due to the principle of the weakest link being any consumer device (think mobile phone) that is brought in. The German parliament's computer systems have already been breached at least once by Russian hackers. But if you thought that would make them favour stronger encryption then you'd be mistaken. The debate, with a nod to Blackadder, simply gets recast as one of "good" versus "bad" hackers and the need to give "our guys" the best tools. And the crooks and the terrorists will continue to use the best tools available…

5
0
Charlie Clark
Silver badge

It's simply electioneering as both Germany and France have national elections this year. They will have been properly briefed by the experts in their departments and decided to publish anyway: this is the right of politicians.

Elsewhere the German government is planning that immigrants be forced to hand over their mobile phones when they arrive, ie. infringe their constitutional right to privacy. So, this will obviously be struck down by the constitutional court as, unlike the US, the German constitution doesn't differentiate between German and foreign citizens. Doesn't matter because that will take some time and in the meantime it looks tough.

24
0

Google's Project Zero reveals another Microsoft flaw

Charlie Clark
Silver badge

Re: A 32 function deep call stack just to handle a column break??

Pretty sure Edge was supposed to be that project...

Nah, IE 9 was the rewrite but it still contained wonderful things like Active X. All MS did with Edge was remove stuff like that and focus on graphics and JS performance.

0
0
Charlie Clark
Silver badge

Re: Capable of Learning?

More than the tech press, it looks it's Google that is using its hammer against competitors.

Give it a rest: the only way to judge Google is how they respond to similar reports about their software and so far their record is pretty good.

5
2

The Psion returns! Meet Gemini, the 21st century pocket computer

Charlie Clark
Silver badge

Re: That display...

Hear, hear, all you useless HP/Acer, even ASUS, floggers of 768x1366 laptops. FFS get out of your dubious 2007 time warp.

Sorry, I should have qualified: there will be a sweet spot based around the current size of popular smartphones simply because of the number of screens that can be cut from a wafer: notebook screens will be competing with about 10 phones from the same wafer, which would drive up relative prices.

2
0
Charlie Clark
Silver badge

Re: Does this niche still exist?

I think the economics may actually favour something like this more than 10 or 15 years ago. The smartphone business has commodified the miniaturisation of high quality and high power components. While this has pretty much put an end to medium-range notebooks, where volume is key, it has opened up new opportunities for the niche. Think of the Pebble before the VCs came along: that risk still exists for this.

3
0
Charlie Clark
Silver badge

Re: That display...

2880x1440? For a 5.7" display? WHY?!

Quite possibly because hi-res screens are almost as cheap as lower res ones: phones switched to higher res screens some years back and have dominated screen production for years. Also, you will almost certainly have this device closer to your eyes than a notebook, so may well appreciate the extra detail.

However, the key thing for me for the screen will be how it handles in bright sunshine. If they get this right then there are tens of thousands of field engineers simply gagging for something like this. Well, "ruggerised" versions of it at least.

7
0

Git fscked by SHA-1 collision? Not so fast, says Linus Torvalds

Charlie Clark
Silver badge

Re: Once again - try it with .TXT files

Until someone can demonstrate two .TXT

No, you don't really want to wait that long once this kind of proof of concept has been produced. Some of the people who might exploit it may have access to resources considerably beyond those used in the study and they won't tell you when they can do it.

Fortunately, replacement ciphers are available and should be rolled out. No new encryption projects should rely on the older protocol.

1
7

BOFH: Elf of Safety? Orc of Admin. Pleased to meet you

Charlie Clark
Silver badge

Re: Nice twist!

In the case of a H&S I think everybody is on the BOFH's side…

45
0

Motorola's modular Moto Z: A fine phone for a weekend away

Charlie Clark
Silver badge

Re: Stupid

If you want it to be fatter and with more battery, put a battery pack on it.

If I know I want better battery life from the get go, I'll buy a phone with a bigger battery.

0
1
Charlie Clark
Silver badge

Re: Battery life

I might even argue that a snap on external battery is a superior solution to a swappable main battery.

Yeah, but generic battery packs are dirt cheap and universally usable.

1
1

Oh UK. You won't switch mobile providers. And now look at you! £5.8bn you've lost

Charlie Clark
Silver badge

Re: How it works in Germany

I believe there is hesitation to switch to this model for mobiles as there were a lot of problems when this model was implemented for gas & electricity suppliers.

Wouldn't have anything to do with a timid and toothless regulator would it? We haven't had anything like it here (yet) but I imagine something like Talk Talk's data breach would also have been handled more seriously. The flip-side is that stronger competition leads to more rationalisation – meters have been remote read for years – which means fewer low-paid, low-skilled jobs.

Maybe German sales people are more honest than their British counterparts?

Not really, the same breed of spotty, commission-obsessed youths appears to inhabit shops around the world and the telesales people are just as aggressive. The difference is really in how complaints related to inevitable mis-selling are handled.

2
0
Charlie Clark
Silver badge

The costs of switching

While I would encourage everyone to keep abreast of the average costs of the various services they use, it should also be noted that there are always costs associated with switching: researching, form-filling, etc. Very often the optimal approach is switching tariffs at your existing provider. But that won't make companies like uSwitch very happy.

3
0
Charlie Clark
Silver badge

How it works in Germany

The company to which you are moving requests permission from your existing network to port the number. Normally this means they provide you with a form to do this. In this way their interests are aligned with yours when you want to switch. There are also strict timelines for the procedure with the disabling of the number on one network and enabling it on another having to take place within 24 hours (much less in my experience).

In contrast the UK system seems to place the burden on the customer to arrange keeping their number. This also gives the existing service provider leverage against any switch, which is anti-competitive. Still, as the right to keep the number was one of those nasty, burdensome regulations handed down from Brussels, it's probably only a matter of time until it's revoked and you don't have to worry about switching networks because you won't be able to keep it. That's what "taking back control" is all about, right?

8
2

Fitbit hit on Pebble kit cost just 20 million quid? Oh s**t!

Charlie Clark
Silver badge

That's Silicon Valley VCs for you. I'm sure there's a book and probably also a film in the rise and fall of Pebble…

2
0

Meet the chap open-sourcing US govt code – Paul, an ex-Microsoft anti-piracy engineer

Charlie Clark
Silver badge

Re: Go for it!

Really, various agencies should be tasked with producing open source software.

That sort of implies they should be software maintainers. Maybe not such a great idea. But many places already have processes based around the data ("Open Data") they release and the various APIs they provide.

1
0
Charlie Clark
Silver badge

OTOH

It's not as if other countries haven't had the same problem. Even the UK finally managed to get over itself and get on with it, though I think different bodies have different licences where a simple BSD-inspired Crown Copyright Licence would probably have sufficed.

Export are a real PITA and restrictions apply to anything cryptographic, one of the reasons why OpenSSH is based in Canada. It's sort of nonsense in an open source world but try telling that the politicians.

2
0

Your next PC is… your 'Droid? Remix unveils Continuum-killer

Charlie Clark
Silver badge

They have great vision but I suspect it's going to be a while before they get there: the devil is very much in the detail on these things but building up from the phone is the way to go. Just not x86.

I was pleasantly surprised the other day when I enabled multi-window view on LOS 14.1 on my S5

2
1

Java and Python have unpatched firewall-crossing FTP SNAFU

Charlie Clark
Silver badge

Re: Oops, especially for Oracle

I can't say I'm surprised about Python; the way it does some stuff looks inherently insecure, and the lack of static typing probably makes security testing much harder.

The relatively low number of CVEs listed for Python would suggest that your hunch is ill-founded.

As thames says, static typing doesn't really help you when it comes to security testing, which is usually about handling conditions, including stuff in the protocols, you didn't plan for. In the right situation Java will be just as dynamic as Python. Gary Bernhardt's comparison is worth watching.

Security testing never ends: there will always be new exploits because there's always something you haven't thought of. The important thing is how we as developers respond when informed that our software is vulnerable. Personally, I've already fixed a potential XXE vulnerability this year. What have you done?

1
0

Google bellows bug news after Microsoft sails past fix deadline

Charlie Clark
Silver badge

Re: With a monthly patch cycle

Of course with the schedule being set to a fixed day of the month it means that there will be either 13 or 14 weeks for three such

They've been releasing out of cycle patches increasingly often. But it really doesn't matter: if there is injury as a result of this then I can't see any jury sympathising with them. Maybe they just need a massive fine to take these things seriously enough.

The software industry repeatedly manages to worm itself out of strict liability by promising to release updates. But there are many, though obviously no criminal attempt to cover things up, with VW's recent software manipulation, which while settled by the regulators, is still open for civil suits.

3
0
Charlie Clark
Silver badge

Re: ...the company all-but-accused Google of...

If however there is no known zero-day…

Think of this again in terms of strict liability and a possible case for negligence. Remember, Google initially notified Microsoft in March 2016 and most of the forensics tools they're using are freely available.

Unknownzero-day exploits are obviously worth more so there is an incentive to keep them from being disclosed.

4
0
Charlie Clark
Silver badge

Re: GDI32?

You don't mean 32-bit applications, you mean legacy stuff using MFC, including from the bug report Office 2013. GDI has been known for years to have security problems, which is one of the reasons it was supposed to have been thrown out in Vista

Anyway, backwards compatibility should be available through emulation or thunking: the application shouldn't care whether it's talking to the hardware or something that looks like the hardware. It's just another corner that was cut.

7
0
Charlie Clark
Silver badge
FAIL

Re: ...the company all-but-accused Google of...

Google is weaponizing vulnerability disclosure…

I think I'll add this to my fake news filter…

Go and read the original bug report from March 2016 and see if you still think that.

10
0
Charlie Clark
Silver badge
Facepalm

Re: GDI32?

It's interesting isn't it? Wasn't GDI supposed to have been replaced by some kind of presentation manager in Windows Vista?

3
2
Charlie Clark
Silver badge

Re: With a monthly patch cycle

but I think 90 days is pretty short for making a bug public

I think the limit is fairly arbitrary. If the team at Google can find the bug then who's to say others with less "honourable" intent can't? I guess you have to balance any potential risk posed by Google's disclosure with that by Microsoft's inability to close it properly.

In any case the original bug was reported in March 2016: it's only the follow up that's from November. That seems like more than long enough to me.

12
0

Love lambda, love Microsoft's Graph Engine. But you fly alone

Charlie Clark
Silver badge

What?

JOINs in relational databases would be prohibitively computationally expensive

JOINs shouldn't involve computation and they're usually themselves in-memory lookups.

SQL might be shit for graph work but that has little to with graph databases. But graphs and topology are a different branch of maths than relational calculus.

As for transactional stuff: if it isn't ACID then it will break and you will lose data. Analytical processing can benefit from parallelism, just as it can live better with redundancy but the SparkSQL approach allows you to keep the API while playing with the storage.

2
3

Microsoft makes cheeky bid for MongoDB devs on Azure security grounds

Charlie Clark
Silver badge

Re: Meh

The problem is not taking security seriously enough to properly design and implement your system.

As if that were the only problem with the DB. But, hey, now you can connect the browser client directly with the server DB for better performance. If you're worried about security, you'll never be a hipster!

0
0
Charlie Clark
Silver badge
Mushroom

Meh

I think asking the next door neighbour's kids to look after your data is safer than using Mongo DB. But as hipsters all we care about is: is it JSON and webscale?

The end of the world isn't far off.

5
1

Global IPv4 address drought: Seriously, we're done now. We're done

Charlie Clark
Silver badge

Re: CGNAT?

I would be interested to know where the 100,000 registered systems statistic comes from, it sounds like a made up on the spot statistic.

You tend to hear it from anyone involved in peering, so CDN vendors or the like. But for them 100,000 systems is an awful lot of stuff to manage: routing on IPv4 is getting worse as a result of growth here.

0
0
Charlie Clark
Silver badge

Re: "nat-has-nothing-to-do-with-security"

We have all seen what happened when instead of routers with NAT; people had "modems" which directly attached the computers to the Internet - a lot of systems compromised with ease.

I think you'll find that millions of systems are compromised with ease at any one time. Protection via NAT was coincidental, much like security through obscurity, and it didn't take long for hackers to work around any "protection" afforded by NAT.

1
4
Charlie Clark
Silver badge

Re: CGNAT?

works just fine

For you. At the moment. CGNAT has to do a lot of what should be totally unnecessary shit just so that "it works for". At some point this translates into higher cost and poorer service…

1
1
Charlie Clark
Silver badge

Re: Address allocated but not live

In other words don't move my cheese.

IPv6 isn't perfect but the lack of addresses in only one problem that it attempts to solve for which there is no solution in IPv4. IPv4 was designed for a couple of million devices (address contention is not a problem you ever want to have on a network) and it's a testimony to how well it was designed that it copes with billions of devices on it and the huge volumes of streaming traffic it handles.

A comparison with HTTP is imperfect but still perhaps useful. For many years it was acknowledged that HTTP 1.1 had limitations (no TLS, no multiplexing) but there was a lot of inertia to overcome so no work was done on HTTP 2. A few years ago, Google and others started working on an imperfect replacement SPDY to help mitigate some of the problems they had due directly to HTTP 1. The ideas formed the basis of HTTP 2, which while still not perfect is being rolled out around the world and will soon be given privileged access. This, in my opinion, is how the IETF is supposed to work and I wouldn't be surprised if Google and others start privileging IPv6 traffic once the numbers are right.

0
0

Forums

Biting the hand that feeds IT © 1998–2017