* Posts by Charlie Clark

5409 posts • joined 16 Apr 2007

Google bellows bug news after Microsoft sails past fix deadline

Charlie Clark
Silver badge

Re: With a monthly patch cycle

but I think 90 days is pretty short for making a bug public

I think the limit is fairly arbitrary. If the team at Google can find the bug then who's to say others with less "honourable" intent can't? I guess you have to balance any potential risk posed by Google's disclosure with that by Microsoft's inability to close it properly.

In any case the original bug was reported in March 2016: it's only the follow up that's from November. That seems like more than long enough to me.

12
0

Microsoft makes cheeky bid for MongoDB devs on Azure security grounds

Charlie Clark
Silver badge

Re: Meh

The problem is not taking security seriously enough to properly design and implement your system.

As if that were the only problem with the DB. But, hey, now you can connect the browser client directly with the server DB for better performance. If you're worried about security, you'll never be a hipster!

0
0
Charlie Clark
Silver badge
Mushroom

Meh

I think asking the next door neighbour's kids to look after your data is safer than using Mongo DB. But as hipsters all we care about is: is it JSON and webscale?

The end of the world isn't far off.

5
1

Global IPv4 address drought: Seriously, we're done now. We're done

Charlie Clark
Silver badge

Re: CGNAT?

I would be interested to know where the 100,000 registered systems statistic comes from, it sounds like a made up on the spot statistic.

You tend to hear it from anyone involved in peering, so CDN vendors or the like. But for them 100,000 systems is an awful lot of stuff to manage: routing on IPv4 is getting worse as a result of growth here.

0
0
Charlie Clark
Silver badge

Re: "nat-has-nothing-to-do-with-security"

We have all seen what happened when instead of routers with NAT; people had "modems" which directly attached the computers to the Internet - a lot of systems compromised with ease.

I think you'll find that millions of systems are compromised with ease at any one time. Protection via NAT was coincidental, much like security through obscurity, and it didn't take long for hackers to work around any "protection" afforded by NAT.

1
4
Charlie Clark
Silver badge

Re: CGNAT?

works just fine

For you. At the moment. CGNAT has to do a lot of what should be totally unnecessary shit just so that "it works for". At some point this translates into higher cost and poorer service…

1
1
Charlie Clark
Silver badge

Re: Address allocated but not live

In other words don't move my cheese.

IPv6 isn't perfect but the lack of addresses in only one problem that it attempts to solve for which there is no solution in IPv4. IPv4 was designed for a couple of million devices (address contention is not a problem you ever want to have on a network) and it's a testimony to how well it was designed that it copes with billions of devices on it and the huge volumes of streaming traffic it handles.

A comparison with HTTP is imperfect but still perhaps useful. For many years it was acknowledged that HTTP 1.1 had limitations (no TLS, no multiplexing) but there was a lot of inertia to overcome so no work was done on HTTP 2. A few years ago, Google and others started working on an imperfect replacement SPDY to help mitigate some of the problems they had due directly to HTTP 1. The ideas formed the basis of HTTP 2, which while still not perfect is being rolled out around the world and will soon be given privileged access. This, in my opinion, is how the IETF is supposed to work and I wouldn't be surprised if Google and others start privileging IPv6 traffic once the numbers are right.

0
0

Google claims ‘massive’ Stagefright Android bug had 'sod all effect'

Charlie Clark
Silver badge

Re: Finally a sane article on Android security

Mikel,

I agree with most of what you say but I think Jason Bloomberg below makes the better point. People harping on about security flaws in Android aren't necessarily Microsoft (or more likely Apple) shills or fanbois. They're more likely to be just excitable users or occasionally journalists writing clickbait. All software companies should take security seriously. In the Android eco-system this is acknowledged to be less Google's problem than the manufacturers and I don't see it improving without regulation.

Sometimes you have to go outside the Google Play Store – I do it to get stuff that is geo-blocked for some reason – and this should be possible in any market. Google handles this correctly by disabling it by default but allowing the user to disable it.

Ant-virus products are mainly fig-leaves but can be useful for some users even if they only spot VBA mischief. Firewalls, depending on your definition, can be very useful, but, yes there is also industry that has spotted a niche by scaring rather than educating users.

6
1
Charlie Clark
Silver badge

Yet another way to read this is that the really nasty exploits

Not really. If the easiest way to compromise a phone is to get the user to install something then that's the thing to do.

4
1

Amazon Chimes into video-conferencing: Look out, Skype, Google

Charlie Clark
Silver badge
FAIL

awful writing

This article really epitomises why you shouldn't write one sentence paragraphs! It reads like a stream of unconnected statements.

0
0

The Register's guide to protecting your data when visiting the US

Charlie Clark
Silver badge

Re: passports

Some countries make special dispensations for this scenario.

Yes, for example Israel and Iran will refuse entry to anyone with a visa from the other country. Extra passports always available for this sort of thing.

9
0
Charlie Clark
Silver badge
Go

Opportunities?

This kind of security is incredibly expensive to do at scale (the state within the state is one of the things that bankrupted the Soviet Union). So, even if the CBP can get enough staff to cope, big if, it won't be long before economics dictate that they do less strict checks and use less well-paid people and contractors wherever possible; as happened in Europe with all the security theatre at the airports. This is a smugglers dream: low-paid security bods, cleaners and catering staff off multiple new and safer routes around the surveillance because quis custodet custodes? Time to start buying shares in M.A.F.I.A. ! ;-)

6
0

Google to cough up $20m after Chrome rips off anti-malware patents

Charlie Clark
Silver badge

Re: Shocked I tell you...

Then you're not thinking properly. USD 60 million is, in the words of former head of Deutsche Bank Rolf Breuer, "peanuts" to Google.

However, having to call the lawyers every time someone says "hey: I've got a patent on that bit of code!" can throw a real spanner in the works. And, remember this isn't necessarily about copying an implementation, which is what patents are intended to regulate, but basically marking territory. It's probably also worth noting that Chrome is largely open source and Google indemnifies the software precisely to prevent suits like this landing on Joe Bloggs for coding this for Chromium.

Over-zealous interpretation of patents is a great way to stifle innovation and, hence, competition. If Google hadn't decided the world needed a better browser then IE 9 would probably be the dominant browser, no one would have bothered writing JIT compilers for JS and a lot of the services we take for granted wouldn't exist. I'm not a Google fanboi and I don't use Chrome, but in my view there's no doubt they've made a significant contribution to the development of a standards-based web. BTW. Microsoft itself has also suffered at the hands of patent trolls though the Eolas' patent at least.

11
3

Munich may dump Linux for Windows

Charlie Clark
Silver badge

Re: Get it right

I think you're assuming that by "cloud" I mean a heap on unreliable bits of SaaS on the internet and waving goodbye to all their data. In fact, businesses are looking hard at running their own SaaS "clouds" as a way of simplifying infrastructure: you get a device and the network is configured to provide you with the apps you need and make sure the data is only where it should be.

Hipster companies do tend to make a lot of mistakes but their focus on doing as little system administration as possible has its merits as an approach.

1
0
Charlie Clark
Silver badge

Re: Charlie Clark

Really the same applies to most software now :( MS buggered about the the UX in the great 8.1 failure, Macs have been getting dumber

The MacOS UI hasn't changed all that much since I switched to it (2006). Most of Apple's fucking about has been with I-Tunes to make it more like the IOS one. I-Phones have had all the changes but I've never had one so I don't care. I guess they do regularly fuck up the POSIX stuff. :-| and they did dumb down the disk manager.

Put it this way: I've managed with the same system for 10 years on 4 different devices, just migrated painlessly each time. That is worth a lot.

4
0
Charlie Clark
Silver badge

Re: Replacing Linux with Windows, based on *cost*?

Really, this "training for users"

Not really, it's just as much about management of the environment: distribution of patches, updates, new software, etc. I've heard that Windows 10 does some good things in this respect but also that it enforces an update cycle that not everyone is happy with.

My experience in this area is limited (I use MacOS): client Win 7 seems to need reboots daily now for some reason, but every time I boot a Linux box I become convinced that the UX team hates me.

I'm not trolling, just pretty meh on this.

7
6
Charlie Clark
Silver badge

Get it right

The proposal will be voted on next week, but its passage is not guaranteed as the ruling Social Democratic Party is in coalition with the Greens and the latter party opposes the change.

At least according to Heise, Munich is currently run by an SPD/CSU coalition. The CSU in particular loves to do sweetheart deals with large companies.

I was chatting with a mate of mine about IT strategy for the next few years and it seems Microsoft has been reasonably successful in lobbying companies to give them another round. This is probably the last one before everything moves to BYOD + docking station + cloud.

The migration costs alone probably make this a zero sum game but there's no denying that it's not as easy to get support for a large Linux desktop installation as it is for Windows.

0
2

Samsung's Chromebook Pro: Overpriced vanilla PC with a stylus. 'Wow'

Charlie Clark
Silver badge

Intel, sigh

Show me something like this without TPM and that only runs Android and runs on ARM (so no app problems) and have some cash.

1
2

Grumpy Trump trumped, now he's got the hump: Muslim ban beaten back by appeals court

Charlie Clark
Silver badge

Gorsuch is strongly in favour of states' rights. Any judge likely to rule in favour of states over abortion bans, is just as likely to rule in their favour against overreach of the federal government. And there are going to be plenty of those going forward.

But, in any case, given that he'll best questioned on this in the hearings, he would have to recuse himself from the case, should be approved by the time any case is brought.

2
0
Charlie Clark
Silver badge

Re: Trumped

Most of the Middle East countries seem to have little problem with his ban, did you know that?

What the ones with the good ties to the US like the Emirates and Saudi Arabia? You might want to look at the list of countries from which there are known international terrorists and wonder why they're not on the list.

As a European I'm looking forward to all the business from Iran and elsewhere that will come our way as the US withdraws from international trade.

18
1
Charlie Clark
Silver badge

Re: "SEE YOU IN COURT, THE SECURITY OF OUR NATION IS AT STAKE!"

Ploy all along, I think he knew it wouldn't fly, that it'd get struck down

There are several problems with this:

  • the way the order was drafted and communicated
  • the attacks on the judiciary
  • but, most importantly, he's not running for election: the campaign is over
He no longer needs the votes of the saps who voted for him in November. But he is going to need cross-party support in Congress to pursue his agenda, which may include attempts to reduce the powers of both the legislature and the judiciary, and the courts, particularly the Supreme Court, to get anything done. And this is going to be the biggest challenge: popularity contests and nowtrage aside, at some point things like a budget and raising of the debt ceiling have to be done. Appeal to the base at the moment have no effect. The attempts to discredit the media will continue but with the courts that's going to be more difficult and the US setup is specifically there to prevent rule by decree.

Campaign mode might resume next year in the run up to the mid-terms with the hope of gaining a super majority in the Senate to push for constitutional change, which is clearly what Bannon, et al. are after. Trump, as ever, just wants to be popular.

12
0

Euro bloc blocks streaming vid geoblocks

Charlie Clark
Silver badge
FAIL

Re: This could backfire on them

This is nonsense. Why should the price for a product in one country in a single market differ from that in another country in the same single market, purely because of copyright? The geo-blocking has to go because it is in breach of the single market, pure and simple. Geo-blocking is discriminatory and removes opportunities for arbitrage. Well, except that with digital products, you essentially have new forms of arbitrage such as VPNs and torrents.

Copyright holders have for years flooded new markets with lower prices to drive out local productions only to raise prices once they have dominated the market. One side-effect of this has been to fuel the black market in places like China and Russia.

1
0

Google gets smooth early Android releases. OEMs are struggling

Charlie Clark
Silver badge

OEMs largely only have themselves to blame

If they contributed more actively to things that use AOSP then not only would they be able to release security fixes (the most important part) and OS updates much more frequently, but they would have less work doing so.

LineageOS (the successor to CyanogenMod) already has an impressive list of devices and, minor problems aside (do make sure you backup before trying it, is working well. Smoother than CM13.1 on my Samsung S5 and battery life seems better – could be down to Doze. Notifications on CM 14.1 were definitely more of a problem.

IMO Google will only be in trouble if they stop providing timely updates to AOSP. But this would also give OEMs more power and also drive people away from the services they're hoping to make money on.

6
0

BBC and Snap. But, why?

Charlie Clark
Silver badge
Mushroom

To be fair

it's not just SnapChat but all these commercial services disguised as "social networks". It's an egregious breach of the rules for any public service channel to promote any of them all in the name of engagement with the public.

7
0
Charlie Clark
Silver badge
Go

Re: Why?

I thought it was Trendy Tarquins? (cf. Summer School)

1
0

Update or shut up: Microsoft's choice for desktop Skypers

Charlie Clark
Silver badge

Only had brief experience with Slack's conferencing stuff but the experience was dreadful: resource hog with lots of dropped connections. Still very much a "work in progress".

Google really knows their network and codec shit: give Hangouts a go.

0
1
Charlie Clark
Silver badge

Old news

I stopped using Skype once MS starting enforcing MS logins for using it and I could no longer use the minimalist and usable client for MacOS. For chat there are hundreds of alternatives and for conferencing Hangouts has been more stable for years. Video chat has only ever really had novelty value but, again, Google has this nailed.

I have one customer where I have to use Skype for Business on their hardware and network. While it generally seems to work for me, many users complain that it is unreliable for voice so they dial-in on their VoIP lines which are sharing the ethernet with their computers.

3
0

Apple weans itself off Intel with 'more ARM chips' for future Macs

Charlie Clark
Silver badge

Re: Why not?

Arm + FPGA?

Already happening in HPC and even Intel is offering it to large enough customers. It's nice if you need to change things over time but things like encryption and codec's can just go straight into silicon and reduce unit costs.

0
0
Charlie Clark
Silver badge

Re: Fell apart

Well, IBM looked at the order volume and just wasn't interested in putting more resources into it.

3
0
Charlie Clark
Silver badge

Re: Why not?

Judging the performance of a CPU by its clock speed is so 1990.

He isn't: you can run workload tests. The only area I see Intel consistently on top is in heavily single-threaded stuff. Given how easy it is to add specific hardware acceleration to ARM there's no reason why Apple couldn't do this with its own chips.

But, while this might make sense for the phone chips because of the volumes Apple sales, it's probably quite happy at the moment for Intel to take all the risks on hardware development, negotiate a nice price and keep a fat margin. But a shift to a full ARM stack at any point is probably possible for Apple. My guess is that they'll wait until we start seeing a lot of Android-on-ARM notebooks.

1
0

Apple CEO: 'Best ever' numbers would be better if we'd not fscked up our iPhone supply

Charlie Clark
Silver badge

Re: Repatriation

Buying a cellular provider would be doubly stupid because they'd become a competitor to all the rest who operated in the same market(s) it did.

Possibly, but the current wave of vertical integration is heading this way anyway with AT&T buying Time Warner and Verizon's plan for Charter. So maybe go the whole hog with Disney and buy Sprint or T-Mobile (both have owners who'd like the cash). While I'm sure they'd be able to convince a lot of I-Phone owners to switch to their network, the bigger problem is that the change in the business culture: they don't want to become HP after Compaq!

0
0
Charlie Clark
Silver badge

Re: Repatriation

Look at Microsoft's history with their many large acquisitions, or Google buying Motorola, or the king of bad acquisitions in tech, Hewlett Packard.

While I agree with you generally it's probably worth looking a bit deeper: Google bought Motorola for the IP and flipped the carcass to Lenovo in a textbook "private equity" move. Google now has a nice patent portfolio for "patent trumps". Microsoft buys were probably more a mixed bunch: AQuantive stands out as a real turd hence the write-downs but some of the other deals (Skype and Nokia) were bad "business" but probably good for investors. These purchases were done with some of the cash stockpiled outside the US so they were very tax efficient for some investors.

HP, well poor HP lost its way when it bought Compaq and it's been downhill all the way since then. Maybe, just maybe, the split will a technology company to step out of the "consultants and services" shadow that is the real money pit.

0
0
Charlie Clark
Silver badge

Re: they'd have even better figures

The remarks about Qualcomm are very ironic.

2
3
Charlie Clark
Silver badge

Re: Repatriation

So Apple and co are going to repatriate trillions of dollars into the US.

Only if this can be done in a tax-efficient way, which usually means share-buybacks coupled with debt issuance.

Numbers were better than predicted but only 7% more Macs doesn't look good considering this was the first full quarter with new, more expensive models.

1
1

Microsoft's device masterplan shows it's still fighting Apple

Charlie Clark
Silver badge

The PC market is nearly dead

I was helping a friend look for a new computer this week and shocked by what was available in the shops. But just as much by the lack of customers actually eyeing the kit.

Manufacturers are still making the same mistakes they have for years and pushing sub-standard machines for Windows: 2GB on a modern machine isn't acceptable. This is real landfill, to use one of Andrew's favourite terms, and isn't helping the Windows cause. There is one potential brightspot: the I-Mac clones such as those from HP but these really need to be in the shops and on display.

The irony is that while I'm moaning about the spec of notebooks around the € 500 mark – okay but I'm not sure I'd like to work with one – (below this there are too many compromises) I'm fuming about Apple's prices. But, guess what, Apple's MacBook Pros (without the idiot bar) compare well to similarly specc'd and weighted (max 1.5 kg) notebooks but Lenovo seems desperate to give me a touchscreen (no, I really don't want one). Yes, there is a price differential but it is not sufficient for me to want to switch to Windows for development and nearly all the Linux GUIs make me cringe (I quite like some of the KDE stuff but there isn't everything I need in my stack). So, for me at least, it's going to be a Mac again (though no fecking I-Cloud or Siri) but maybe I'll pick up something like a Pi-Top as well.

Going forward: if anyone makes a serious go of Android-based keyboard devices then they could do quite well because what both IOS and Android apps do really well (among all the crap) is focus on the user.

Microsoft and Intel investors should be worried.

4
5

Intel's Q4 was 'terrific' and 'record setting' says CEO as profits dip

Charlie Clark
Silver badge

Exchange rate

They'll probably focus on the recent strength of the dollar deflating non-US revenues.

0
0

Apple eats itself as iPhone fatigue spreads

Charlie Clark
Silver badge

Re: Told you so

I think you may be surprised when the actual results are announced. While they might not be what some people expected or predicted, Apple will still be pocketing very large profits. Your price comparisons are not quite accurate (equivalent specs including weight are similarly priced) but Apple probably does need to be careful on the high-end of overdoing it.

2
0

President Trump tweets from insecure Android, security boffins roll eyes

Charlie Clark
Silver badge

The phone doesn't matter

Making political pronouncements via Twitter is simply cretinous: it privileges one media organisation over the rest.

1
0
Charlie Clark
Silver badge

Re: Douglas Adams nailed it

It's older than that: the Marx brothers but probably also Mark Twain, et al including Cicero. It's painfully obvious that those wishing to wield power are the least suited to doing. But, unfortunately, they're also usually very charismatic.

1
0

Trump lieutenants 'use private email' for govt work... but who'd make a big deal out of that?

Charlie Clark
Silver badge

There's a huge distinction between speculation and propaganda…

3
0
Charlie Clark
Silver badge

Re: No Surprise

Speaking of executive orders, how come they were bad when Obama was making them but suddenly OK now?

Who's complaining about them? All presidents make them with the knowledge that the next one might undo them. But if you want details then Obama's orders were usually made after he couldn't get something through Congress, Trump is currently signing ones largely for show: nearly everything still has to go through Congress.

Trump reminds me of Mussolini: he likes to be in front of the camera doing something. We can expect a lot of this for a while but at some point he's going to have to deliver and the constitution deliberately makes that difficult.

6
0
Charlie Clark
Silver badge

Re: Some of us who have been around a longish time...

WE know which is the lesser of the two evils, and it ain't Clinton.

I actually like Larry Correia's comparison of them as two different forms of cancer. Lots of reasons not to vote for either of them but one of them had to win. On balance, as an outsider I think Trump's business interests are going to be the biggest problem and this is where the attention should be focused. We should get used to him hiring and subsequently firing venal incompetents.

1
2
Charlie Clark
Silver badge

It's really quite simple: employed office holders are banned from conducting party business.

9
3

Samsung Galaxy S8 will be a no-show at MWC, exec says

Charlie Clark
Silver badge

Re: Bloody hell

Mind that's all assuming the reports true.

They may all be true but also incomplete. Samsung's initial response indicated that they thought there was a construction / design problem in batteries from one supplier. This turned out to be an optimistic and, ultimately, very expensive assumption as we're now learning. For whatever reasons the design flaws in the batteries only became apparent once they were in the devices. Alongside pressure and the usual bashing we give our phones, you've also got lots and lots of dodgy power supplies.

The key thing will be the lessons learned both in terms of design, specification, testing and approval processes: is someone really going to stop the launch of something that has been in development for 18 months?

As all Li-Ion batteries are potentially explosive it's important to get regulators onboard here. I can see arguments both for and against mandating removable batteries: makes recalls a whole lot easier; knock-off replacement batteries are known to be safety risk. Getting the regulators onboard also makes it easier to fight off competition from no-name Chinese makers who give even less of a shit about safety and one of the reasons why Samsung went ahead with this particular specification was in response to a highly competitive market. Had it worked out as intended, it should have insulated Samsung a bit more from the cut-throat competition.

1
0
Charlie Clark
Silver badge

Re: Bloody hell

Obviously not enough.

But I suspect the problem was related as to what kind of testing was done: you would be amazed at what people actually do with their phones and anticipating this can be very hard.

I'm not a consumer electronics engineer so I'm not going to speculate but I do wonder from the report as to whether pressure sensitivity (such as being in an airplane) might have pushed things beyond design tolerance on some devices. No excuse, of course, but remember the number of reported incidents versus the number of devices actually sold.

1
0

Government to sling extra £4.7bn at R&D in bid to Brexit-proof Britain

Charlie Clark
Silver badge
Facepalm

There is now new money…

at least based on the last budget there isn't. So any announcements are either the usual repackaging of previous ones, or outright lies, or both like the £ 350 million a week allegedly to be found down the Treasury's sofa.

6
0
Charlie Clark
Silver badge

Re: Buzzword bingo and the boomer mindset

They would do better spending their time thinking up a strategy for preserving UK-owned exploitable intellectual property,

Easy to do using some kind of golden share but this begs the question as to whether ARM would have been as successful with such an arrangement. On paper the ARM sale was a great deal for the shareholders… A bigger problem is current trend for debt-financed M&A but I don't expect any government to take any steps to reduce this any time soon.

Governments almost always get it wrong when they get closely involved in industrial policy whether it's by trying to pick winners, protectionist policies or subsidies in the form of lower taxes.

5
1

Samsung set a fire under battery-makers to make the Galaxy Note 7 flaming brilliant

Charlie Clark
Silver badge

Give it a rest

Your correspondent suspects the idea Samsung wants us all to take away is that it pushed so hard…

… that safety considerations were ignored with disastrous, though fortunately not life-threatening, effects.

While you're busy beating on Samsung you might also mention Takata whose problems with airbags were slightly more alarming. Or any of the many similar cases. For various reasons (cost-cutting is not the only one) products are released onto the market with defects. Some of these can and should be avoided. But before we get on our high horses, we might take a moment to consider how complicated some of this stuff is.

That said, while Samsung is handling the Note 7 extremely well, it's got a potentially bigger issue related to the influence peddling scandal in South Korea.

7
0
Charlie Clark
Silver badge

Re: Comparison of outrage

To be fair to the "journnos" stories like this and the Apple "antennagate" are easy to write and attract lots of readers. But, basically, there's not much meat left of this: Samsung fucked up, fumbled and then accepted full responsibility and did a complete product recall and investigation. You can't really expect more than that.

13
0

Google loses Android friends with Pixel exclusivity

Charlie Clark
Silver badge

Re: Give it a rest

Have to agree with you on this. Google is already beta testing the assistant on world & dog in Allo and will no doubt release it as a standalone app in due course.

0
0

Forums

Biting the hand that feeds IT © 1998–2017