* Posts by Richard 12

3206 posts • joined 16 Jun 2009

Bethesda blunders, IRS sounds the alarm, China ransomware, and more

Richard 12
Silver badge

Re: The problem of creating unique keys...

Why do you think you need to do that?

That's one of the things specifically prohibited by the Regulations.

If someone buys a widget and declines your kind offer to create an account, then you're simply not permitted to link any of their future transactions to that one.

Report fraud up the chain to the payment processor. That's the card issuer's problem, not yours.

Richard 12
Silver badge

Re: One of those is off-line backup

The problem of creating unique keys without reference to any other party is long solved and built into all well-known operating systems and database platforms.

Aside from that, data minimization means "Do not collect or store more data than is actually strictly necessary to provide the service".

In other words: You don't need someone's gender for any online transactions at all. Don't ask for it. You don't need their social security number to sell them a widget. Don't ask for it.

The CVV code is only needed for the period of the transaction, don't store it.

As a rule of thumb, if Marketing are asking for the data then you probably should not store it.

It's December of 2018 and, to hell with it, just patch your stuff

Richard 12
Silver badge

Re: Spectre and Meltdown

I believe there have been some Meltdown ones.

Spectre is difficult to exploit. As I understand it, it's really mostly a route to attack those who put some of their eggs in " the cloud" services as the easiest/most reliable Spectre exploits rely on being a VM living on the same host machine as your target.

If you're self-hosted, then an attacker in a position to use Spectre vulnerabilities is also able to use other, faster and more reliable vulnerabilities, or doesn't need to bother because they're already inside the airtight hatchway.

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

Richard 12
Silver badge

There's no technical difference

A wiretap is a backdoor, and exposes your privates to anyone and everyone who cares to try.

When wiretapping meant physically clipping onto actual wires, it was less serious because a miscreant who did it would have been found out relatively quickly.

Under this legislation, wiretaps become automated and thus any miscreant, anywhere in the world can create one. For example, on the private communications of the Australian Prime Minister.

And the next 7nm laptop processor will be designed by In, er, AM, um, Qualcomm: The 64-bit Arm Snapdragon 8CX

Richard 12
Silver badge

They will ensure Android will support the chipset, and that means Linux will.

I don't know if Microsoft are still enforcing the "This Arm is Microsoft's" clauses they added in Windows 8 RT.

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate

Richard 12
Silver badge

Re: But what was working?

Voice was down for many users for 10 to 12 hours, as 4G carries voice as well as data.

It was worse than the cells being gone, as handsets would register with O2, but be unable to make calls. So even "emergency only" mode wasn't available.

Credit to them, O2 clearly prioritised getting voice back up. The "fix" seems to have been to shut down 4G network-wide thus forcing all phones to switch to the older network.

Richard 12
Silver badge

It was voice too

Cellular network communication is the only option for a lot of people, including people who may have needed to call the emergency services yesterday, but could not.

And if the ESN was live already, that would include the emergency services themselves.

It's likely that several people were physically harmed by the voice outage. Any deaths may still be undiscovered.

Qualcomm lifts lid on 7nm Arm-based octo-core Snapdragon 855 chip for next year's expensive 5G Androids

Richard 12
Silver badge

Very interesting.

One wonders about pricing on those chips, they'd make for a reasonably decent Linux laptop.

UK taxman told to chill out 'cos loan charge is whacking tax dodgers and whoopsies alike

Richard 12
Silver badge

Re: And care workers, supply teachers, couriers...

The House of Lords used a care worker as one of their case studies!

https://www.bbc.co.uk/news/business-46431167

Not exactly hard to find.

Temps don't get contracted directly.

Schools don't employ supply teachers and Councils don't employ temp careworkers. They contract agencies.

Agencies then insist that their employees work under "umbrella" companies. The umbrellas have no assets, so instantly fold when HMRC investigates.

And bingo!

Richard 12
Silver badge

And care workers, supply teachers, couriers...

Yes, you heard right.

A lot of minimum-wage and zero-hours workers have been forced into these and similar arrangements so their employer can avoid/evade national insurance and similar.

HMRC then go after the poor sods on minimum wage, instead of the employer who created the arrangement. One assumes this is because a minimum wage earner probably can't afford a tax accountant or lawyer to argue on their behalf.

OneDrive Skype integration goes live aaand... OneDrive falls over in Europe

Richard 12
Silver badge

WTF indeed!

If I sent She Who Must be Obeyed a PowerPoint instead of a full 3D model, I'd be looking for a new home, not a new kitchen!

Sketchup, Lego and cardboard might be acceptable formats.

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence

Richard 12
Silver badge

Re: Blockchain tutorials

Oh, so I've been doing blockchain for years. I guess I'd better get on that hype train sharpish!

Roscosmos: An assembly error doomed our Soyuz, but we promise it won't happen again

Richard 12
Silver badge

IIRC, the thruster is powered by venting the propellant tank pressure.

So both translations would be accurate.

Richard 12
Silver badge

Re: A glitch in a Soyuz

When it comes to rockets (and aircraft), you don't compare fatalities.

You compare near-misses and vehicle losses, because vehicle losses aren't survivable.

Soyuz takes up to three people, while the Shuttle took up to seven. So you'd have to lose more than twice as many Soyuz to kill the same number of astronauts.

So given an equal death rate, you'd choose the Shuttle as you're half as likely to die.

Soyuz currently has very obvious quality problems, as there are now two that were launched in the last year with issues that should never have made it off the production line.

That is indicative of a manufacturing culture where mistakes are covered up, rather than fixed - the workers don't feel like they can say "oops, I broke it" without consequences to their livelihoods, and thus will hide that.

NASA's Mars probe InSight really has Mars in sight: It beams back first pic after touchdown

Richard 12
Silver badge

Re: Well done

The lens cap is still on.

- No joke, it really is. They'll pop over and take it off soon.

(I assume there's really an actuator to pop it off)

Facebook spooked after MPs seize documents for privacy breach probe

Richard 12
Silver badge

Re: Off to the tower with Zuck

The Tower still has working* dungeons.

*The floor, walls and roof remain unbroken thick stone. However, feeding and toilet facilities don't meet current standards.

Blighty: We spent £1bn on Galileo and all we got was this lousy T-shirt

Richard 12
Silver badge

Re: Not it isn't allowed under WTO rules at all.

We're not a WTO member. We have associate membership as part of our EU membership.

We will need to negotiate with the WTO to join in our own right and hope to transfer our existing quotas etc from the EU membership umbrella out into our own rain.

This should be relatively easy, so will probably only take two to three years.

Technical foul: Amazon suffers data snafu days before Black Friday, emails world+dog

Richard 12
Silver badge

Re: Nothing to worry about

The elves argue that the list is necessary to provide the service.

Reverse Ferret! Forget what we told you – the iPad isn't really for work

Richard 12
Silver badge

Re: Horses for courses

That sounds most uncivilized.

What if they're busy?

Linux kernel Spectre V2 defense fingered for massively slowing down unlucky apps on Intel Hyper-Thread CPUs

Richard 12
Silver badge

That's multiprocessing, not multithreading

Microsoft compilers do it that way too, though you have to use the new-ish msbuild or the 3rd party jom as Microsoft's cmake doesn't support -j for some reason.

However it took until MSVC 2017 before msbuild became capable of doing any of the other build steps in parallel.

And linkers are still mostly single threaded.

Visual Studio 2017 15.9 is here! Fire up your Windows on Arm laptops. All four of you

Richard 12
Silver badge

Re: Not anytime soon

I found the 2015 to 2017 transition refreshingly simple. As in, it actually worked and I got a sln and project files which actually built a working application with only a day of cursing.

Unlike every previous VS version change, which required a week of sacrifices, and Glod help you if the moon was in the seventh house. Or did Jupiter need to align with Mars? I forget.

I presume this is because they finally switched to MSBuild, just in time for everyone else to switch to cmake or qmake.

Strange that my other IDEs seem able to seamlessly update complex projects.

Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office

Richard 12
Silver badge

Abide by their rules or GTFO

That's the right of any sovereign nation.

The EU is about 28% of the global market, roughly the same size as the USA.

So yes, MS, Google et al are indeed free to GTFO, but only by halving their turnover.

Good luck selling that to the shareholders.

Richard 12
Silver badge

Re: Oddly enough that's not Microsoft Office's format

Has anyone else encountered similar anomalies with MS applications?

Many times. However, usually when transitioning from Microsoft Office version N to version N+2.

It's almost like MS don't fully understand their own formats.

Microsoft slips ads into Windows 10 Mail client – then U-turns so hard, it warps fabric of reality

Richard 12
Silver badge

Trust is easily lost and slowly gained.

If they keep doing this, they'll lose corporate trust.

Then poof goes the $16bn, and they're only left with home and small business users.

Then suddenly, poof!

Another 3D printer? Oh, stop it, you're killing us. Perhaps literally: Fears over ultrafine dust

Richard 12
Silver badge

Which filaments were tested?

What effects were found for each filament?

I've seen this press release doing the rounds. Sadly it's utterly content-free Daily Mail bait.

The actual research is likely to be interesting, but it's buried under a pile of plastic poop.

Ethernet patent inventor given permission to question validity of his own patent

Richard 12
Silver badge

Re: Curiouser and Curiouser

It seems very likely that it was patented because Cisco wanted a patent - any patent, and not because it was actually a new invention.

Given the court's decision, the patent would not have been granted if the original examination had been done properly, as the claims weren't novel.

Just a little heads up: Google is still trying to convince everyone that web apps don't suck

Richard 12
Silver badge

Re: Security...

We've been here before...

IE6, here we go again!

That amazing Microsoft software quality, part 97: Windows Phone update kills Outlook, Calendar

Richard 12
Silver badge

Re: Simple business...

Management picking #2 is management that kills the company entirely - albeit not immediately.

There is a wall around Windows, made of business critical applications.

That wall has been getting lower.

If MS continue to screw up in this way, eventually a large corporation will tell their IT minions "We can't afford the risk of Windows anymore, fix it"

That will be the end of Windows.

In news that will shock absolutely no one, America's cellphone networks throttle vids, strangle rival Skype

Richard 12
Silver badge

The UK has a reasonably good market for fixed line consumer broadband and mobile phones, as most places within a town or city have at least 10 options for each.

The back-end is the market failure, however as the near-monopoly BT/Openreach are highly visible they generally only abuse their position by refusing to build capacity unless the Government pay for it, and by nixing competitors when they try to build capacity.

In the US, each region has a local monopoly on fixed-line - there is often exactly one supplier! Thus they price-gouge and can get away with almost anything.

Mobile phones in the USA are similar, but not quite as bad.

Premiere Pro bug ate my videos! Bloke sues Adobe after greedy 'clean cache' wipes files

Richard 12
Silver badge

Re: so he is suing on behalf of anyone else who has experienced this bug

He wouldn't have gone to court if his lawyer wasn't reasonably sure of being able to convince a judge that the Adobe software deleted the footage.

Also, Adobe have admitted that their software used to behave in this way.

The value of those bits is another question, but to be fair the damages really should be much higher than the cost of hiring a pair of testers to actually test Adobe software in the future.

Plus it'd serve as precedent for getting Microsoft to pay for their similar mistakes.

In the EU, EULAs aren't worth the paper they (aren't) written on. Maybe it's time for some precedent of that nature over there too.

Richard 12
Silver badge

Re: so he is suing on behalf of anyone else who has experienced this bug

He's setting a price for those others, so they can also claim $250k for un-backed up data.

While Adobe should pay, to me it doesn't sound like the data should be worth that much as if it was, it'd be backed up onsite and offsite.

However, his time to restore the backup and the lost time in the active projects, that could easily be worth a quarter million.

Richard 12
Silver badge

Re: What an idiot

Not quite, he changed it to a folder inside his video folder.

That's on a par with installing to C:\Program Files\Adobe and having the uninstaller delete C:\Program Files.

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

Richard 12
Silver badge

Re: Small problem though

The problem is that the password isn't used by the encryption scheme in any way.

The encryption engine is simply told "yes, decrypt", or "no, don't"

So if you edit the the firmware to always say "yes, yes, YES!", it still decrypts correctly... and is thus useless to a local attacker.

Richard 12
Silver badge

Re: Full Disk Encryption Not Good For SSD

Just encrypt page-by-page. Doesn't matter what any of the data means.

You have to erase and write by whole pages anyway, so decrypt-append-encrypt-write-erase doesn't add much (any?) flash wear.

Keep the state around so you can keep streaming more data into a page until it's full or power is lost, and there's no extra wear at all.

Mourning Apple's war against sockets? The 2018 Mac mini should be your first port of call

Richard 12
Silver badge

Re: 2GB?

G&T, easy mistake to make.

Mine's a double, thanks

Mac users burned after Nuance drops Dragon speech to text software

Richard 12
Silver badge

Re: Colin, you have my empathy & sympathy.

Microsoft have a long history of maintaining backwards compatibility at almost any cost.

MS also have a long history of pushing new APIs then dead-ending them, but at least they very rarely intentionally break them. I think Win16 is the only API that has been intentionally removed in the last 20 years (though I'm not sure about very early DirectX).

Apple have a long history of actively removing APIs, and to hell with anyone who was using them.

In short, while they both break stuff increasingly often, Apple do it deliberately.

Richard 12
Silver badge

Re: It'll still work fine - for a while

I suspect that come macOS 10.15, it won't run anymore because Apple will have taken away or blocked something it needs.

Possibly there are already issues in 10.14 Mojave.

Dictation software has to be fairly deeply hooked into the guts of an OS to work at all (let alone well), so it doesn't take much of a change to internals to prevent it from working with some or all applications.

At a minimum it has to send keystrokes to any application, which puts it straight into heavily-trusted driver territory.

Richard 12
Silver badge

Re: Colin, you have my empathy & sympathy.

The danger of demos...

A lot of PDFs contain no actual text, merely graphics. Some are even bitmaps.

It depends on how they were created and whether the fonts are licenced to be distributed.

Other PDFs are text and layout, but the layout internal order has nothing to do with the visual order.

Other PDFs are text and layout in a logical order, with chapters and paragraph bookmarking, and reading hints like "this is a footer".

Guess which gets used in screen reader demos, and which ones get spewed out as "documentation" by a lot of companies.

It saddens me greatly, because it really isn't hard to do reasonably well.

Richard 12
Silver badge

Re: Colin, you have my empathy & sympathy.

Sadly, Apple are killing Mac.

Every new release they remove an API that programs rely on, insisting that everyone change over to some new API that doesn't do everything the old one could, has a different model and is often buggy as heck.

I'm not surprised that Nuance have stopped trying to keep up.

I would guess that this decision was caused by Apple deprecating the audio subsystem and OpenCL.

It was obvious that many cross-platform applications would be forced to drop macOS support when that happened.

If you have to spend several person-months of developer time just to stay still on that platform, there is a huge commercial pressure to just give up.

Florida man won't be compelled to reveal iPhone passcode, yet

Richard 12
Silver badge

Re: Files are not testimony

One moment while I change your phone passcode behind your back.

The cops are on their way and will demand access to files on your phone.

Good luck.

That's just one of the scenarios where it doesn't matter whether you care about the privacy arguments.

There are many others.

British Airways: If you're feeling left out of our 380,000 passenger hack, then you may be one of another 185,000 victims

Richard 12
Silver badge

Re: Poor Handling

Not necessarily.

A credit card is registered in a particular country, so perhaps they're using that to choose which credit monitoring service to offer.

Possibly.

AMD's shares get in a plane, take off and soar to 12,000 ft – then throw open the door, and fall into the cool rushing air

Richard 12
Silver badge

Looks like idiot machines

40% gross margin is seriously good. Most companies would kill for that.

And something tanks the shares that far because the growth in revenue was extremely large but very slightly (1%?) less than hoped?

To me that looks like the shares took a small hit because results were slightly worse than expected, and then some AI bounced off another AI and crashed the price for no reason.

Grumbling about wobbly Windows 10? Microsoft can't hear you over the clanging cash register

Richard 12
Silver badge

Re: !!!!!

macOS is simply Not An Option due to the ludicrously expensive hardware requirements - nobody sane shells out £1000+ for everyone in the company when a £150 PC is more than good enough for the majority of staff.

If all you need is email and word processing...

However, Microsoft are sleepwalking straight at a cliff. Once they push an update that takes out a medium-sized but well-known business, the larger places will suddenly decide that they can't afford the risk of staying on Windows and demand that their IT dept "fix it".

As the majority of line-of-business applications are now web-based thin clients, the underlying OS is pretty irrelevant and they'll probably ship network-booting Linux images that have a known browser and nothing else.

Windows specific applications will get ported when there's demand, and not before. A big Windows failure may create that demand.

However, if MS do walk off that cliff edge, they'll be walking on air for a year or two before the sudden drop actually happens.

It takes a while to port things.

Need a modest Arm Cortex-A CPU in your custom chip? Just apply online. Plus $125,000

Richard 12
Silver badge

Re: Age

You mean an AVR (or maybe ARM M0)

PICs are expensive, often more than double the price of an AVR or ARM M core in the same package.

An SMT 555 timer is about 50p, an 8-pin PIC about 70p, and a similar AVR is about 30p.

I don't actually see why people use PIC in new designs these days. I'm sure there are good reasons for certain designs, but I don't know what they are.

Richard 12
Silver badge

Re: Intel?

Intel designs are not for sale at all, so kind of irrelevant.

PowerPC and MIPS designs can be licensed, but I've no idea on pricing...

GitHub.com freezes up as techies race to fix dead data storage gear

Richard 12
Silver badge

Re: Five Nines

Sometimes I wonder which five.

Apple to dump Intel CPUs from Macs for Arm – yup, the rumor that just won't die is back

Richard 12
Silver badge

Re: What else can a move to ARM bring ?

x86/amd64 already have them in the form of AVX et al, and ARM has NEON. While vaguely similar they're not the same though.

The reason for offloading to the GPU is because a GPU is a massively-parallel array of floating-point processors, and most of this "AI" stuff is simply massively-parallel low-precision computation...

It often makes it slower to bring it into the CPU, because shared address space means you have to keep the cache coherent. The "copy input data to coprocessor memory, run, copy result data back" approach is much faster as there generally isn't very much input or output data compared with the number of intermediate values.

Richard 12
Silver badge

Re: Rosetta-a-like is absolutely necessary

Sorry, but you genuinely have no idea what you're on about, diodesign.

How does that help run any of the thousands of existing applications on this new architecture?

Unless the software developers spend the time to port the x86 application to ARM, there will never, ever be an ARM version.

Rosetta made it possible for existing PowerPC binaries to run on x86, which meant you could buy an x86 Mac and still have all your existing software, even if the developers didn't update.

Fat binaries merely made it easier for developers to ship a single "installer" for both architectures. They don't magically cause x86 or ARM versions of applications to come into existence.

Porting a commercial x86 application to ARM is not just a case of recompiling it, unless it's really quite trivial. It often costs thousands of pounds to port - who's going to pay for that?

Richard 12
Silver badge

Rosetta-a-like is absolutely necessary

Remind me, just how successful was WindowsRT?

The operating system isn't the major hurdle when changing CPU/GPU architecture, it's the applications.

If none of your existing applications will work, why would you buy the new Mac?

Why would a software house spend the resources making it work at all on the new platform, unless their customers are going to buy it again?

Software like Adobe Creative Cloud is fine of course, because their customers are already paying monthly, but anything you already bought will probably have to be bought again.

Alphabet in the soup for keeping quiet about Google+ data leak bug

Richard 12
Silver badge

Nope

The stock market is intended to be about raising capital for the company by allowing anyone to buy part of it. This guy owns (a bit of) Alphabet.

If you float your company on the stock market, you are taking on a lot of legal duties and requirements to publish what's going on in your company.

Anything that is likely to materially affect the price is required to be made public at the earliest opportunity*, in order to allow the market to set a "fair price" for your company.

If you're privately owned, you don't need to do this - but it's harder to raise capital.

* There are limitations to this, but "we got hacked and we knew about it six months ago" seems unlikely to fall under them.

Biting the hand that feeds IT © 1998–2018