* Posts by Hugh McIntyre

165 posts • joined 6 Jun 2007

Page:

AT&T insists it's not sweating US govt block of Time-Warner gobble

Hugh McIntyre

AT&T is already in the high speed Internet space.

The complaint is that if they gain ownership of HBO, Warner Brothers (movies/TV), and the Turner channels then they can then hold other TV competitors to ransom by demanding higher channel fees that get passed on to consumers. Also (in the complaint) that they could make it more difficult for TV-over-internet services like Sling to compete in future.

The antitrust complaint actually has some merit, since allowing content companies to merge with traditional TV/cable providers just at the point that cord-cutting alternatives are becoming more common (thereby kneecapping the cord-cutting companies) seems like a bad bet for consumers.

7
1

Fitbit health alert: You appear to be bleeding

Hugh McIntyre

Re: Poor build quality to blame ?

Agreed.

Charge HR needed replacement because of bubble unglued from strap after 6-9 months. Then a second one failed the same way and got replaced by Charge 2, and it failed after ~ 3 months because of the charger dying.

I want to like FitBit, but if these quality issues are common it can't be helping the losses :(

0
0

Ubuntu 17.10: We're coming GNOME! Plenty that's Artful in Aardvark, with a few Wayland wails

Hugh McIntyre

Re: Gun, meet foot.

Best not to use "xhost +".

"ssh -X special@localhost" means you get the X11 display without xhost insecurity.

3
0

Gartner says back-to-school PC sales failed. IDC says they worked

Hugh McIntyre

Re: Plus

You can also get a few notebooks with small screens that still have high resolution displays, including the 12.5" one I have here with a 1920*1080 display. The only problem is you probably also need glasses to see the small text :(

1
0

MH370 final report: Aussies still don’t know where it crashed or why

Hugh McIntyre

The batteries that ran out were for the locator beacon.

If the actual data storage for the recorders is in Flash memory then it should last a few years, at least assuming no damage to the IC packages letting in water or from mechanical stress. The AF447 recorder was recovered after nearly 2 years, for example, and cold water would tend to slow down leakage of data from the flash cells.

I do agree about the remote chance of finding it though. Someone may stumble onto the wreckage later, but as you say it's also possible it will be covered by a layer of silt and therefore eventually invisible. And it's suspected that the voice recorder wouldn't tell us the original cause anyway since it would not include the start of the flight when the unexplained maneuvers started. Similarly the data recorder may also just include running out of fuel at the end followed by descent :(

Hence the decision not to spend another $100M on an uncertain search seems understandable.

3
0

Trump's tax tease will be a massive payday for Valley tech giants and their shareholders

Hugh McIntyre

Re: I'm its a coincidence the plan includes a huge tax break for Trump

Kansas tried the same tax cut for "owner-operated businesses" 5 years ago, as well as other tax cuts, and it was an epic failure (nationally reported) that needed the taxes to be put back up this summer to pay the bills.

None of the claimed better growth materialized (performance was actually worse, if anything), except that many rich people avoided tax because of the same "small business" giveaway mentioned by Doug.

Hopefully the non-rich people whose taxes would rise with this week's republican proposal will sink this plan.

18
1

Senators call for '9/11-style' commission on computer voting security

Hugh McIntyre

Re: Not The Real. Problem

Short answer: the question is ex-felons, not felons.

There are 9 states (including Virginia mentioned here) where felons don't get their voting rights back even after they are released and finish probation. So these ones would vote normally if they were not forbidden. 3 of the 9 states have small print automatically restoring first-time offenders or "minor offenses", but the general restriction applies.

Most of the rest do restore voting rights after release (15) or after parole (28). There are only 2 that apparently allow votes in prison (Vermont and Maine).

6
0

Video nasty lets VMware guests run code on hosts

Hugh McIntyre

Re: Guests already do execute code on the host

RE: "Yes, but how often does that happen? Usually VMs are used as an easy way to manage multiple large applications or user enviroments on Windows platforms since Windows itself isn't very good at it."

There's also this thing called cloud compute where people want to run VMs securely, no ...?

0
4
Hugh McIntyre

Re: Guests already do execute code on the host

VMs are different from multi-process OS's -- If someone wants to run a RHEL5 user process but the kernel is Windows or MacOS or a different version. I.e. you need a multi-kernel "OS", which what the VM gives. Executing most instructions natively should be fine as long as dangerous instructions are intercepted.

In this case native/emulated does not seem to be the problem. Instead for SVGA at least, the issue is that to implement graphics for a VM running on desktop Fusion/Workstation you need code running in the hypervisor pretending to be real video hardware, possibly also different video/network drivers in the VM guest as well (e.g. "vmnet" instead of hardware ethernet). It looks like this code that emulates the SVGA hardware had the security bug.

5
0

Hi Amazon, Google, Apple we might tax you on revenue rather than profit – love, Europe

Hugh McIntyre

Re: Just change the current tax laws.

Re: "If you sell advertising/software/etc. in France, that revenue accrues to the French subsidiary, and can't be funneled to <somewhere else>"

I think you meant "that profit accrues" but that's the problem - you sell some software for 100 Euros in France and the French subsidiary internally pays it's Irish subsidiary 99.99 Euros because the company says the software IP is "owned" by the Irish subsidiary. Hence only 0.01 profit in France and low French taxes on this 0.01.

Fixing this in general requires honest intra-company pricing which is hard to enforce, although countries could prosecute some cases to encourage honesty.

On the other hand if you really meant "that revenue accrues to the French subsidiary" then this is what happens today, so companies can choose which country shows the profit (same as today) or this becomes the turnover tax.

Possibly the right answer is percentage profit tax, i.e. if 10% of a company's revenue is in France then they would page French tax on 10% of their global profit regardless of inter-company accounting. This may be difficult though assuming different countries have different rules on what counts as taxable profit.

On the other hand if there's really no R&D in France then there's less added value and presumably less tax justified.

13
2

Russian admits being Ebury botnet herder, now jailed for 46 months

Hugh McIntyre

Re: Click Fraud

RE: "Which shows the fundamental flaw in pay per view and pay per click advertising. This type of fraud will continue until the gullible morons who place adverts stop placing ads on that basis."

Not disagreeing there's 'a problem, but unless advertisers buy ads on the basis of "please place adverts on theregister.co.uk, newegg.com, <other specific sites>" then they want some way to charge more when more copies of the advert are displayed. Pay-per-play schemes on Spotify or Youtube have the same risk.

Periodically advertisers have complained to Google about click fraud and demanded that "Something Should Be Done". So there is some effort to crack down, although right now this seems to be just treated as a containable cost of doing business. In particular the fact that the fraud uses a botnet is because it would be a bit obvious if all the fake requests came from the same IP address.

0
0
Hugh McIntyre

Re: Click Fraud

Re: "I still don't see how click fraud makes money for anyone but google"

If you run a website containing ads from someone like Google, then Google gets money from the advertiser any time the advert is shown or clicked on. And you (the website owner with adverts) get a percentage of the money from Google in order to run your website.

So click fraud involves generating fake page views of your website or clicks on adverts contained therein so you (website owner) get the percentage from Google even though no real person viewed the advert. Generally on fake websites because the website benefits from the fraud, not the advertiser.

0
0

VCs to Trump: Don't lock out our meal tickets! Save startup visas!

Hugh McIntyre

Re: H1B visas

Coincidentally the Mercury News had an article on this on Friday, at http://www.siliconbeat.com/2017/08/02/apple-h-1b-workers-average-139000-pay-outsourcers-dominate-visa-program-pay-far-less/

This claims 59,184 visas for major outsourcers (Cognizant, Infosys, Tata, Accenture, and Wipro) versus only 7,248 for Amazon,Google, and Apple for example, which seems kind-of lobsided. And it claims those 3 tech firms paid an average of $115K-$139K versus $72K-84K for the outsourcers.

So maybe treat outsourcers differently from H1B's for full-time engineering jobs? Although it may be difficult to define criteria for this :(

The other comment is that it's possible for both things to be true: regular employers struggle to hire junior/mid-level engineers (I have seen this as well as ckm5) but at the same time senior/older people can't find senior jobs, and/or there may be vacancies in software/RTL design but engineers with different types of hardware of software experience maybe can't find jobs.

Ideally there wold be a way to separate the visas for full time engineering jobs from outsourcers though, since the latter seem to be more of the problems.

0
0

No vulns. No hardwired passwords. Patchable. Congress dreams of IoT: Impossible Online Tech

Hugh McIntyre

Re: "must not have any known security vulnerabilities, must have the ability to be patched"

Re: "So..... if no known security vulnerabilities, why, errr, patch?"

Presumably, no known vulnerabilities when you buy the thing and needs to be patched if/when new bugs are found later.

Since the lack of patchability is one of the main problems of IoT, mandating the ability to patch seems like a good thing?

7
0

1Password won't axe private vaults. It'll choke 'em to death instead

Hugh McIntyre

Re: KeePass to LastPass to 1Password

RE: "But at last check 1Password 6 doesn't support local vaults (forcing me to stay on 1Password 4)."

Nope, I have iPassword 6.7 here and have always used local vaults.

The only (main) missing feature with local vaults is that the sync only seems to work to mobile devices, not to other local computers :(. Very unhelpful.

I have to agree with the complaints about dropping the local vault version -- the fact that legacy 1Password keeps your data entirely on locally controlled systems is a major benefit. I would have recommended 1Password to others except that it seems impossible to get the one-off purchase any more, and who wants to recommend people sign up for yet another subscription?

1
0

Slower US F-35A purchases piles $27bn onto total fighter jet bill

Hugh McIntyre

Re: Satellites would do just as good a job against surface ships

I should have clarified:

Yes, I'm sure the Russians and others will use satellites in part to find surface ships. For one thing, oceans are big and you need to know where to start since sonar has limited range.

But satellite may not work in all cases -- clouds may mean you only see heat signatures which won't be as precise, you may not know which ship you are looking at unless you can track from source port, etc. So they no doubt *also* want the sonar signature.

Having said that, I'm sure they would get the signature eventually, so this is only a question of timing.

1
0
Hugh McIntyre

Re: Satellites would do just as good a job against surface ships

Satellites don't work with clouds.

There's also the question of an attack sub being able to track the carrier continuously with passive sonar once it has the acoustic signature versus needing to come to radio depth to receive radio updates on location.

5
1

How to pwn phones with shady replacement parts

Hugh McIntyre

Re: memory encryption

Re: "Building a transparent hardware encryption of memory is conceivable, but I don't know of anyone who has done it."

AMD EPYC (Zen core) CPUs have hardware memory encryption, so someone has done it:

"Secure Memory Encryption (SME) encrypts system memory. Secure Encrypted Virtualization (SEV) isolates the hypervisor and guest VMs to prevent access to data in shared guest data areas."

More details are under http://www.amd.com/system/files/2017-06/Trusting-in-the-CPU.pdf. Some OS/hypervisor enablement is required, but no change needed for application software.

1
0

Realistic Brits want at least 3 security steps on bank accounts

Hugh McIntyre

Re: "Barclays still make you have a debit card in order to use PIN-Sentry for online banking"

Not true, I have a pale blue card with "Authentication" on the top right which only works for PIN-Sentry, not ATM or Debit. It may be that you can't use a non-debit ATM card, but you definitely could get an Authentication-only card in the past at least. Contact your Barclay's branch ...

0
0

Don't listen to the doomsayers – DRM is headed for the historical dustbin, says Doctorow

Hugh McIntyre

One of the complaints in the linked articles is that John Deere does not provide access to troubleshooting diagnostics. ("The EDL is the required interface which allows the Service Advisor laptop to actually communicate with the tractor controllers").

Perhaps what's needed is the same rule as cars, since all cars are required to come with OBD-II access and at least most of the trouble codes can be read with consumer-accessible OBD tools? Seems easy to extend the same OBD rule to other vehicles such as tractors?

In terms of John Deere they probably don't want their competitors using the same software in competing products. For example if John Deere spends a lot of cash developing some traction control software to make a tractor work better, they don't want a cheapskate competitor copying this. Even being able to see the software without copying may let competitors know what to do. Much of this was also possible in the past with mechanical reverse engineering, but probably not as easily.

It does seem though that updated sale-of-goods laws or OBD regulations may be needed to make sure people can reasonably diagnose products they have bought, either themselves or a requirement to provide service access to reasonably 3rd party repair shops at commercially reasonable prices, subject to not just copying the full software.

2
0

Boffins supercharge the 'hosts' file to save users plagued by DNS outages

Hugh McIntyre

Re: Missing the obvious solution?

My first thought was also "why not just use a caching resolver, if the primary is not available?". If the default TTL is 1 day, small outages for common domains should be survivable.

But this proposal seems to be a solving a different non-outage problem i.e. ignoring malicious changes for common domains if you think it's more likely the domain owner didn't change it's IP addresses. For example people redirecting nytimes.com to a malicious IP address.

The problem remains how to distinguish intentional changes by domain owners from malicious ones. It does seem that signing DNS replies by the owner (with DNSSEC) would be a cleaner solution.

16
0

Microsoft promises twice-yearly Windows 10, O365 updates – with just 18 months' support

Hugh McIntyre

Re: Dear gods...

Most or all of the Integrated Circuit CAD packages run on Linux (only or at least mostly). It's true that package and board level design may run on Windows but IC tools use Linux. This includes Mentor's LVS/DRC and similar tools which are definitely up to date on Linux.

15
1

New iPad revealed. Big price cut is main feature

Hugh McIntyre

Re: 32/128Gb only

The iPhone 6s did the same - 32GB/128GB only, And the iPhone 7 only supports 32/128/256GB.

I assume the reason is to push people to 128GB since if people decide 32GB is too small and want 64GB, they will be forced up to 128GB since there's no way to add memory later. If they offered a 64GB version with a price in the middle, fewer people would pay for 128GB.

The 32GB version is definitely limited nowadays but Apple probably wants a lower spec for the entry-level model to keep the cost down, and the fact that 64GB is a better choice for many people will force them to 128GB :(

1
0

Judge issues search warrant for anyone who Googled a victim's name

Hugh McIntyre

Re: Wait! What? They have our MAC Addresses?

Nope, don't see the local LAN IP address here from https://www.whatismybrowser.com/. Only the public DHCP IP address on the ISP WAN.

Some of the other info it displays clearly depends on JavaScript, so there may be more info visible with Javascript. Stack Overflow also claims that ActiveX on IE may give the MAC address (not an issue for those not using IE). TBH I'm slightly impressed the warrant knew to ask for the MAC address, but this is probably boilerplate request language from other computer warrants. For example, Google does not have payment info for most of us, I hope, but boilerplate ISP warrant language might ask ISPs for MAC addresses.

1
0

Barrister fined after idiot husband slings unencrypted client data onto the internet

Hugh McIntyre

@ David Nash

Re: "How on earth did an online backup service (if that's what it was) allow content to be indexed by Google and accessible to anyone without credentials?"

I assume from the article that the files were backed up to something like OneDrive/GoogleDocs/Dropbox, i.e. not a real on-line backup service.

0
0

Tech titan pals back up Google after 'foreign server data' FBI warrant ruling

Hugh McIntyre

Re: Bullshit

I agree with the complaints about extra-territoriality. Definitely seems that it should be declined for this reason.

However, asking for draft messages is understandable because people including David Petraeus have been found out for sharing classified information and having two people sharing the same email account and reading messages in the draft folder to avoid actually sending messages in the hope of not being intercepted. This is almost certainly why the FBI wants the draft folder:

From the NY Times:

"In September 2012, Broadwell told agents that she and Petraeus would use the same email account, saving messages in the “draft” folder instead of sending them. "

1
0

Amazon relinquishes data from Echo that could have dropped eaves on a killing

Hugh McIntyre

Re: It is quite disturbing that Amazon has the ABILITY to satisfy this request

Re: "What purpose is served by keeping data Alexa hears longer than a minute? If they want to use it for other purposes like training speech recognition, it should be anonymized and filed away."

I assume their training wants to group what you say today with what you (same person) said yesterday. So the data stored today would need to be stored with the same anon ID as yesterday, which implies storing a mapping from your real->anon ID somewhere :(. Or less good training.

As such it's not fully anonymized, the same as your Google/Amazon search history may be anonymized when stored and when people do analysis but somewhere they need a mapping so your history can go together.

Personally I don't have such a listening box at home...

0
0

Become a blockchain-secured space farmer with your hard drive

Hugh McIntyre

Re: And in practice ... ?

Re: "I won't be too chuffed if I can't get at my accounts because little Johnny has turned off his PC for the night, or been capped ..."

Or lots of other reasons including "little Johnny decided to delete this big folder they didn't understand which is filling their disk, thereby deleting a 3rd party's data".

It's one thing to have something like "CrashPlan backup to a friend" where you and the friend presumably have some agreement not to randomly nuke data. But it's hard to see how you'd put any valuable data on this system, unless it's only a controlled system within a company (or group of companies) controlled for safety with an IT department.

Highly doubtful unless they are only targeting business users.

0
0
Hugh McIntyre

Re: Payment, at $0.015/GB

The $0.015/GB is per month, but this is the price the person storing the data pays, and compares to the price to rent storage on S3 or Glacier, etc.

As mentioned by Martin Summers above, the amount you get paid for sharing your disk space is based on some obscure scaled formula calculated at the end of each month. But obviously less than $0.015/GB/month, probably a lot less if they need 2x or 3x redundancy.

Apart from the other concerns, you may need to balance any revenue with extra electricity costs if this makes your PC run in non-standby mode for longer.

I also suspect that if this became a large business, some of the ISPs would start noticing customers making money off their bandwidth and might try to add T&C's restricting making money off consumer ISP connections or suggesting that some of this revenue should go to the ISP.

Finally, although they compare their $0.015 to Amazon S3 at $0.023/GB, Amazon also has "S3 infrequent access" at $0.0125, i.e. cheaper than Storj and possibly more reliable because you're not relying on random people's PC's. So it's not clear they are going to win here...

2
0

Big three clouds, Apple, Facebook are buying all the best cloud tech

Hugh McIntyre

Re: Big three … ?

Presumably "big three cloud companies" = AWS, Azure, and Google? (or some other three?)

And then adding Apple and Facebook makes 5.

1
0

Disney sued in race row: Axed IT workers claim jobs went to H-1B hires

Hugh McIntyre

Re: Clear Violation

If you try to read the actual "H visa" laws the details are impenetrable because of too many references to "as defined in regulation <foo>". But at least one of the categories says you cannot fire Americans and then hire foreign replacements directly.

In this case Disney seems to have gotten around this because they switched to a contacting company so they were not directly hiring the replacements themselves and then acted totally shocked that the contractors were H1Bs. Presumably they will claim they had no idea this would happen ...

Obviously the cleanest solution would be to fix the law to prevent this "switch to H1 contractor" cheat. It's also not clear to me why the respectable tech companies hiring "normal" H1's don't lobby for this -- right now there's an H1 lottery every year and people sometimes can't get visas for college graduates because of other contract visas. You'd think people like Google would lobby to tighten up the rules so the contracting companies don't use up the whole quota.

The other issue is an H1B was historically for a specific job at a specific company and specific location. It's not clear how the visa should apply to a contractor position if it's not tied to the specific Disney job, or at least this seems to subvert the original intention if you had a contractor who could work for more than one end company.

In the meantime Disney seems to have acted outrageously here even if they found a legal loophole. We'll see what the court says..

2
0

Analyst: iPhone 7 points to price jump

Hugh McIntyre

Re: Apple phone prices have rocketed!

Just checked in the USA:

Last year the iPhone 6s was $749 for the 64GB, 4.7inch version, I think.

This year the iPhone 7 is also $749 for the similar 128GB mid-point version.

So seems to be no change in price, and I think the iPhone 6 was the same $749 for 64GB at launch.

Still not cheap, both previously and now, but not really changed in dollars.

1
0

Google on piracy: We really, really care

Hugh McIntyre

Re: Time for a change...

Presumably the indie labels would argue that they are providing a bunch of work for the 50% including advertising, order fulfillment, production assistance, etc. The artists are certainly free to stop using labels, find a label offering a better deal, or set up their own label. (Several large rock bands in the past did set up their own labels after releasing the ~ 3 albums their initial contracts required, once they were famous).

Likewise, artists are free to rely on your "solution" of only live performance revenue if they want. But some musicians clearly want to be paid for recordings as well, either directly or by using a label to handle the details. You're free to boycott such musicians/labels, just like you're free to give your own recordings away for free if you're a musician. But not free to force others to follow the same model if they don't want to.

Now, if 99% of musicians switch to live-performance-only then the few remaining die-hards may find it hard to charge money, much like Open Source means there's no big market for paid web browsers and servers any more. Not sure this would be a good thing though, not least because payment-for-music means that consumers can direct payment only to the good bands.

In terms of: "I don't think the artists personal situation with regards to poverty or not has anything at all to do with the discussion." -- sorry, but I do think it's relevant that if thousands/millions of people are enjoying someone's music, telling that musician "you get nothing, go live in poverty" is wrong.

2
0
Hugh McIntyre

Re: Time for a change...

The difference is that back in the day when performers could only make money from live performance, people were not listening to music at home because there were no recordings to buy. So it's not surprising live performance was the only way to get paid (or composer fees/royalties).

Now we do have recordings the situation is different. And the question is whether it's OK for people to enjoy the benefits of a musician's (or artist's) results without paying when the artist may be living in poverty. There's no question that if nobody listens to a musician then they should not expect to be paid, but if thousands of people (or more) do want the music and can afford to pay, then it's not obvious why the artist cannot ask for payment. What if they don't want to go on tour?

2
0

Bloke flogs $40 B&W printer on Craigslist, gets $12,000 legal bill

Hugh McIntyre

Re: Contempt of Court

Yes, the equivalent offence is also called "Contempt of Court". However, that means the same thing as in the UK, i.e. "not doing what a court orders you to do". That's not this case, where it's just a vexatious plaintiff.

At least this case is not as bad as the following one from the NY Times last year: http://www.nytimes.com/2015/12/23/business/dealbook/sued-over-old-debt-and-blocked-from-suing-back.html?smprod=nytcore-ipad&smid=nytcore-ipad-share&_r=1

Debt collectors wrongly sued someone and got default judgement, then prevented him suing back to recover the money because of a forced-arbitration agreement in the small print. Yuck!

1
0

Walmart sues Visa for being too lax with protecting chip cards

Hugh McIntyre

Re: Zip code for non-US cards @Simon 49

For travelers to the UK, what I did last time is to buy a voucher on mobiletopup.co.uk.

This charges a 99p transaction fee but otherwise gives you a usable top-up voucher.

0
0
Hugh McIntyre

Re: Zip code for non-US cards

To be fair, US credit cards don't work in British petrol pumps either so the problem exists in both directions.

And don't get me started on the impossibility of topping up a PAYG UK mobile phone with a non-UK credit card....

4
0

Wasps force two passenger jets into emergency landings

Hugh McIntyre

Re: Nutters

In terms of V1:

Based on the the ATSB article they were past V1 by the time it failed the second time, so continuing the takeoff makes sense. See https://www.atsb.gov.au/publications/investigation_reports/2013/aair/ao-2013-212.aspx:

"During the second take-off roll, the crew became aware of an airspeed discrepancy after the V1 decision speed and the take-off was continued"

In terms of 2 sensors:

Reading the other details, the blockage was apparently not detected on the ground when they checked the aircraft after the first failed takeoff, and they didn't have 2/3 redundancy for the second takeoff because "The aircraft was dispatched with the ADR part of ADIRU 2 inoperative (switched off) in accordance with the MEL". So arguably if they'd continued with takeoff #1 they would have had 2 working sensors, although not meeting the flight rules and would still have had the problem with the flaps.

6
0

TiVo sells for $1.1bn

Hugh McIntyre

Re: "DVR service TiVo" @JeffyPoooh

At least when they started TiVo did indeed sell DVRs, and (along with ReplayTV) were the first to commercialize many of the concepts behind a DVR. In the past their user interface tended to get better reviews than the cable company in-house DVRs. As such the buyer is probably buying a bunch of patents, although the key ones may not have too much time remaining if they were filed when TiVo started back in 1999.

But then they suffered because the satellite/cable companies chose to build their own DVRs rather than paying a TiVo tax.

For a while though, the non-TiVo DVR's were generally clunky presumably because of not being able to use some features that TiVo or Replay may have patented, which sucked for end users put presumably helped TiVo get bought.

0
0

AMD to fix slippery hypervisor-busting bug in its CPU microcode

Hugh McIntyre

Re: I'd have assumed that their test code suite would catch something like that...

Re: "...And to preempt the too-predictable rebuttal about 'obscure timing of interrupts' etc., the Test Code (and associated hardware) can be left running for weeks x GHz clock speed. Test coverage should be a long string of '9's. [...] I shouldn't have to explain this. The interrupts' timing can be (should be) walked back and forth."

You're assuming that AMD (and the other CPU vendors) don't already do this - they do. Specifically random code running on a huge number of systems for weeks as well as all through the design process. And also directed tests where "the interrupt timing is walked backward and forward".

But even with this it's not possible to cover every possible bug. While I've not seen the full details of this specific bug the article contains this hint for the VMware/ESXi bug report: "Under a highly specific and detailed set of internal timing conditions, the AMD Opteron Series 63xx processor may read an internal branch status register while the register is being updated, resulting in an incorrect RIP".

So this is more complicated than just walking the NMI timing -- it only fails if the timing also hits "while the BSR is being updated", so you need other specific unlucky event(s) as well, and possibly requires other specifics such as a particular set of cache hits/misses or VM state to trigger the failing case. Put another way, the fact that Piledriver has been shipping for years with this bug only found now means that "running prototypes for weeks" does not cover everything, because there has been an enormous amount of random customer code running for a lot more than "weeks" on a lot more than prototypes before this bug was found.

5
0

Confused by crazy crashes? Check your Linux kernel virtual Ethernet code

Hugh McIntyre

Re: Why do we accept flaky network hardware?

Re: "Yet we don't extend the same leeway to storage hardware, for example: write a block of data from memory onto a disk and there's no checksum to protect against bus errors in the transfer."

Systems like ZFS do indeed use checksums (or other techniques in some non-ZFS servers) to protect against errors in server or storage hardware, including errors in data busses, disk firmware, etc.

7
0

Uber is bombarding us with painfully probing subpoenas, cries Lyft

Hugh McIntyre

Re: Disruptive Business Model

RE: "can a driver for Uber also be a driver for Lyft? Or are there clauses in the employment contract that forbid this"

Lots of drivers seem to drive for both Uber and Lyft.

0
0

Scrapheap challenge: How Amazon and Google are dumbing down the gogglebox

Hugh McIntyre

Re: *Facepalm* You don't invest in proprietary standards

RE: "you need open standards ... DNLA"

Not sure that really helps :(. I have a Pioneer TV which includes DNLA but in practice both MPEG2/4 have a dizzying list of possible video/audio codecs and you end up with 99% of files not playing. The fact that the TV does not really document the supported formats doesn't help either.

So in practice the easier and better-supported solution is an external box (Roku/AppleTV/WDTV/Chrome stick/etc.)

Back to the original article: either one of the video services or TV companies is going to get it's act together and become known for making things just work for a reasonable lifetime of the TV, or consumers will learn the rest of the apps are just toys and give up on Smart TV's in favor of external boxes. "Airplay transmit video from app on phone/tablet" is the other option, in that the TV only needs to support that, not the individual apps.

1
0

Evil computers sense you’re in a hurry and mess with your head

Hugh McIntyre

Re: So, networking then

NFS works with MacOS as a client, but I agree that it can be a bit of an adventure, although some of the problems can also be because of Linux being a problematic NFS server, probably more picky than Solaris.

One of the unexpected tricks is that you need to set "resvport" as a mount option on recent MacOS, and can try NFSv4 versus v3 or other debug tricks if that fails.

It does work in the end, but may need some googling :(

0
0

LastPass got hacked: Change your master password NOW

Hugh McIntyre

Re: KeePass

Or 1Password which lets you store the DB locally (not in the cloud) and sync to mobile devices over Wi-fi (e.g. at home).

Probably want to avoid the browser plugins as well unless you want to trust code running in the browser's address space with access to all of your passwords (I don't).

2
1

ISP Level 3 goes TITSUP after giganto traffic routing blunder

Hugh McIntyre

Topical Washington Post story on total insecurity of BGP ...

Specifically (and topically) on BGP issues like this one at Level-3 (but also the difficulty of moving people to BGPSEC):

http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/

And more generally, earlier history on why the original designers did not expect so many attacks:

http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/

... but as the articles say, early hardware could not do encryption easily, NSA probably objected, and people at the time never imagined we would be doing on-line banking or there would even be a YouTube to censor :(

0
0

Mono Magic: Photography, Breaking Bad style

Hugh McIntyre

Re: "Knowing you only have 36 exposures at a time can impose discipline."

Back when I did some medium format, the long time that it took to manually focus, meter, and compose a tripod-based shot meant that you spent a long time really looking through the viewfinder and then often deciding "no, this shot is not worth it" or correcting the composition to get a better shot. Rather than quickly click-click-click with a 35mm camera with auto-exposure. So it's not surprising the fraction of good pictures is higher for medium format, and 4x5 is the same.

Whether 35mm is any better than digital in this regard is questionable though. And, you can take the time to check and compose digital shots too.

Also, film was a big PITA in a studio if you were taking tons of shots with medium format and needed to keep switching 12-exposure film backs at a rate of knots all day :(

1
0

Live a day in the life of Jennifer Lawrence: Tell Reddit to delete your stolen nude selfies

Hugh McIntyre

Re: "The subject of the photograph does not generally have any control or rights"

Actually in at least one small county (USA), someone recognizable in a photo has the right to restrict it's use for advertising or trade, and celebrities generally get a "right to publicity control" which means they get to control use of their images (because this is considered part of their trade). So the subject of the photograph *does* have control/right over the photograph in these cases. Hence model releases to avoid complaints later. OTOH newsworthy/editorial use is protected via freedom of speech, but even then a Release avoids debate about whether the use counts as news.

But I do agree with Cynic_999, that even if the person in the photo has signed away rights via a model release, Reddit is under no obligation to publish photos it does not want to, in somewhat the same way that theregister.co.uk doesn't have to publish user content/comments it doesn't want to either. So Reddit is free to have a policy banning photos based on taste or the subject not wanting them published, if Reddit wants.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017