* Posts by Jaybus

296 posts • joined 21 Jan 2011

Page:

Chap joins elite support team, solves what no one else can. Is he invited back? Is he f**k

Jaybus

Re: More likely...

"Why bother fix something when it seems to require a modicum of work and they can get away with doing nothing?"

In my experience, it is generally easier on everyone when the A-team does nothing. It is when they do something that disaster usually strikes.

Can't do it the US way? Then we'll do it Huawei – and roll our own mobile operating system

Jaybus

Re: I suspect its a clone of Android

The "national security" card may be overplayed for economic reasons, but that doesn't make it a non-issue. The arrest of a Huawei employee in Poland for spying, the arrest of the CFO in Canada on fraud allegations, equipment banned in several countries, the US attempting to extradite the CFO on similar fraud charges, ... It would seem the US is waiting in queue to get at Huawei, so conspiracy theories regarding the framing of Huawei by the US government notwithstanding, I remain unconvinced of Huawei's innocence.

Adi Shamir visa snub: US govt slammed after the S in RSA blocked from his own RSA conf

Jaybus

Re: Most vetted politician in history?

"Hardly, we haven't even seen his taxes yet. Luckily there is now actual oversight, so oversights such as not releasing his tax forms will be corrected against his will."

We haven't seen his tax returns because there isn't much point in it. People who make as much as he does get audited pretty much every year. I think that point was dropped even prior to the election when it became obvious that it was only going to expose the loopholes that many previous Congresses had inserted into the tax code to aid their benefactors. Trump himself took the wind out of that sail when he pointed out in a debate with Clinton that her benefactor (George Soros) enjoyed the same tax breaks that he did.

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Jaybus

Re: It's interesting...

"Some security is better than no security - as long as you understand its limitations."

Granted, however in this case it is far more insidious. In this case the lock appeared to function correctly and the resident didn't know it was flawed and easily picked. A false sense of security is far worse than some security and worse, even, than no security at all. So kudos to the discoverers.

Jaybus

Re: malicious JavaScript within a web browser tab

"Hardly requires an attacker to have a foothold on ones machine to proceed."

Only because JavaScript has access to high precision timers. Somewhere north of 90% of JS code has no need for microsecond timing. The easy fix is to disable HR timers (performance.now, hrtime() from Node.js, etc.) in the JavaScript engine by forcing the maximum timer precision to 100 ms or so, (something longer than the OS time slice) making a timing attack from JavaScript very impractical, if not impossible. It could of course easily be made optional, so that those who dared enabled HR timers could still play their JavaScript games. A timing attack would indeed then require a foothold on ones machine.

Ever used VFEmail? No? Well, chances are you never will now: Hackers wipe servers, backups in 'catastrophic' attack

Jaybus

Re: Backups?

I find that explanation lacking. "backup server" does not imply backed up data. If a network backup system, for example Bacula, is being used, then backup servers are the nodes (or VMs) that are running the network backup app, implying that they temporarily have no way to access the backed up data, but not that the backed up data, off-site or not, doesn't exist. Or "backup servers" could mean passive failover nodes (or VMs) in a high availability cluster. Very misleading terminology. So what exactly is/was a "backup server" at VFEmail?

Boffins debunk study claiming certain languages (cough, C, PHP, JS...) lead to more buggy code than others

Jaybus

Re: It's "What's the best language" all over again

As did I, but I will continue to do so, as the verbose comments are still far better at describing what the code is doing and far faster to read.

You like JavaScript! You really like it! Scripting lingo tops dev survey of programming languages

Jaybus

Re: I like JavaScript because... PHP!

Because, shaky start and lack of academic elegance notwhitstanding, it is faster in execution than the other leading interpreted languages, usually by a good margin.

We did Nazi see this coming... Internet will welcome Earth's newest nation with, sigh, a brand new .SS TLD

Jaybus

Re: Domain Expre.ss

"those people charged with protecting Trump, now not getting paid"

Certainly not true. The Secret Service has two missions; protection of the Pres, Vice Pres, foreign dignitaries, and others, as well as an investigative function to protect US payment and financial systems. Guess who would be the last US government entity to stop receiving their pay.

Holy crappuccino. There's a latte trouble brewing... Bio-boffins reckon 60%+ of coffee species may be doomed

Jaybus

Re: Umm... nope.

"Otherwise, I agree that the claims being made are rather spurious"

I don't know about their claims, but this article's claims that "The team of researchers decided to check all 124 wild coffee species against this criteria for this Red List, and believe at least one in six were threatened with extinction." somehow equates to 60% of all coffee species is simply ridiculous. Last I checked, 1 in 6 refers to 1 divided by 6, or less than 17%.

Peak Apple: This time it's SERIOUS, Tim

Jaybus

Re: RE: Charlie Clark

"... it seems to be positively discouraging manufacturers from developing sub-notebooks with Android."

That could just be the KISS principle. A one-OS-for-everything approach has not worked out so well for others, witness Windows 8. Keeping the focus on phones prevents the bloat that is sure to come when more powerful devices with more memory and storage, not to mention many additional i/o devices, are thrown into the mix. It is the same reason we have Android in the first place, rather than mainline Linux. A phone has no need for magnetic tapes, fibre channel NICs, RAID controllers, etc.

Oregon can't stop people from calling themselves engineers, judge rules in Traffic-Light-Math-Gate

Jaybus

Re: Incredible

"It's good to see that the justice system is still rather functional, it's just a shame that it is needed to correct the total lack of common sense of the state legislators."

Most states have laws requiring licensing of engineers for specific disciplines regarding construction and civil engineering. The obvious intent is to better ensure safety in the design of, for example, bridges, roads, public utilities, commercial electrical systems, etc. This batch of state legislators attempted to apply the law far outside of its intent and were slapped down by a scrupulous court doing its job. In fact, the vast majority of people with engineering degrees, including advanced degrees, are not licensed PEs simply because the law does not require it for their line of work.

The legislators are doubtless attempting to protect a money-making fining system. I know that in Tennessee the law itself states that nonpayment cannot have an adverse effect on credit score, driver's license, or insurance payments. Most people don't pay, because the likelihood of being sued for nonpayment is extremely low. Yet, there are enough who do pay to make it a profitable fine. If it could be proved that they were flawed, they would simply have to stop using them altogether. Rather than refute the proof, they attempted to refute his qualification to present the proof. The judge saw through their bs and ruled against them.

Small American town rejects Comcast – while ISP reps take issue with your El Reg vultures

Jaybus

Re: Democracy at its best!

"just don't tell those who have voted for it that this is called socialism."

By the definition of socialism, yes. The municipal government will own, or at least heavily regulate, the production (ie. the network infrastructure and service). Nevertheless, many people that deem themselves socialist here in the US would not consider this socialist at all, as everyone who uses the service will be paying the same monthly fee and there is no provision to subsidize the monthly fee. You could tell them that this was socialism until you were blue in the face and they wouldn't believe you.

Awkward... Revealed Facebook emails show plans for data slurping, selling access to addicts' info, crafty PR spinning

Jaybus

Re: Yes, they really seized them

"It's all rather reminiscent of the various 5-eyes spooks mass-spying on each others citizens because technically they can't mass-spy on their own."

Technically, yes, but with the focus on mass-spying on each others businesses for the purpose of determining how they might acquire more power (money) for themselves. Ordinary citizens are of little interest to either. I think that in government circles this is known as being 'allies'.

Gigabit? More like, you can gigabet the US will fall behind on super-fast broadband access

Jaybus

Re: gigabit is not aimed at the likes of you.

"I have no doubt that the industry will find ways to fill the bandwidth."

They already have, in the form of multiple video ads on every web page. While this doesn't require Gbps either, it does make gui web browsing nearly impossible for jake and other like him in rural areas that are drastically underserved.

I am in a similar situation to Jake, living in rural Tennessee. My wife and I both work mostly from home and have been struggling for years to get any sort of broadband service. Our options are T1 and Satellite. We just replaced T1 service that was in excess of $350 US per month, with business satellite from Viasat that is just under $200 US.

I have negotiated with both Spectrum Cable and AT&T to provide us with cable and fiber, respectively. AT&T has fiber running along the Tennessee river supplying manufacturers. The closest fiber is about 1500 m from the border of my property. (Spectrum leases fiber from AT&T to provide cable to a waterfront community a few miles away.)

Spectrum quoted me $86,000 US to run 1500 m of cable. AT&T is much cheaper and will run fiber for Ethernet service for only $11,000 US. In both cases, it was expected to take 6 to 9 months, as they had to petition the state for a right of way for a few hundred m along a state highway. So you see? What are they talking about? Gbit Ethernet service is available even in rural East Tennessee!

Yes, we could really use a fast Internet connection, and no, we will not give up our horse ranch in order to have it. We WANT Gbit service, but we do not NEED it.

Jaybus

5G wireless is not a replacement for DSL, or at least not exactly. Traditionally, wired services, DSL, EoC, EoF, etc, are sold by instantaneous bandwidth, ie. bits transferred per second, whereas wireless service is sold by total bandwidth, ie. bytes transferred per month. That is a huge difference in business model, making it far more expensive for the customer, particularly for those who exceed 30 GB/month or so. Unless this fixed wireless 5G is going to be truly unlimited, I call bs.

Jaybus

No ISP is going to upgrade DSL equipment. In many cases, it is not possible without replacing miles of tired old copper lines. I know that AT&T has for several years been petitioning the FCC and several state governments to allow them to retire all copper service, claiming that they can provide cellular service to all copper line service areas that meets or exceeds all state and federal requirements, e911, etc.

Don't blame Frontier for abandoning DSL. Blame them for not having already replaced it with modern technology.

Douglas Adams was right, ish... Super-Earth world clocked orbiting 'nearby' Barnard's Star

Jaybus

Re: Getting a proble there?

As for getting results, it could still use a radio transmitter with a big parabolic dish antenna. I'm sure it would use RTGs similar to the other deep-space probes to power the transmitter (and everything else), probably the tried-and-true Pu238 RTGs that were used in Voyager and Pioneer with half-life of 87.7 years. That bit doesn't seem so far fetched. It is the propulsion system that I doubt. 0.2c is two orders of magnitude faster than the fastest spacecraft thus far deployed.

Scumbag who phoned in a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges

Jaybus

Re: Sure, that is an exaggeration.

"Seems US police forces are only trained to fire first if the suspect is black. For white people they often do try to defuse first."

Umm... have you seen a picture of Finch? Seems a contradictory statement.

Amazon is at this point a money-printing cloud machine with a grocery store in the parking lot

Jaybus

Re: Wrong reason to worry...

"The really sad point is the mantra that we must move everything to the cloud."

I agree. However, AWS is only 10% of revenue, yet 67% or income, making it obviously overpriced. The mantra may change when someone figures out it isn't the cheapest option after all. In the end, money talks and bs walks.

F***=off, Google tells its staff: Any mention of nookie now banned from internal files, URLs

Jaybus

Re: US military services

"I'm not American: in countries where I am a national the Coast Guard is a branch of the Navy, so it never occurred to me that it wasn't part of the USN."

The US Navy org chart is vast and the bureaucracy so deep it is hard to follow. The US Coast Guard is organized in a unique way due to the relatively recent establishment of the Dept of Homeland Security. Ordinarily, the Coast Guard is organized under the Dept of Homeland Security, however in times of war, or when directed by the President, they are subject to orders of the Secretary of the Navy. The reason for this goes back to the Posse Comitatus Act forbidding military forces from law enforcement activities. That is, the spirit of the Posse Comitatus Act, since the law specifically does not apply to the Navy. However, if the Navy were to act as law enforcement against civilians, even though technically legal, it would cause a hell of an uproar. So, during boarding or interdiction activities, the US Navy uses Law Enforcement Detachments (LEDETs) of Coast Guard personnel to perform civilian arrests and law enforcement duties.

Should the US Coast Guard be included in your list? Don't know. It's like Schrodinger's cat. It could be either way until you actually look.

With sorry Soyuz stuffed, who's going to run NASA's space station taxi service now?

Jaybus

Re: Lose one bloody capsule in 50 years

Not quite one in 50 years, but definitely not a bad record.

1969 - Soyuz 5 - Separation failure on re-entry caused off-course, rough landing; no casualties

1975 - Soyuz 18a - Separation failure on launch - 1 serious injury due to 21G acceleration on abort

1976 - Soyuz 23 - Broke through ice and sank during landing; no casualties

1979 - Soyuz 33 - In-orbit engine failure forced abort and steep ballistic re-entry; no casualties

1981 - Soyuz T-10-1 - Fuel spill and fire forced abort on launch; no casualties

2003 - Soyuz TMA-1 - Capsule malfunction caused 8+ G re-entry; 1 minor injury

2008 - Soyuz TMA-11 - Separation failure on re-entry caused high G re-entry; 1 minor injury

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

Jaybus

No Worries

You would have to be an idiot to have Super Micro's BMC accessible from the Internet.

Redis does a Python, crushes 'offensive' master, slave code terms

Jaybus

Re: A silly issue, distracting from real work

"As someone who just turned 30 the whole master/slave terminology was tired years ago, and I don’t think I’ve ever used it in my own architecture, preferring “Primary” and “Secondary”, both of which can be easily abbreviated to single syllable words."

Those words have completely different meaning. Most English speakers would expect the secondary to have a "backup" or "auxiliary" or "redundant" role. If we are randomly choosing words for replacement, then I choose "fu" and "bar", so instead of a master/slave relationship, we would have a fu/bar relationship.

Nope, the NSA isn't sitting in front of a supercomputer hooked up to a terrorist’s hard drive

Jaybus

Re: How are they going to make sure the "enemy" buys back door kit?

Quite plainly, it is a stupid proposal. Access to keys stored at the ISP doesn't accomplish much. In any end-to-end encryption system, such as with OpenVPN, the ends each have sole access to their private key. The ISP cannot possibly grant anyone access to it.

Neutron star crash in a galaxy far, far... far away spews 'faster than light' radio signal jets at Earth

Jaybus

Re: Hope it's true

"But I do remember reading aeons ago though that, according to the maths anyway, this wouldn't pose a problem to objects already travelling faster than light."

The trouble with mathematical models is that we can use them to make predictions only when based on existing observations. For example, the Maxwell-Faraday equation works perfectly well when time is moving in the negative direction, but that doesn't make time travel to the past possible.

Jaybus

Re: "It has been shown that dark matter doesn't interact with the electromagnetic spectrum."

Empty space doesn't interact with EM either, yet there is a constant max speed through a vacuum. Until some means of finding dark matter exists, how can we measure the speed of light through it?

Jaybus

"...you either have Newton/Galileo (infinite max speed) or Special Relativity (less than infinite max speed)"

There is also a third, Magueijo-Afshordi. postulating that there is a max speed (Special Relativity), but that max speed has not always been the same, in particular that C was much faster just after the Big Bang than it is now.

Drama as boffins claim to reach the Holy Grail of superconductivity

Jaybus

Re: It's dead, Jim, but not as we know it

"I have a string theory for when people ask me "How long is a piece of string?"

The answer is half it's length times by two."

I have a different theory that is better supported by the available observations.

It is just short of the length it needs to be.

Space, the final Trump-tier: America to beam up $8bn for Space Force

Jaybus

Re: Americans need to alter the criteria for being allowed to be president.

"He was particularly successful at not being able to recall anything on the witness stand."

I thought that was a requirement for his job. As an actor, he was just a bit more believable than most. Bill Clinton should have paid attention. His not remembering having sex with interns was perhaps the silliest act on the witness stand.

Jaybus

"The Jupiter C, was America's first successful space vehicle, launched the free world's first scientific satellite, Explorer 1, into orbit on January 31, 1958."

Well then, it definitely IS correct, as the Jupiter C was designed by the US Army Ballistic Missile Agency.

Jaybus

Re: The US has a superfluous force anyway

"Why are US naval ground forces not US navy?"

They are. You just aren't considering enough layers of bureaucracy. The US Marines have been a component of the US Department of the Navy since the 18th century and still are. Yet, they are a separate branch of the Department of Defense.

Jaybus

Re: I don't understand why they need it

Can't control them either, can they?

Science! Luminescent nanocrystals could lead to multi-PB optical discs

Jaybus

"Because it's a shitload easier than moving the optics or using mirrors to move the beams accurately in 3 dimensions"

Not necessarily. TI's MEMS micro-mirror devices (DLP) could be used to scan in 2D. The researchers seem to be planning on MLC encoding for the third dimension. This would require moving nothing, other than the micro-mirrors internal to the DLP chip. Of course, it would then make more sense to use a compact rectangle, rather than compact disc.

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

Jaybus

Re: Core issues

I expect more that libgcrypt and others will soon catch up to other crypto libraries and adopt constant-time techniques that render this vulnerability a non-issue. If software uses a processor in such a way as to make the pairing vulnerable, then is it a CPU vulnerability or a software vulnerability? I can definitely see Intel's point and fully expect other CPU makers to chime in with the same argument once they are also shown to be "vulnerable".

Jaybus

Re: Intel. All hope is lost.

AMD processors are likely "vulnerable" as well, but I think they will side with Intel on this one. It is not yet clear that it is a CPU vulnerability, as opposed to a libgcrypt software vulnerability.

No fandango for you: EU boots UK off Galileo satellite project

Jaybus

Is Galileo going to be a subscription service or something? I'm not seeing the point of it. There are already the American and Russian systems that can be used. The ESA website page "Why Europe Needs Galileo" states the reason as "If the signals were switched off or degraded tomorrow, many ship and aircraft crews would find it inconvenient and difficult to revert to traditional navigation methods." Seriously? Billions spent in case both the Americans and Russians should simultaneously go completely insane and switch off their satellites, causing the exact same issue for their own ships and aircraft. What a waste of money! Wouldn't low Earth orbit satellites for internet service make more sense? And won't Galileo be at least as open as the American system, so it could be used by anyone anyway?

Internet engineers tear into United Nations' plan to move us all to IPv6

Jaybus

Re: Mapping plan

"The people who devised IPv6 were NOT engineers - any sensible engineer knows the KISS principle and would not produce such an overblown structure as IPv6."

Could not agree more. A simple extension of the address space to create a 128-bit IPv4 would have by now been in use worldwide for at least a decade. See Dan Bernstein's quite old article "The IPv6 Mess" https://cr.yp.to/djbdns/ipv6mess.html. Nothing much has changed.

You should find out what's going on in that neural network. Y'know they're cheating now?

Jaybus

Re: @ James 51

"Based on the information it is given it is a correct assumption."

No. Correlation does not imply causation. This is the reason for the addition of rule lists and such into algorithms being studied at ARPA and elsewhere.

President Trump broke US Constitution with Twitter bans – judge

Jaybus

Re: Off with his head!

You do realize that now that social media is an official "designated public forum", posting "off with his head" regarding the President is grounds for a Secret Service investigation of a threat against the President.

Jaybus

Re: So...

Not just Presidents! The judge made it clear in her opinion that it was unconstitutional. That means it applies to ALL government officials, including representatives, senators, the state governors, city mayors, etc., and of course to herself and fellow judges as well. I wonder if she considered that a judge will now have to allow the people they rule against to inundate their own Twitter feeds.

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed

Jaybus

Re: Re-Education

"If an interrupt handler would run in between it would smash some arbitrary memory at new-ss:old-sp"

Yes, which is the reason for the special interrupt-delaying handling of POP SS in the first place. Even the decades old 80386 manual stated "A POP SS instruction inhibits all interrupts, including the NMI interrupt, until after execution of the next instruction. This action allows sequential execution of POP SS and MOV ESP, EBP instructions without the danger of having an invalid stack during an interrupt1. However, use of the LSS instruction is the preferred method of loading the SS and ESP registers."

Note that last sentence!

Now note the footnote indicated at the end of the second sentence. The footnote states:

1. Note that in a sequence of instructions that individually delay interrupts past the following instruction, only the first instruction in the sequence is guaranteed to delay the interrupt, but subsequent interrupt-delaying instructions may not delay the interrupt. Thus, in the following instruction sequence:

STI

POP SS

POP ESP

interrupts may be recognized before the POP ESP executes, because STI also delays interrupts for one instruction.

The manual seems pretty clear on the subject of interrupt-delaying instructions, even going so far as to point out the exception when a sequence of interrupt-delaying instructions exists and, more importantly, to strongly suggest the use of the LSS instruction to load SS and ESP in an atomic manner.

So, is it lack of clarity in the manual, or is it failure to RTFM?

GoDaddy exiles altright.com after civil rights group complaint

Jaybus

"The feelings of people should not be the determining factor on who you do business with."

What? If, due to the feelings of people, you will lose more business by keeping them than by banning them, then of course they are a determining factor!

Europe fires back at ICANN's delusional plan to overhaul Whois for GDPR by next, er, year

Jaybus

Re: I don,t get it.

OK. But it is a two-way communication, so more like a phone number than a street address. If someone you don't know walks up to you on the street and starts talking to you, what is the first thing you ask? Probably "Who are you?" Same thing when someone you don't know phones you, emails you, messages you, etc. I see no reason for anonymous domain names. Just the name, mind you. The myriad other info is not needed and shouldn't exist in public WHOIS.

Jaybus

"And cut off the US from the largest trading bloc in the world?"

It wouldn't cut anybody from anything. WHOIS could be turned off completely and hardly anyone would notice. They should just limit it to showing only the owner and registrar names. Nobody needs all the rest of the info anyway, and surely GDPR is not about secretly-owned domain names. If it is, then why should the rest of the World be subjected to this level of paranoia?

BT pushes ahead with plans to switch off telephone network

Jaybus

Re: Oh well

"we are quite aware that we're much more likely to be able to do that safely from out on the playing field with a mobile phone than trying to call from a landline"

And what is powering the relay towers to which the mobiles must connect? Example: In the aftermath of hurricane Katrina, the only working comms in New Orleans were the government's satellite phones and old POTS phones that were powered from the POTS line itself.

ZTE to USA: Sure, ban us, but you cannot afford such victories

Jaybus

Re: @Hmmm

"it would also hurt China, because they'd be selling into a falling market"

That is really an understatement. When you are the (by far) major holder of any security, a sell off is limited because it crashes it so fast. Who would they sell it to once the trend line is straight down? So, yes, it is not as much leverage as it at first appears to be. In fact, it is only leverage so long as it is kept stable. Such a sell off would crash the dollar and suddenly US goods would be the bargain import for many. Lest we forget, in spite of a trade deficit with China, the US is still the 3rd leading exporter. It could seriously cut into Chinese and EU exports. Worse, for China, it would seriously increase the cost of Chinese goods exported to the US. Combined with rising wages in China, it would be a really risky thing for them to do.

Also, ZTE is a very minor portion of China's overall export business. It would take more than that for China to risk such a thing. After all, the US hasn't done anything that is going to seriously affect China's bottom line.

Data exfiltrators send info over PCs' power supply cables

Jaybus

Re: Not really

"You need a rather special power supply to defend against this"

A 'proper(inline) UPS' was specified. With a double-conversion UPS, the line power draw measurement is showing the current drawn by the UPS's (asynchronous) battery charging circuitry. I suppose that it shows that there was an increased power draw by the attached equipment sometime in the past several minutes. Not a very useful or accurate metric, easily thwarted by disabling sleep mode.

Jaybus

Re: Not really

"Just rectify the mains (inside the room, obvs..) onto a DC supply, put a soddin' great capacitor on it, then run an inverter off the stabilised DC."

A good description of the common double-conversion UPS.

Intel outside: Apple 'prepping' non-Chipzilla Macs by 2020 (stop us if you're having deja vu)

Jaybus

Re: Sure about ARM ?

"hey have their own ARM architecture CPU design that's way in front of anything else, equivalent to midrange desktops in performance."

Based on what? Even Geekbench doesn't imply that. But I do expect that Apple might get away with a slower performing MBP by stating that it is better because it is Apple.

Page:

Biting the hand that feeds IT © 1998–2019