* Posts by Ken Hagan

5765 posts • joined 14 Jun 2007

Ten new tech terms I learnt this summer: Do you know them all?

Ken Hagan
Gold badge

Re: "weaved"

"I have went"

If the pedants will look away long enough for me to say "It's not very irregular.", then I will. (If they won't, then would the rest of you be so good as to skip the rest of this post. Otherwise we'll get logical paradoxes.)

I think "went" is to "wend" what "spent" is to "spend" and so "I have went" is about as irregular as "I have spent" and therefore rather more regular than "I have gone". It should, of course, be "I have goed" but I imagine it is too late to insist on that now.

Quite how the verbs to go and to wend (as in, "wend their merry way back from the pub") ever became entangled remains as mysterious as ever, of course, but most western European languages seem to have one or two stupendously irregular verbs with different persons and tenses taken from different root verbs in older languages. I think it is some kind of competition.

6
0

'Coke dealer' called us after his stash was stolen – cops

Ken Hagan
Gold badge

Re: FTFY

"...Yes, it's a joke, don't shoot me"

But it's the fuzz, so what do you expect them to do? ... Bang!

6
0

Android-ocalypse postponed: Jide withdraws Remix OS from consumer frontline

Ken Hagan
Gold badge

"Android already has a huge and impressive app catalogue"

Really? Where?

Android hardware is predominantly poxy little screens and no keyboard. Unsurprisingly then, whatever is in the Play store is the kind of app that is usable on that kind of device. In addition there are painfully restricted "reader" versions of a handful of desktop apps. But there's next to nothing of the kind of software that normal people run on normal desktops for reasons that are both perfectly clear and very unlikely to change in the near future.

Of course, if someone could add a way to run Linux apps on Android, it would be a different story. :)

2
0

Forgotten your Myspace password? Just a name, username, DoB will get you in – and into anyone else's, too

Ken Hagan
Gold badge

"never bothered to delete their accounts, that's all."

If you only want to commit identity theft, "that" might be "all" you need.

2
0

Linus Torvalds may have damned systemd with faint praise

Ken Hagan
Gold badge

"It isn't written in nodejs, for instance."

With reference to the questions at the start of this thread ... that's damning with faint praise.

2
0

New Azure servers to pack Intel FPGAs as Microsoft ARM-lessly embraces Xeon

Ken Hagan
Gold badge

So today's news is that MS are interested in a device that sits alongside the CPU and offers potentially huge speed-ups for certain classes of compute-intensive problem. That was, of course, also the news about 20 years ago. What eventually panned out was that MS (and others) abstracted the interface to such devices, so that programmers could use the feature without (mostly) caring about which vendor was providing the gizmo. I expect this will go the same way. AMD are doing the same sort of thing, aren't they? Next month's news will therefore be that Intel no longer have the market to themselves and MS (and others) don't care one way or the other because their APIs work on both.

So, yeah, nice to see the technology roll out, however slowly. Not a reason to rush out and buy more Intel shares, though.

2
0

Intel bolts bonus gubbins onto Skylake cores, bungs dozens into Purley Xeon chips

Ken Hagan
Gold badge

Re: What's old is new again...

In fairness, the scheme offers nothing new in functional terms, because the CPU has no notion of thread as distinct from process, so the existing page protection mechanisms could always have been used to do this. What's new is that Intel reckoned that resurrecting a much more primitive scheme (costing only one register per thread) was worth it at this point in time.

No doubt the cycles of reincarnation will continue and this will soon be "legacy cruft, used by only one or two programs ever, but still needing to be implemented by every processor they ship, now and forever". Then, in about 20 years time, Intel will finally drop support for it and everyone will be aghast, ranting about the back-compat implications.

4
1

Ubuntu Linux now on Windows Store (for Insiders)

Ken Hagan
Gold badge

"Aaah, MENSA"

That fraction of the population who are too stupid to understand what's wrong with the notion of an IQ.

4
4
Ken Hagan
Gold badge

" One wonders if it's a special (no - not as in the bus) build of Ubuntu with extra built-in spying.."

Well since it is just the Linux user-space running on top of the Windows kernel, I imagine there is very little need to build in *extra* spying.

7
2

Is this a hotdog? What it takes for an AI to answer that might surprise you

Ken Hagan
Gold badge

Re: So where is the AI?

I don't decide how (or whether) my brain stores information. Why should an AI be different?

3
1

Tape lives! The tape archive bit bucket is becoming bottomless

Ken Hagan
Gold badge

Re: Price range

For a very rough estimate, Amazon will sell you a "1.5-3 TB" tape for about 20 quid which means that the price per TB is about half that of spinning rust from the same emporium.

(Obviously that's not the tape product being discussed here, but hopefully the unfairness of my comparison will provoke someone who actually knows about the subject.)

0
0

Fast-spreading CopyCat Android malware nicks pennies via pop-up ads

Ken Hagan
Gold badge

Re: I feel retarded

"Android versions prior to Nougat also run older versions of the Linux kernel."

It's worse than that. If you (*) upgrade an older version to Nougat, you are probably still running the older kernel. In fact, you are probably stuck with whatever kernel version was current when the original device manufacturer first released the device.

(* Yes, I mean you, with something like CyanogenLineage. Obviously the OEM has other options. However, I don't know if they actually take advantage of them. Anyone out there with a phone running the vendor's stock image that has been upgraded? Was the kernel upgraded at the same time?)

0
0

While USA is distracted by its President's antics, China is busy breaking another fusion record

Ken Hagan
Gold badge

Re: Who still uses farenheight for things like this ?

"It's what I learned back in the 80's."

Really? Which 80s? Seriously, the idea that someone could have received a technical education in non-SI units at any point in the last century is pretty sad.

6
0

Largest advertising company in the world still wincing after NotPetya punch

Ken Hagan
Gold badge

Re: I'm setting up a board of directors outsourcing company.

I'm assuming you aren't actually going to try this but...

There's no shortage of smart-enough people in poor-enough countries, so it would probably work. It is also in line with the bizarre-but-conventional wisdom that you can manage something that you have no experience of because management is a skill in its own right.

All you need now is to find some pissed-off-enough shareholders to volunteer to be your first customers.

3
0
Ken Hagan
Gold badge

Re: 3 years to install a "central patch management" system?

" Those local admin rights sound like trouble, but "Windows has an option to store encrypted passwords" WTF? You have to ask it to? "

I don't know what that's all about. Windows (NT flavour, obviously, since DOS doesn't count) has always stored passwords just as securely as any other mainstream OS. Best practice in this area was established about half a century ago and isn't actually difficult.

Of course, there's nothing stopping some clueless twat of a programmer from storing a password in plaintext in an INI file on a network share open to the universe, but you could do that on any OS.

0
0
Ken Hagan
Gold badge

Re: Local admin rights

"I'm not blaming devs, they're often under pressure to deliver but we all share the blame on this sort of bad practice."

I've been developing for NT since version 3.1 and I can place hand on heart and swear that I have never shipped a product that required admin except for configuration that actually does require admin. I won't swear that the configuration was always confined to a separate process, but I will swear that it had a graceful fallback when run as a normal user.

I most definitely do blame the devs. A gratuitous requirement for admin rights is sufficient grounds for sending the product back and asking for a refund, if for no other reason than it indicates that the developers haven't a fucking clue and ghod alone knows what else is broken under the hood.

(So actually, yeah, like the other guy I blame the devs first but then also the procurement people who tolerate this shit.)

7
0
Ken Hagan
Gold badge

In what sense is any advertising more real-world than any other? The product is a message, not an object, and the preferred media of transmission are surely just whatever reaches the target audience.

0
0

Create a user called '0day', get bonus root privs – thanks, Systemd!

Ken Hagan
Gold badge

Re: Security - he hasn't heard of it

"I understand this is annoying, ..."

... because there is a detectable error in the unit file and yet the system does not tell me about it.

"but still: The username is clearly not valid."

...so systemd feels free to make shit up and do that instead.

Sorry Lennart. This is not a security bug but it is definitely a bug, and a pretty embarrassing one at that.

26
0

Windows Insiders with SD cards turn into OneDrive outsiders

Ken Hagan
Gold badge

"even Redmond creations like the Resilient File System (ReFS) are blocked"

So yet another case of their right hand not knowing what their left hand is doing.

MS have looked for many years like they no longer have functioning management. Individual projects may roll out OK, but the bigger picture is lost. Two different control panels ever since Win8? Check. But that was 5 years ago, so surely it has been resolved by now. Oh dear. Patchy support even amongst the built-in utilities (like the aforementioned control panel) for hi-dpi displays ever since Vista. Check. But that was 10 years ago, so surely it has been resolved by now. Oh dear.

So if the entire senior management team falls over in the forest, does anyone actually notice?

27
0

Constant work makes the kilo walk the Planck

Ken Hagan
Gold badge

Re: Isn't there a risk ...

@breakfast: Yes, but until they do show up in our corner (either literally or through observations of remote places or times) Occam's Razor tells us to ignore the possibility.

0
0
Ken Hagan
Gold badge

Re: Confused

"When we first came across American stuff we were having trouble with it all until we realised they were the ones using imperial measurements"

Actually, no. The Americans went their own way before "Imperial" measurements were a thing, which is why their gallons are the wrong size. I'm not sure what the correct name is for their system -- probably "English".

2
0

NASA: Bring on the asteroid, so we can chuck a fridge at it

Ken Hagan
Gold badge

The smaller one is small enough for us to notice the hit. The larger one is large enough that the hit makes no measurable difference to the pair.

...I'm guessing.

8
0

How to pwn phones with shady replacement parts

Ken Hagan
Gold badge

If I may just butt in on your exchange with Charles 9, I think the issue is what you understand by the phrase "the hardware itself". The difficulty is in the first word: "the".

Some hardware needs to be trusted. To my knowledge, no-one has found a way of building a trusted plaform on top of an untrusted CPU. At some point, the data has to be processed. Building a transparent hardware encryption of memory is conceivable, but I don't know of anyone who has done it. I imagine the cost (in performance) is a worry and I imagine that replacing "needs to trust memory" with "needs to trust the memory controller" isn't reckoned to be worth the effort. You can, however, build a trusted data volume on an untrusted drive and this is now commonplace.

Once you get to "hardware that you plug in", like USB sticks and eSATA drives, there is an expectation that "the hardware" should not blindly trust "the peripheral" and some bus architectures have been crtiticised (well, actually, more like written off as "do not use, ever") on this site and elsewhere for allowing precisely that.

With that context, I'd say it makes a big difference whether the hardware is outside or inside "the box" and that test should be interpreted as "end-user serviceable" rather than taken literally. So the SD card counts as "outside" even if you have to take the case off and remove the battery in order to get to it. The screen, however, is definitely "inside" for a phone or laptop, but would be equally definitely "outside" if it is a desktop machine with graphics card and a cable socket.

There is no shame in building systems that trust the hardware inside the box. There is plenty of shame in trusting hardware outside the box. Vendors should probably design their boxes so that you just need fingernails to access the outside parts but you need a screw-driver (possibly one of those stupid ones that no normal person has) to access the inside parts. Then everything is clear.

2
0
Ken Hagan
Gold badge

Those expensive brands don't make all their own components, so they would be neither liable nor aware if they were fed dodgy components from somewhere. So, um, where do the big brands do all their manufacturing and component supply these days?

2
0
Ken Hagan
Gold badge

Re: This is news?

"At best you could plant malware but you'll struggle to siphon data off in a lot of cases."

That's what the malware would be for. After the user has done their thing to decrypt the drive, your malware can siphon whatever it likes.

5
0

Ubuntu 'weaponised' to cure NHS of its addiction to Microsoft Windows

Ken Hagan
Gold badge

I think you are missing the point that the alternative is equally disruptive. The NHS appears to be running on a vast number of XP boxes. The fact that these systems haven't already (many years ago) migrated to a more recent version of Windows surely proves that there is no upgrade path that isn't massively disruptive and painful.

8
0

NATO: 'Cyber' is a military domain

Ken Hagan
Gold badge

Re: "'Cyber' as military domain" - sounds cool ...

"I simply can't see that happening, which is completely consistent with the development of NATO's cyber strike capabilities in the last 20 years."

One hundred years from now we'll probably be able to say for sure what those capabilities are. My guess is that we'll discover that the most powerful weaponry and most robust defences were actually in the hands of a handful of private individuals on both sides. I'll also guess that hindsight will refute the idea that cyberspace had well-defined borders, so even if NATO generals talk about defending NATO countries, the border is so flaky that for all intent and purposes the Russians are already here and we are already there. How can you talk of strike capabilities when you are already in the midst of a million-person melee?

1
0
Ken Hagan
Gold badge

Re: I'm fine with NATO working on cyber-defense

"-Expanding NATO to include the Ukraine"

Expanding NATO to include Russia would actually be a smart move. That is, if you can get relations with Russia and mutual respect for each other's rights of self-determination to the point where it isn't just laughed out of court, you'd have done a fantastic job of guaranteeing the security of the West and East and you could start to think seriously about sorting out some of the humanitarian disaster areas elsewhere.

But I get the feeling that NATO is about job security for generals rather than actual security for countries...

1
0

America throws down gauntlet: Accept extra security checks or don't carry laptops on flights

Ken Hagan
Gold badge

Re: Anon

They've already tried that. It turns out that it dulls the explosion and merely amuses bystanders.

5
0

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

Ken Hagan
Gold badge

Re: Cyber sex in action

I agree with that reading, but would add...

"- if you patched MS recently, NotPetya will propagate by finding credentials in the RAM"

...which, if you are logged in as a normal user rather than a pseudo-admin, won't be sufficient to go any further. Perhaps.

12
0

Google hit with record antitrust fine of €2.4bn by Europe

Ken Hagan
Gold badge

The average US startup burns through its seed capital and has nothing to show for it at the end of the exercise. Being an entrepreneur is hard.

Intel and Microsoft also changed the world for good. If you are too young and uninformed to remember or know how, I suggest you do some reading up on how the world was back then. If they have both become fat and lazy and exploitative in recent years, well they are in good company: Google have gone the same way.

5
1
Ken Hagan
Gold badge

Re: Pesky Euros

"One billion quid to the DUP, divided by three and a half million foreigners."

You are assuming that these foreigners will be willing to pay. Many won't, which will push up the price of the cards, so many more won't, until eventually the one who really wants to stay is stiffed for a cool DUP for the bit of card they need.

1
0
Ken Hagan
Gold badge

Re: Possible solution

Google is welcome to pull out of Europe. They are quite a good search engine, but they make a lot more money out of Europe than Europe makes out of them. They are also free to pull out of China, where they are treated far more badly than in the EU, but funnily enough they are willing to put up with that, too.

It's only politicians who believe that their country's businesses can dis-engage with the rest of humanity and somehow come out stronger. Everyone who is actually in business thinks it is a daft idea.

8
1

UK Parliament hack: Really, a brute-force attack? Really?

Ken Hagan
Gold badge

Liability?

If the member is the responsible party, does that mean that nearly a hundred MPs might now be facing prosecution for something where a conviction might mean a by-election? Brenda's not going to like that.

4
0

Humanity is doomed: We watch 45 BILLION hours of YouTube a month

Ken Hagan
Gold badge

An hour a day sounds like fairly light usage compared to what their parents' generation used to spend watching the goggle box, and with YouTube you are picking your own viewing rather than just swallowing whatever cack the channel controllers have decided you ought to watch.

And whilst YouTube doesn't do news, the internet does. In fact, for most of the world's population, the internet does news rather better than the local TV stations. So much better, in fact, that the local governments get upset.

10
1

Microsoft recommends you ignore Microsoft-recommended update

Ken Hagan
Gold badge

Re: How am I supposed to IGNORE the update...

You ignore it by paying extra cash to be a business user (who can delay updates for a month or two) rather than a beta tester home user.

18
1

Heaps of Windows 10 internal builds, private source code leak online

Ken Hagan
Gold badge

Re: Long File Path support

"- I was not talking about Windows apps in general, but the File Explorer application that ships with Windows."

That would be the file explorer that has always supported third party extensions, written by people who read the docs and therefore know that a 260-character buffer is safe.

"- Applications written for other OSes commonly make files with paths that exceed 260 chars, why should Windows users be unable to handle those files ?"

Because Windows documentation has, for 25 years, consistently stated that a 260-character buffer is the maximum that you need to support, even if weird hacks are available to let you manipulate files created by other sub-systems.

"- I have not heard a file's path called its "Metadata" before."

Meh. It seems like a perfectly reasonable use of the term to me. It isn't part of the file's data, but is nevertheless *about* the files data. Would you have been happier if I'd followed the NTFS documentation and called it an attribute?

6
1
Ken Hagan
Gold badge

1. I don't think MS need undocumented features in quite the same way anymore. There is a mind-boggling array of documents concerning APIs, file formats and network protocols used by Windows and other MS software. (e.g. https://msdn.microsoft.com/en-us/library/dd208104.aspx.) The problems these days are firstly can you find the document you want and secondly does the MS implementation actually match the document? (And if it doesn't, tempting you to follow the current implementation instead, will they just fix it in the next release leaving you looking like the idiot who couldn't follow a spec?)

2. I think the drivers in this leak are the bus drivers, implementing (hopefully correctly) protocols that are fully documented and already supported by other OSes. The drivers you want are the vendor-specific layers on top and these aren't included here. In most cases, MS will not have that source.

8
0
Ken Hagan
Gold badge

Re: I'm done with Windows.

As has been widely publicised on these pages, those instructions don't work for Windows 10. Apparently you were too smug to do a simple search.

10
0
Ken Hagan
Gold badge

"tell all developers that they are free to look at the sources"

I see where you are coming from but I think that would kill Windows as a platform.

Developers would look at the current source code and write apps that depend on behaviour that is currently true but which is merely an accident of the current implementation. Since Windows apps are typically sold as closed source and typically not updated for free by vendors to track OS changes, the result would be that each new version of Windows would break about half the software that you've paid for, with fixes only available if you pay the vendor again.

As readers of Raymond Chen's blog will know, this already happens to a debilitating extent. That's surprising because the only way to create such dependencies right now is to reverse engineer Windows. Apparently some programmers are smart enough to walk over assembly listings and reverse engineer how Windows currently works but not smart enough to realise how fragile this is. Worse, many of these programmers do this even when there is a documented alternative.

11
0
Ken Hagan
Gold badge

Re: Long File Path support

"Yet other systems have had it a lot longer, without said issues..."

These other systems have issues of their own. For one thing, they almost certainly don't run <insert-important-and-private-internal-app-here>. If that's not important to you, go ahead and run other systems, but you can hardly blame Microsoft for supporting their existing customers.

Actually the registry hack isn't safe. For 25 years, MS have promised developers that a 260-character buffer will be able to accomodate an arbitrary path. If you quietly raise that limit, all that happens is that end-users suddenly find that the filename they type is not the one that actually gets used by the program. At best, that's a bug. At worst, it is a security hole.

As an alternative to the registry hack, where developers have taken the trouble to support longer paths safely they can advertise that in the program's manifest. Users will then get the benefit where it is safe and be protected with legacy behaviour where it would not be safe. (Please note, however, that if your program uses a standard file open or file save dialog, you are potentially hosting arbitrary Explorer extensions, so you can't honestly write that manifest entry.)

And on a completely different tangent, 260 characters is over three lines of text. If your paths are longer than this paragraph, I'd say you were using the filename to write a short abstract of the document contents, which is an abuse of the metadata.

10
5

UK and Ecuador working on Assange escape mechanism

Ken Hagan
Gold badge

Re: "while he nips over to Heathrow or Gatwick and gets on a flight to Ecuador?"

"There's no direct flights from the UK to this neck of the woods."

Even assuming there was a direct flight, would that be safe?

Honest question: if a suspected criminal is on an international flight, does international law allow an overflown country to demand that the flight lands on their territory so that the suspect can be arrested? If the answer is yes, Assange needs the willing connivance of more than just the UK.

0
0

Virgin Media router security flap follows weak password expose

Ken Hagan
Gold badge

Most modern routers have a WPS button whose effects only last for a couple of minutes. Why not say that you can only log in during that window? (You could ignore the rule if the user changes the password to something strong enough.)

This is just a repeat of the perennial problem that passwords short enough for the average Joe to remember are not long enough to keep the average Joe's assets safe. It's going to keep coming around until we learn to stop relying solely on passwords.

0
0
Ken Hagan
Gold badge

Re: re: what advantage there would be to buying another router

"er ... isn't the article you just commented on reason enough ?"

I doubt it, since the problem outlined in the article can be avoided by changing the password. No need to stop using the router. Also, the problem outlined in the articled is not fixed by buying a separate router if you put an equally weak password on the second box.

In short: the router is not the problem here.

5
0

Numbers war: How Bayesian vs frequentist statistics influence AI

Ken Hagan
Gold badge

Re: Given that there are no comprehensive models of the world...

I think that's the key point. Everyone brings a prior (guess). The frequentists insist that the only legitimate prior is one that expresses total ignorance. The Bayesians are willing to start from somewhere else. Once enough evidence actually turns up to make the prior unimportant, both parties agree. Until then, you don't actually have enough evidence.

1
0

Tesla death smash probe: Neither driver nor autopilot saw the truck

Ken Hagan
Gold badge

Re: Being human

"Completely entrusting his life to beta software."

And this guy ran a tech company. Unbelievable.

5
0
Ken Hagan
Gold badge

Re: Right, $50 of bars will stop a 4000lb car going 74mph.

"The problem is rather with unlevel crossings."

So you deliberately create a slightly larger hazard in the road on either side leading up to the crossing. That way, no-one can actually reach the crossing unless they are also able to cross it.

(Or has some sociopath got a patent on that idea...)

3
0

In the Epyc center: More Zen server CPU specs, prices sneak out of AMD

Ken Hagan
Gold badge

Re: That SEV mode looks really interesting

"The researchers create and run the VMs they use to study malware. They just have to not check the box for encryption."

But the client OS can presumably detect whether that box was checked. Otherwise the system is worthless because you still have to trust the person hosting your VM when they say "I ticked it, honest.". Of course, you then need some kind of way for a client to know that the VMM isn't virtualising the instructions that you are using to detect whether they checked that box. I'm not sure where it all ends.

0
0

Ad 'urgently' seeks company to build national e-ID system

Ken Hagan
Gold badge

Re: Might it be the proposed EU citizens registration for the UK?

Makes sense with the timing.

Some minister will want to know what's feasible or affordable so that they don't seem quite so dumb in the negotiations. So they ask a civil servant for some proposals.

The Home Office's answer to everything is a National ID Database, so the civil servant who is given the research task just fills in the most recent estimate for the population of EU citizens in the UK and asks around the usual suspects for quotes/tenders.

Some opportunistic company reckons it is worth a punt maybe hiring a few people so that they can claim to be ahead of the game if things come to fruition. So they post the ad.

The exact requirements in the ad are therefore one company's guess based on one placeholder-proposal from one civil servant from a minister who is only asking because he hasn't thought about it carefully yet.

5
0

No, really. You can see through walls using drones and Wi-Fi

Ken Hagan
Gold badge

Those higher frequencies will give you the extra resolution, but only if they can actually pass through the brick walls. (Ironically, this probably means that conventional radar wisdom is mis-leading because conventional radar depends on the opacity (or at least, the reflectivity) of materials to the chosen wavelength, not their transparency as required here.)

3
0

Forums

Biting the hand that feeds IT © 1998–2017