Posts by Ken Hagan 8168 publicly visible posts • joined 14 Jun 2007
"I filed for it some 40+ years ago and got it and its universal."
I think there are quite a number of neuroscientists who would be *very* interested to read that patent.
Also, if you ever need a million or so, you could tip off the Nobel committee. I doubt there would be any serious challengers.
This again?
The US Patent Office is not supposed to test for novelty or anything else. US law says that you get a patent for filling in the form. The idea is that it is only worth something if it later stands up to challenge in court. Sadly, that last bit doesn't really work, not least because every other PO on the planet is apparently stupid enough to treat a US patent *as though it had already been tested and found valid*.
The system has been like this for 20 years and apparently every legislator on the planet outside the US is too fucking stupid to realise that the US no longer checks patents at the time of issue.
"We can't call it quintuple level cell because QLC is already used for quad-level cell flash. "
You'll hit that with 6 and 7, too. Might I make a suggestion? Writing 2LC, 3LC, 4LC, 5LC ... works fine for the forseeable future. Start using it in articles now and hope that it catches on with other authors before the quad-quin ambiguity becomes a real problem.
Sigh. Money is backed by the government that issues it, using however much of the resources of the country that they can realistically drawn upon. That may not be as much as the money in circulation, but it is infinitely more than some anonymous guy's say-so.
If a mix is used, the whole file is declared syntactically invalid. Problem solved.
A computer should never guess what the programmer meant. Tolerance has its place, and that place is end-user input. Programmers should just get it right and they should have the input thrown back at them repeatedly until they do that.
Funnily enough, this is also the answer to JavaScript's semi-colon question.
"The stupid all runs together for we old guys."
You are too kind, and not especially old. I'm trying to teach my kids about revision control before they get too deep into their own projects.
https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration
These guys are on level 1 : not even repeatable from one day to the next because they don't actually control their own code.
"COMMUNISTS!!!! Aaaarrrrggghhhh!"
Where? China hasn't been communist for a couple of decades now. It's a monarchy, although not yet one you could describe as "heriditary", unlike its north-eastern neighbour.
Of course, all "communist" countries tend to follow this model, but I do think it would be helpful if those of us who don't live in them (and therefore are free to speak) stop using the C-word and start calling them what they really are.
"I am in my position because I was the best applicant at the time. "
You *may* have been. However, all we can be certain of is that the person who employed you *thought* you were. We have no way of assessing "best" when matching something as vague as a person to something as vague as a job. We never will. HR is not a branch of engineering.
"Applying positive gender correction to numbers, etc EARLY. VERY EARLY. The latest point where it can and should be applied is University."
You are on the back foot with that one from roughly age 10 onwards. By 14 or so (in the UK at least) children are closing doors on themselves academically with their subject choices. By the time you get to university, it is *way*, *way* too late to do anything about the fact that the applicants simply aren't there.
Other than that, I think I agree. I particularly like the "Alice" touch, though it will doubtless annoy the snowflakes described in the article.
(Edit: The term "snowflake" was coined by social conservatives as a term of abuse for those who in their view "couldn't stand the heat" of real life. Therefore, I think it is entirely reasonable to use it against those of that same group who, it seems, can't stand the heat when it is applied to themselves.)
I'm not sure the "don't understand" bit is entirely fair. What he doesn't understand is why anyone could possibly think these currencies were worth anything. That's different from understanding how they work. (Possibly he doesn't understand that either, but at least that is because he doesn't *need* to, given his position on their intrinsic value.)
On the other hand, he probably knows a pyramid scheme when he sees one.
"Then explain Ireland?"
That's an example of a wider phenomenon whereby tax dodgers can break any *individual* law for a few years until the authorities catch up, whereupon they come to a "settlement" about previous years' mis-behaviour and have to find a new dodge in future. Since the authorities are always a few years behind the dodgers, the long-term effect is a rolling window of opportunity for the most "innovative" accountants.
"In my opinion, corporation tax should be abolished, you can just set VAT and payroll taxes to fair tax rates and be done with it, and everyone pays the same percent of turnover. That's not possible to fudge."
Until you find a company that pays staff almost nothing but which conveniently provides huge pensions and all-expenses-paid staff accomodation. You can fudge anything and those earning the most will always be able to spend more time/cash on fudging.
I will accept, however, that my example would be pretty blatant. In fact, almost any simplification of the tax code will make it (slightly) harder to fudge things. You could, for example, scrap several thousand "tax breaks" that have been introduced at a rate of several per year (because they are eye-catching and politicians like that) since the dawn of time. This would hurt almost no-one except the accountants.
"Just exercising my freedom of speech in the manner that you seem to support."
Indeed, and notice how little threat you pose to the community. By the way, you're wrong. I think you should be killed just in case you are tempted to say something unsafe again in future. It's the only way to be sure...
They are all "badly written", by design. This is just a heads up at the sort of shenanigans they have been getting up to all these years. AV tools are an invasion of your kernel internals by someone who doesn't know enough about your kernel and cannot respond to implementation changes in a timely fashion and if they get it wrong then your entire system is tanked and you might as well not own a PC.
If there was some way to insert a random fuzz on the RDTSC instruction (which I imagine is the only timer with sufficient resolution to measure a cache miss) then that might work. Alternatively, is it possible to block access to RDTSC from user-space processes? If so, that might cut off one line of attack (though presumably still leave open the "attack VM host from guest kernel" vulnerability, which frankly ought to be scaring the cloud computing industry shitless.
I don't know but...
The bit that is best hardware-accelerated is the encryption of payload data once you've authenticated and agreed a key with the other party. The bits that are most likely to be new in WPA3 are "everything else".
WPA2-with-fixes might offer a stepping stone but, as the OP said, good luck getting firmware updates for your existing Things (as in, internet-thereof). My guess would be that upgrading to WPA3 may be no harder than upgrading to WPA2-with-fixes.
"but there are LOTS of so called genuine web media outlets which don't scrutinise the advertising space that they've resold"
Perhaps they should. Perhaps there should be a bit more reputational damage for sites that don't scrutinise what ends up in their advertising space. Perhaps then we'd see the ad-brokers given the damn good kicking they so richly deserve.
After all, if you can code up a Spectre attack in Javascript, ads are a pretty major security issue.
"convinces half of parliament that security is secondary"
I think most of us would be surprised and delighted to discover that many in Parliament who cared even that much. (To consider just one example: if you or any of your staff are surfing porn sites on a work computer, security is not even in your vocabulary.)
"Or the patch won't appear in Windows Update."
Or any other patch, from now on, perhaps? Presumably MS will rig the WU software so that it tells you that updates are not being provided and this is what you can do about it. Presumably...
"It's an interesting one, but I don't personally think that Intel should be held liable for this, as it's not an intentional bug."
I agree it is interesting, and I might even agree that Intel shouldn't be held liable, but if I did then I would have a different reason for doing so. The issue is not intent, but negligence. I don't think anyone close to the action is suggesting that Intel knew about this prior to mid-2017. It would be nice to think that our spooks knew about it before then, and distressing to imagine that the other side's spooks knew about it, but in neither case would we expect Intel to be informed. So the question is: is the flaw sufficiently obvious that we can call it negligence. Well ... given that it took just about everyone 20 years to work it out, I don't think we can call it obvious.
Oh, and I also agree that Intel's PR release was BS. I'd be happy to see them prosecuted for *that*. I'm also pretty unhappy about the timescale surrounding their CEO's share dealings.
"Are the Linux patches similar?"
To answer my own question, the only linux patch available for my Debian Stretch boxes right now is one for linux-image-amd64, so that's a big fat no. If there *are* plans to recompile all of user-space with Spectre mitigations, they aren't being put into effect yet.
"Contrary to what Intel is bleating about it, it looks to be all Windows components being patched. And an enormous and rather terrifying number of them, all patched at once."
To be fair, *only* Intel are trying to pretend that this is a minor issue. Everyone else is talking about how unfixable Spectre is and how it can only be mitigated with counter-measures compiled into all software running on the system. Presumably, then, MS have simply run all of Windows through a version of the compiler that applies the mitigations. They've had 6 months to test such a compiler and they have a reproducible build system for all of Windows, so this isn't any more scary than a hobbyist rebuilding their own Linux system, which any competent software developer will tell you is not *very* scary.
"Also US-CERT has suddenly changed their advice and they don't want you to change your CPU now..."
Perhaps someone pointed out that it is pointless to suggest everyone buys a new CPU if the new ones are vulnerable in the same way.
Has anyone suggested a timescale for how long it will take to design, test and roll out production on a new CPU design that is immune? They ought to have started last June, so to a first approximation it is "the usual tick-tock period minus six months". I think that works out as a couple of years, making "a new CPU" pretty pointless until 2020.
"European Linux distros"
Assuming that a distro could meaningfully be described as belonging to a geographical region, I imagine that it would be constrained by the localisations of the individual software packages that it contains.
I'm as irritated as the next non-American by this tendency to use the spellings of a relatively minor (in numerical terms) dialect of English, but I don't think this a fair example.
For anyone who pays for their time on a platform, "30% slower" equates pretty directly to a figure for damages. We won't necessarily see a class action though. Instead, we may find that cloud providers simply lower their charges for Intel-based VMs (to avoid being sued by their own customers) and then turn around to Intel and ask for a lump sum to cover it.
For anyone running a system on average at anything below 70% of its rated power, it would be harder to come up with (and defend in court) a particular figure for damages. Those cases would be messy, so I don't expect too many of the little guys will take Intel to court.
"AMD statements are beyond silly."
Are they? We appear to have proof-of-concept demos that work on Intel. If those don't work on AMD then the onus is on you (or, more likely, Intel) to demonstrate that it can be done. New information is coming to light at quite a rate and such demos may already exist or may exist by the time you read this reply, but it is not obvious to me that all OoO processors are necessarily vulnerable or are vulnerable in ways that cannot be patched in software, so "beyond silly" seems rather harsh.
@jmch: Yes, and for the avoidance of doubt let me say that your phrase "NSA-types" should be taken to include all the bad guys. We should not forget that whilst 99% of humanity does not look for ways to screw each other over, 99% of those who do are the kind of folks who won't share when they find a new way to do that.
"First rule of secure communications, is to assume that your communications aren't secure."
It sounds nice, but if you take the position that your communications *are not* secure then logically there is no point in taking any steps to secure them.
What you actually have to do is assume that they *might not be* secure in ways that you don't yet know and you should attempt to mitigate against those by layering security elsewhere and (if you have the resources) supporting attempts (by yourself or others) to learn more about the things you don't yet know. This philosophy is much less memorable, but leads to concrete suggestions for action on your part, so it is more useful.
It was noted in another thread that executives have to give months of notice before trading their own shares, so this is probably innocent. On the other hand, the article indicates that the bug was reported last summer. I don't know how much notice is actually required, but it is possible that there are legitimate questions to answer.
However, whilst the impact of this bug is obvious to me, it may not be obvious to a CEO. If I went to *my* boss and said there is a flaw in almost every product we've produced in the last 20 years which is financially quantifiable (at least for cloud users, the impact of this bug *can* be measured in dollars) and is by design so we can be sued to pieces ... he might not believe me.
The description in the article would seem to allow a fairly simple fix in the OS.
When the original page fault occurs, control is passed from user-space (or guest space) to kernel space (or host space). The handler can determine whether the faulting address is outside user-space or not. In fact, it probably already has to do that in order to process the fault. If not, the fault is legitimate and will be related to (say) stack guard pages or virtual memory paging. We wouldn't want to penalise those, so we proceed as usual.
However, if it *is* outside user-space, I can't see any reason not to "punish" the application program (or guest kernel) by performing a full cache flush. This blocks the information disclosure. It is obviously quite costly, but as long as the bill is charged to the offending application (or guest, and in the case of cloud providers that will really mean *charged* so the provider is still happy) then it doesn't count as a DoS attack and no properly written application will ever have to pay the bill.
What have I missed?
"But I'm guessing that's not the real problem. It's influence. There's obviously a strong pro-Windows faction in Munich and they've been real busy making a nuisance of themselves since the beginning of the migration."
Well as I pointed out last year when the story broke, they are claiming that they couldn't get email running on Linux, so there's clearly more than just "influence" and "nuisance" at work here. They must have a fully-fledged fifth column and if the truth were ever to come out it could probably result in criminal prosecutions.
I mean ... jeeez ... couldn't get *email* to work? On Linux? Did they even try?
There are well-documented cases in Medieval Christian Europe of marriages being *arranged* at such a young age and several cases where the ceremony was performed (sometimes by proxy, so the children involved had no say in the matter whatsoever) but it was considered unacceptable to consummate the union until puberty, and poor taste even then not to wait a few more years for concern over the health of the girl.
Whether similar practices existed lower down in the social strata, I have no idea.
"surely where the information is accessible from, and by whom, is just as important as where it's physically stored?"
Not really, unless you want to make it legally impossible for *any* company to operate outside of the country where its head office is located.
One of the reasons why companies have subsidiaries abroad is to make the operations of those subsidiaries subject to the laws of those countries, thereby making it easier and safer (and in some cases, just plain legal) for customers in those countries to do business with those subsidiaries. I would argue that the practice ought to be more widespread and that all sales to consumers in country X ought to be conducted through a subsidiary in country X and taxed according to the laws of country X.
The ease with which one can perform an action has no bearing on whether that action is actually legal.
I find it quite shocking that this is actually presented as an argument on the prosecution side. I can only assume they came up with better arguments when they were law students, otherwise it is hard to see how they ever got qualified in the first place.
"But be careful, you don't want to accidentally be practicing law without a license."
I suspect that isn't enforced quite as you envisage...
"Your honour, I did it, but I'm not a licensed lawyer, so it isn't actually legal for me to know what the law is, nor was it legal for at least some of the state legislators to have voted to make it the law in the first place.
"if you had to involve the head of marketing and CEO in every single external statement"
Why would you need to do that? Ad content isn't generally a legal matter, but for those things that are, the directors are (and always have been) legally liable for the actions of employees, whether they keep tabs on the employees or not. All companies already operate under this regime and the sky has not fallen in.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
