* Posts by Bronek Kozicki

2408 posts • joined 6 Sep 2007

Blood spilled from another US high school shooting has yet to dry – and video games are already being blamed

Bronek Kozicki
Silver badge

@frank ly firearms are not banned in the UK. They are regulated. You need checks, permit, training and reason to own one. For shotguns, the sufficient reason is sport or shooting vermin. Reasons for owning a rifle are also rather relaxed. On the other hand, self-defence is not considered to be a valid reason, for any type of weapon. Also, UK does have firing ranges where one can train even without the necessary permit (subject to club membership).

Obviously, that kind of legislation severely limits the number of firearms which can be legally sold to a civilian population, which is the one and only reason why NRA would never allow it in the USA. All these lives lost in the vicious cycle of the homicides, fatal accidents and mass shootings are for one reason only: profit of weapon producers. Which is why any argument in defence of NRA and the 2nd amendment comes out as defending the indefensible, at best.

24
2

Open justice FTW! El Reg fought the law – and El Reg won

Bronek Kozicki
Silver badge
Facepalm

Re: Streisand effect in 3..2...1...

duh

4
0
Bronek Kozicki
Silver badge

Re: Streisand effect in 3..2...1...

Shame on El Reg! Huh? What for? Does one automatically become a saint, after having made millions and then shown up on a TV programme meant to show millionaires in a good light?

10
2

NASA will send tiny helicopter to Mars

Bronek Kozicki
Silver badge

Bernoulli’s Principle

You realize the myth that Bernoulli law has anything to do with flying has been busted very long time ago?

Also, RC helicopters do exceed 2000 RPM sometimes, so 3000 RPM for a helicopter this small is not that much of a feat. What is (going to be) remarkable achievement though, is a stable landing from which said helicopter can start again without human intervention.

5
0

Make masses carry their mobes, suggests wig in not-at-all-creepy speech

Bronek Kozicki
Silver badge

Re: Dear Sir Geoffrey,

... I guess anyone found to be a god will be also instantly found guilty. Because gods kill people, that's what I learned from Greek mythology.

7
0

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed

Bronek Kozicki
Silver badge

Re: Be careful about version numbers.

The article is referring to version numbers of the upstream kernel, not distributions. For the very simple reason that there is one upstream kernel and many distributions (each with its own set of patches).

1
0
Bronek Kozicki
Silver badge

Re: Most importantly...

... and does it have a logo?

9
0

Windows Notepad fixed after 33 years: Now it finally handles Unix, Mac OS line endings

Bronek Kozicki
Silver badge

Going back to my Windows programming days, I guess that the fix should be also in any application using standard Windows edit box control. Because Notepad is nothing else but an application wrapper for this control, hence the fix would be in text rendering of the control itself. Which also explains why it took Microsoft so long to fix it - they have large problem with making changes in the behaviour of existing APIs, controls etc. (which also explains why they come up with new ones so often).

2
2

Kremlin's war on Telegram sees 50 VPNs stopped at the border

Bronek Kozicki
Silver badge

OK I framed it wrong - obviously did not mean single server literally. They all rely on an easy to discover and block IP range(s) where the servers are hosted. As a workaround, Signal employs domain fronting, but they can not continue doing that.

Perhaps we need a secure chat which employs distributed peer-to-peer user directory, but then it might become vulnerable to state manipulation (and interception) simply by brute force.

2
0
Bronek Kozicki
Silver badge

Or Threema. The weak point which all of these apps have is a single central server, making it a point of attack for the authorities.

0
2

Fresh fright of data-spilling Spectre CPU design flaws haunt Intel

Bronek Kozicki
Silver badge

Re: My Dad was right

Nope, you confused Metldown with Spectre. The only check the CPU can do and is responsible for is moving the data between the rings, which is what Intel got wrong (and AMD did right). The program logic, on the other hand, is a different story. Most execution branches have nothing to do with security (data access enforcement, authorization etc.), so penalising all speculative executions in the name of robust security checks would have exactly the effect I described - much slower CPU, for little gain. The difficult task of figuring out which execution branches are related to security is (apparently new) job of the programmer, perhaps helped by the compiler, and then securing those (e.g. with a reptoline). Which is why we now have slow, steady and continuous trickle of patches in Linux kernel.

3
1
Bronek Kozicki
Silver badge

Re: My Dad was right

@Dr.Sommer Like most timing attacks, Spectre is more subtle than that. Robust safety principles directly contradict the performance goals, because in order to hide the data that the attacker should not have access to, you would have to add delays to his data accesses. Since obviously, you have no idea if the process being run at the moment is controlled by an attacker or not, this means adding delays to everything. Show me a vendor who will argue that his ware is better than the competitions because it is resistant to a fairly obscure mode of attack even though the security measure applied makes it few percents slower. Do you think they will continue selling such ware for much longer?

3
0
Bronek Kozicki
Silver badge

Re: My Dad was right

We wouldn't be in this situation if someone came up with a technology to create RAM with latency lower than 10ns, within sane power budget and fabrication cost. As the things stand, we need multiple levels of caches with very limited capacity and a significant chunk of CPU space and power is used for speculative execution, cache preloading etc. just to ensure we have full instruction pipelines and data at hand when needed. This is where the complexity is coming from.

10
3

The Rocky Planet Picture Show: NASA Mars InSight ready for launch

Bronek Kozicki
Silver badge

Re: Why from Vandenberg?

@Dave 32 my guess would that they are not sending this on the orbit around Earth ;) Depending on the direction of travel, it might be desirable NOT to include Earth's rotation for getting to Mars.

2
0

TSB's middleware nightmare: Execs grilled on Total Sh*tshow at Bank

Bronek Kozicki
Silver badge

@AC you might be onto something. Banks love presentations and UML graphs, and Java is best suited for the kind of software that can be presented as UML. It impossible to find an established bank without large Java presence in the critical systems. When Oracle finally starts charging royalty fees, banks are going to be captive users for decades to come.

2
0
Bronek Kozicki
Silver badge

Re: 'The issues we’re seeing in the system are - middleware'

"Middleware" to banks is what trucks are to a shipping company. Sadly banks execs do not know it.

13
0

We just wanna torque: Spinning transfer boffins say torque memory near

Bronek Kozicki
Silver badge

I'd like to get excited, but ...

... too little detail here and too far from off-the-shelf availability.

10
0

GitLab crawling back online after breaking its brain in two

Bronek Kozicki
Silver badge

Re: "Git is plain and simple a very impressive tool"

@AC Git is a HUGE step BACKWARD in the ways server software is written

Nope, git is not server software in the first place. If you try to use it as such, you will meet inevitable failure (unless your use case is so trivial it barely merits "server" word). That's why you need something like gitlab. It is not an omission, server part (except for the most trivial case) was not and is not in scope, by design. You are setting yourself for failure if you ever think otherwise.

7
0

That's no moon... er, that's an asteroid. And it'll be your next and final home, spacefarer

Bronek Kozicki
Silver badge

Re: Three generations of kids going "are we there yet".

If the asteroid is of reasonable size and a required structure can be built to support it, the artificial gravity (perhaps much smaller than 1g, but still) could be created by spinning it along the axis of the travel direction.

1
0

Brit bank TSB TITSUP* after long-planned transfer of customer records from Lloyds

Bronek Kozicki
Silver badge

Re: Tested how many times?

"Testing is for wimps" well yes, in order to be able to test the thing, you have to design it for testing first. Try designing something (anything !) properly, when the only thing that matters is meeting the deadlines with the ever-growing list of features. Where things such a monitoring, or testability, or control, or logging, or benchmarking are sure to have dropped down the list because the only thing the managers understand is the flow of forms, or in the best case Excel spreadsheets. And when was the last time you saw tested spreadsheet?

I am not saying this has happened here (do not have sources in TSB or Lloyds) but I have worked in banking long enough to know that competent managers are exception, not rule.

3
0

Capita reports pre-tax LOSS of £515m for 2017

Bronek Kozicki
Silver badge

is it the same CAPITA which was just handed a large government contract? Not entirely unlike Carillion, right before its demise?

9
0

SpaceX finally Falcon flings NASA's TESS into orbit

Bronek Kozicki
Silver badge

@Lee D whoever gave you lessons in trolling, ask them for a refund.

3
0

Windows Admin Center: Vulture gets claws on browser-based server admin

Bronek Kozicki
Silver badge

Re: DC

Well, AD servers own your "keys to the kingdom". It only makes sense to be careful how much of a potential exposure there is to such a machine.

3
0

Best thing about a smart toilet? You can take your mobile in without polluting it

Bronek Kozicki
Silver badge

Toilets which blow hot air...

That sounds nasty

4
0

It's April 2018, and we've had to sit on this Windows 10 Spring Creators Update headline for days

Bronek Kozicki
Silver badge

Re: GDPR rights vs MS

GDPR still has to be enforced - that's why I support NOYB

2
0

El Reg needs you – to help build an automated beer-transporting robot

Bronek Kozicki
Silver badge

Re: Flying saucer

There even is a model specifically for such purposes - cheaper than a vacuum cleaner, because it does not have the cleaning parts.

I suggest that one important hack would be to implement soft start/soft stop, as to avoid tipping of the liquid being transported. Perhaps some kind of a closed loop controller with proportional/integral/derivative calculation and sensitive acceleration sensors in two or three directions ...

2
0

Snubbed R Us: Microsoft eschews Vulture Consultants in Playmobil tech research

Bronek Kozicki
Silver badge
Pint

Thank you

For bringing back the memory of Lester Haines

(wipes small tear)

25
0

Sorry spooks: Princeton boffins reckon they can hide DNS queries

Bronek Kozicki
Silver badge
Coat

Hm, this seems like a nice potential application of blockchain

(ducks and runs)

1
0
Bronek Kozicki
Silver badge

Re: Oh Good Grief

@123

yeah right, but too many historical analogies.

1
0

They're back! 'Feds only' encryption backdoors prepped in US by Dems

Bronek Kozicki
Silver badge

Re: In light of this

CERN, perhaps - it is (nominally) in Switzerland, which has very strong privacy laws.

4
0
Bronek Kozicki
Silver badge

There is God given right to privacy

I was thinking about it yesterday, having just read some fine books by Charles Stross (the author is a bit of a geek, I suspect he might be reading the comments here).

Anyone who agrees (or employs such argument) that "if you have nothing to hide, you have nothing to fear" is totally missing the point of privacy, which is one of the fundamental human rights. It is also the one thing which stands between civilized society and police state.

I think that there are people who lack the imagination to foresee what life would be without the right to privacy, or they assume that their personal privacy would be protected, because they are "just ordinary people". But this is not how things work - once you give it up, you are no longer living in a civilized society and "normal rules" do not apply.

We may have some degree of privacy right now, but in order to keep it we have to value and protect it.

6
0

'Disappearing' data under ZFS on Linux sparks small swift tweak

Bronek Kozicki
Silver badge

Also, no actual file content goes missing - only the directory entries. It is the reason why ext filesystem has /lost+found directory, so ZFS is definitely not first to suffer this fate - except it currently does not have tools to pull the data back (no special directory). I am pretty sure that soon the tools will be made available, too.

0
2
Bronek Kozicki
Silver badge

Re: Woops!

Any software dies when it is not kept clean, not only open source. Only in the open source, the motivation to maintain clean codebase is slightly higher, because it is shame to be associated with something of very poor quality (unless it is universally used and few people look inside, for example old OpenSSL)

2
1
Bronek Kozicki
Silver badge

The bug has nothing to do with the disk being actually full. It is related to the timing of transactions and order in which file entries are created in a directory, which may lead to transient collision of hashes. Which is allowed only up to a certain limit. If exceeded, we have an error poorly reported as "disk full". The problem is that the limit should not be there.

Of course ideally, this should be covered by existing suite of regression tests. However, because the issue only occurs if the transaction cache is not flushed frequently enough, it is timing dependent. And timing-dependent tests are extremely difficult to write. Writing them in such a way as to exclude false positives and false negatives is impossible unless you enter into white-box testing which then becomes a nightmare to maintain.

29
1
Bronek Kozicki
Silver badge

Reproducer

For those using ZFS version 0.7.7, the most useful part of the discussion is reproducer script . Note, it should be run more than once.

5
1

UK.gov expected to quit controversial harvesting of schoolchildren's nationality data

Bronek Kozicki
Silver badge

@AC for the last time. Do you know how the school admission system works in the UK? The parents have to provide proof of address, and for many schools, the obligatory part of it is a copy of council tax demand. There is no way to provide that unless you are actually paying the tax. Yes, there are illegal immigrants (far fewer than you seem to think there are), but I very much doubt that they are "usually" sending their children to public schools.

17
0
Bronek Kozicki
Silver badge

So stop forcing everyone to go to school and only teach the kids who actually want to learn - the rest can go cause trouble elsewhere and stop turning our schools into danger zones of gang warfare.

and what will they do exactly, when they grow up? You cannot pretend "it does not bother me" because it definitely should. Even the most "optimistic" case that little harm is done, your taxes will be needed to maintanin rapidly growing prison population (rather than, say, health care for your older self). Unless by "elsewhere" you mean kick out of the country, in which case you do not seem to understand so many things that I have to give up.

19
0

'Extreme, unnecessary, overheated': US judge slams Oracle salvo in HPE Solaris squabble

Bronek Kozicki
Silver badge
Coat

Re: Is Oracle the next SCO

That Sun E250 of yours is not at fault, leave it alone.

29
0

Law's changed, now cough up: Uncle Sam serves Microsoft fresh warrant for Irish emails

Bronek Kozicki
Silver badge

Re: So, I had a look at the CLOUD Act...

I think American lawmakers are trying to build on the success (no, sadly this is not sarcasm) of FATCA , by simply following the model of "if you deal with US persons, you have to deal with US authorities too"

6
0

Autonomous vehicle claims are just a load of hot air… and here's why

Bronek Kozicki
Silver badge
Coat

Re: it's only tepid when the emissions test cheat device is enabled.

or when buying covfefe

3
0

Meet the open sorcerers who have vowed to make Facebook history

Bronek Kozicki
Silver badge

This would be promising

... if 1) RFC for appropriate protocols were written 2) security (authentication and encryption!) was catered for. But as the things stand, meh.

4
0

Five things you need to know about Microsoft's looming Windows 10 Spring Creators Update

Bronek Kozicki
Silver badge

Re: My personal OS is ...

oh, but they do have little Linuxes and command line. I thought that's obvious :)

2
0
Bronek Kozicki
Silver badge

My personal OS is ...

I do not run one OS, I use multiple at the same time. Which is:

Linux when I need to do actual work, running both as a hypervisor and also as a guest OS within libvirt/qemu/kvm stack. That's what I use for writing and debugging code. Also, my personal OS is Windows 10 (running always as a guest OS) for sake of these few actually good programs not related to work, which are not available on Linux, and also when my children want to play games.

9
2

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

Bronek Kozicki
Silver badge

Re: Maybe this will backfire.

On put options: the current price is $11.35 , so put option at $11.50 is "in the money". However, the price has been climbing up, from the lowest point today $11.28, so those who bought these options when the shares were cheap will not make profit, unless the price falls again. It might, or it might not - if it does then it would be not on the "strength" of the security "discovery" discussed here.

3
0
Bronek Kozicki
Silver badge

grumble grumble ...

When people find that your products suffer from meltdown, do you:

1) focus on fixing the problem, or

2) put large spectacles, wig and fake moustaches, point at a rodent passing nearby competitor's factory, and shout "oh look, squirrel!"

Credit to Torvalds for naming these guys for what they are.

6
0
Bronek Kozicki
Silver badge

Re: Closed black box firmware

Actually, IIRC Intel AMT flaws are worse, because to exploit those you do not need:

1) root access

2) any local access at all

The only unusual quality of these new AMD attacks is that they can remain under the radar for a very long time, making "evil maid attack" particularly dangerous.

14
0

18.04 beta is as good a time as any to see which Ubuntu flavour tickles your Budgie, MATE

Bronek Kozicki
Silver badge

Re: It's a pity

Actually, having multiple distros use the same desktop (MATE, in your example) means that those who maintain desktop code receive more help and input from distributions maintainers.

Do not forget these are different people with different interests. Someone with expertise writing good UX code might not feel at home maintaining a distribution but will welcome input (and vice-versa - good maintainer might not necessarily write good UX code).

Similarly, having too many people working on any single piece of code directly (rather than via trickle of contributions from distributions) brings to mind saying "too many cooks spoil the broth". You do not achieve more progress by cramming more developers on a project, so having all of these distributions work on desktop code directly (rather than making it better for their distribution) would not help make it better. More likely it would be the opposite.

5
1

China ALTERED its public vuln database to conceal spy agency tinkering – research

Bronek Kozicki
Silver badge

ok, and the surprise is ...

oh, there is none.

23
0

Rant launches Eric Raymond's next project: open-source the UPS

Bronek Kozicki
Silver badge

Re: Lack of reading skills

Not LiPO batteries. LiFEPO4 - which is a different beast. You make many good points which are probably applicable, but c'mon, confusing these two?

6
0

Mum? Dad? Can I have a 3D XPoint disk for my birthday?

Bronek Kozicki
Silver badge

Re: Don't like/trust Intel SSDs

Here is an interesting discussion on power caps in SSD. They are the reason I only buy "enterprise grade" SSD, and only after having double-checked the specs for capacitors and their function. Both Intel and Crucial make some good, enterprise-grade SSDs, but you have to make your choices wisely. I would definitely not trust OCZ, though.

3
0

Forums

Biting the hand that feeds IT © 1998–2018