4611 posts • joined 9 Mar 2007
Well, yes, but...
imagine the manufacturer closes the first bug. If you used the second bug to get a normal account, you can still use that account.
"It's nothing to do with drivers, an ARM server will have drivers for the hardware fitted in it, and it's rare that a server will have anything else installed into it that would require drivers."
That means you'll be limited to the kernel versions the manufacturer supports, which means that you'll have you typical "Smartphone" situation where you need manufacturer support to get updates.
"The bigger problem that has held ARM back in data centre is about drivers"
Yes and that's actually the main advantage of "x86" these days. With "x86" you have the "IBM-PC" a well defined hardware platform which allows you to boot your OS and ennumerate the hardware and talk to screen and keyboard in a rudimentary way without any special drivers. For many applications you can "port" an image designed for a server from one vendor to another one just by swapping the disk.
Re: Welcome to the real world, MS
Well NAT64/DNS64 is just as broken as IPv4 NAT, but people have not yet adapted to it.
Re: Why do we need IPv6
"IPv4 at least makes it hard for them to call their maker and very hard for their maker to cold call them. I think that's good, not bad."
Yes, but that's largely irrelevant as they'll simply connect to their makers or try their best to circumvent NAT. After all virtually all of those IP-Cameras joining botnets were behind NAT.
BTW consumer routers with IPv6 support will still block unconfigured connections coming from the outside.
One should note that we had bigger transitions
I mean IPv4 and IPv6 are different networks, but they share the same infrastructure.
On the other hand, we have successfully transitioned from ISDN to IPv4. There used to be a time when sending a file meant to dial up a Fritz!Data or Eurofile server and transfer the file that way.
And yes, some people still use ISDN data calls, and of course phone calls, but that's such a tiny fraction that we went from tunneling IPv4 over ISDN to tunneling ISDN over IPv4.
We are currently in a similar transition with IPv6. We used to tunnel IPv6 over IPv4, but more and more ISPs now tunnel IPv4 over IPv6, since they need to spend money on NAT for IPv4 anyhow.
Does that mean they'll bring out an IPv6 stack for Windows?
Or do they have a NetBIOS share with Trumped Winsock for IPv6?
Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help
Re: Code reviews are for
An interresting question here would be if we should have "anonymous" code reviews. Under such a CoC people could complain about being treated unfairly if they code gets a really bad review.
Re: Linux has become too big
Well yes, but Linux being big, in terms of LoC is one of the reason we need a good gatekeeper.
Every line of code is dangerous. Therefore we need to weigh the benefits against the problems. Inexperienced programmers often underestimate the problems and overestimate the benefits of new code.
It's in a way like in a surgery room, you don't want to many unqualified people in there.
Although treating each other well is a great thing to do, CoCs have been abused over and over again both with and without intention.
We need strong gatekeepers to the Linux kernel, because bugs in it can habe terrible consequences. Considering we currently have an oversupply of people who want to program in "Open Source" projects with most of them not yet being good enough for kernel code, we already see a presure of bad code getting into the kernel.
Well the problems mostly lie within the Web and IPv4
The Web has grown from a moderately good idea to something which had every feature abused in terrible ways and lots of new terrible features added.
And with now most users being behind NAT, that keeps them from having their own websites without having to invest in hosting.
Doesn't the BBC use Syncopatico?
I think I've heard about that on one of their documentaries.
Re: Physical Access
"Maybe not - but if they can reflash the firmware, they can put in a keylogger or whatever trojan nonsense they want."
Now "Secure" Boot proponents will tell you that "Secure" Boot saves you from that. However there is a simple workaround to that. Company notebooks typically are from a narrow range of devices easily obtained by any attacker:
Just get the same model, install some form of software mimicking a system booting up then asking for a password and displaying a "wrong password" screen while sending the password off to you.
Then you use some social engineering and secretly swap the laptops. Claim to be from another branch of the same company and leave your business card with your mobile phone number.
Once the victim enters the password, you have it and can unlock the computer. Eventually the victim will suspect there having been a mixup and call you to swap them back.
It's sad to see that so far no model could fully improve on the X200
I mean, sure the X250 is said to have a larger battery capacity and you can apparently swap the external one while it's running on the internal one.
However there are some models like the X240 or this X280 trainwreck which just lack essential features people desperately need, like the middle trackpoint button or Ethernet. I wonder how those decisions got made.
Re: W. T. F. ?
And no easy to replace battery. I mean the X250 has the nifty concept of 2 batteries, one internal one (which you need a screwdriver and a quiet place to replace) and one you can replace on the go.
Re: And what is 5G?
Well the objective can't be speed, as that can already be achieved with LTE. LTE also allows for low processing power nodes for applications like IoT, or for new modulation schemes to be added, or beam forming, or macro-diversity and the like. That's why it's called Long Term Evolution.
5G is so far, mostly about redefining every protocol to be tunneled though HTTP without actually having any new desirable features.
I fail to see what's so special about this
I mean we all have been in situations where spending a few Euros would have saved the company hundreds or thousands of Euros, but those few Euros were to expensive or the procurement processes were to slow.
Not really a failure
He did exactly what he was put into Nokia for, lowering the company value so it would be easier to buy.
Maybe Microsoft wanted to have a company to build their Windows phones, maybe they were afraid of Meego, which received virtually no ad money or device support and yet outsold Windows phones by far.
Re: Of course it's not
And then of course, other attackers will get the keys from the attackers who were in the position to demand them from Supermicro.
Of course it's not
I mean attackers will just demand those keys from Supermicro in order to get their malware running.
Re: The layers keep piling up
Some people don't understand that if you just hide complexity it doesn't get away, and that complexity always incurrs technical debt which you'll have to pay eventually.
Actually that name is still widely in use
Imagine a socker ball, then look at this Wikipedia page:
I never quite understood why one would get a bundle
I mean apparently carriers don't even replace it if it breaks, so in effect you are paying nearly normal price for a limited selection of nearly identical devices. If you are unlucky, you get locked devices which are completely unneccesary work.
I mean there used to be good offers, like the ones from the (now defuct) German carrier QUAM. They offered you a 24 month contract with 10 DM minimal fee. For that you got a "free" mobile, plus 240 DM in debit. So most people simply went there, got a contract, quit it immediately and therefore paid nothing, but walked away with an unlocked mobile phone.
Modern chip making processes are heavily guarded secrets. However what can be done in principle is simpler processes with larger structures.
The problem with this is that you cannot spend as many transistors as you do now. However in theory this could be compensated by better and simpler software. The things that _actually_ take lots of power could still be done in non-free components which are heavily isolated from the rest of the system.
Re: What we would actually need...
Well actually there are some points to that.
First of all, yes you can modify a processor, however that's going to be _really_ hard as you are at an extremely low level. You are at a gate level and try to find out where, in unknown future revisions of the software, you have to do something in order to achieve your goal... while still conforming to the published specs which are very tight. The examples shown in academic paper assume known code which makes it far easier.
So if I was a government I'd go the route via some sort of "security enclave", essentially a separate system hidden from the rest of the system that can run software that patches future unknown code. That's far more realistic to pull off.
BTW you can actually buy processors which are so tightly speced and so simple in construction that you can make reasonably sure there were no malevolent actors involved. The 6502, the Z80 or the ATMega microcontrollers are prime examples for this. So if you can live with a small 8-Bit system, you can be reasonably sure it'll be safe.
What we would actually need...
...would be standards for on chip peripherals, so you will have a standard way of accessing external storage like harddisks or flash. Essentially what we'd need is an "IBM-PC", a well defined set of hardware devices which allow simple porting of operating systems.
It's like on the PC, if you don't have a special graphics card driver, you can still use VGA or VESA as standards to get enough on the screen to be able to debug your OS. Or USB-interfaces, there are only very few ways to interface with USB controllers.
Nobody has ever done anything positive with those things and usually they turn out to be _huge_ security problems as they often have elevated rights and the one who paid for the hardware has no control over what code it runs.
Re: That's kinda the minimalist solution
Well the problem is that currently JS-libraries are loaded from their domains which means that those servers will have detailed access logs.
If the libraries came with the browser by default, you could save those http-requests.
That's kinda the minimalist solution
It's apparently a list of "known bad" servers it won't talk to.
If you have to much data...
... maybe you should collect _less_ data and tell your marketing department about it. Sure you'll have less data, but collecting less data gives you an edge over your competitors.
BTW, it's not like you can legally collect data in Europe without knowing what to do with them.
Intel sueing in 3... 2... 1...
I mean Intel and AMD have patents on their instruction set architecture.
Of course they could just emulate >15 year old CPUs which would fit the usecase of most coorporate Windows machines very well. After all few Windows-only Software actually uses anything that came out after 2000.
Well we are talking about intellects comparable to...
mentaly disabled children. "AIs" are simple machine learning and therefore not very smart.
Now while people usually have reservations against tricking mentaly disabled children, they do not have such reservations against machines. Tricking machines is fair game. In fact it's common for people to hit machines or rub coins on them, scratching their surface just because they believe this will teach them a lesson.
Same goes for complex "Code of Conducts". They are essentially just an invitation to trick them by finding loopholes and be as bad as annoying as you can be while still staying within the limits of the CoC. It's much better to handle conflicts on a case by case basis when they occur.
Well back in the 1990s...
... designers could just use some graphic piece of software to lay out their forms however they want them to be.
To contrast that to 1968
I mean handwriting recognition is not _that_ new.
Re: No, it's easy to exploit.
"If you want to do USB debugging you need to open up the case."
Well for stationary computers, you can easily have physical security, the problem is with laptops.
Re: No, it's easy to exploit.
Well the point is you can put tamper evident seals on all the screws, putting a tamper evident seal on the USB-ports is much harder as you might have to use them.
Re: No, it's easy to exploit.
"The reason it's no longer very serious is that a patch is available."
Wait, there is a patch available turning off debugging via USB?
"4K" kinda probably not going to need that much data
I mean, yes higher Ethernet speeds will most likely be needed, even if it just means that your datacenter can be packet more efficiently over time. If you can replace 4 servers with each having a 10G connection with one with a single 40G that will mean you can do much higher densities.
However "4K" is just another video resolution. Since the advent of block based video codecs the resulting bitrate does not grow linearly with the number of pixels you want to transmit. You can see that with typical TV transmissions. HDTV roughly requires 4 times as many pixels per second than SD, however while SD typically runs at 4-10 Mbps, HD rarely is done at more than 13 Mbps on TV. It's just that there is not that much more relevant information in the picture to be encoded. "4K" will likely continue the trend and I'm guessing it'll be transmitted at around 15-20 Mbps. Better codecs will help with that, too.
So in short there are probably many reasons for 400Gpbs, but 4K probably won't really be among them.
I call prior art
I think it's been done in a recently published book named "Quality Land" by Marc-Uwe Kling.
What's actually more interresting is how those early text modes worked
There are several books by Don Lancaster detailing about early computer video generation.
"One that aims to share infrastructure rather than duplicating it."
The expensive infrastructure (buildings) are already shared. It's rare to find a site where you only have one. In fact usually they even use the same antennas.
Re: "number portability"
In Germany htere's a maximum amount of money carriers can charge to port the number. I think it's 20 Euros. However the new carrier typically will give you a rebate of 20 Euros when you port an old number to it.
That won't work
Of course your provider could put your IMSI (Subscriber ID) into their database, however to be able to exchange data, they also need the key of your SIM. Sharing that data with other companies is a huge security risk. Not only would people be able to make calls on your bills, they would also be able to decrypt all the data that is exchanged via the radio interface. There is only one carrier I know of, which will give you the key to their SIM and that's "Eventphone". They don't offer service to mere mortals.
Instead many countries have something called "number portability", a partially manual process in which you can move your number from one carrier to another one with little effort.
Re: C++ - the ultimate outdated and insecure tool
Perhaps to use an image.
C is like a room with a white floor and dark holes in it. Yes the holes are dangerous as you can fall into them, but with a bit of experience you can see them and take propper measures.
C++ is like the same room, but with a layer of carpet applied. The holes are still there, and you can still fall in, but seing them is somewhat more difficult.
Other languages use different ways to solve the problem which could perhaps be seen as flooding the whole room with water (so you can swim) or filling the holes with concrete (so you can't fall in, but also not reach the walls of the holes). They all have their advantages and disadvantages.
Re: C++ - the ultimate outdated and insecure tool
Well C++ has the problem of being so complex nobody can understand it with the problem of making it easy to shoot yourself into the foot.
C, on the other hand, actually is simple enough so you can understand what you are doing. So with C you have a chance of writing correct software if you are _really_ careful and have good experience in at least one assembler.
Considering the details of the PDF format, with it's many weird complexities, there aren't many high level languages that could deal with it in a sane way. After all PDF allows you to wrap all kinds of data in all kinds of formats. A text can be encoded as lossless JPEG2000 wrapped in Base64 wrapped in "gzip". It never was designed to be parsed with a proper parser.
"hundreds of millions of customers"
I didn't even know there were even that many ad companies.
A microwave link to populated areas?
I mean I can understand using a microwave link to connect a lonely hut somewhere on a mountain, but seriously if you have more than 10 people you're likely to run into capacity problems with microwave links, let alone reliability issues.
Well in Germany...
...there are lobbyists to be fought.
There should be limits on the limitations of software licenses...
... particulary when said software can _only_ be used with hardware you have previously bought.
I mean it's not like some other company is going to build a microcode compatible CPU without Intel suing them into the ground.