And now its the other way round. Such if life...
Posts by Paul Crawford
5635 publicly visible posts • joined 15 Mar 2007
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- Next →
Accidental homicide: how VoLTE kills old style call accounting
Actually anything that marks the death-knell of "premium numbers" and stupidly over-priced foreign calls is a good thing!
It can't be beyond the wit of the telcos to have a reasonable model for data based on some monthly minimum and some reasonable extra for large amounts of data that will keep the lights on. All we need is some honesty in advertising and a regulator willing to beat them until the comply.
Temperature of Hell drops a few degrees – Microsoft emits SSH-for-Windows source code
Re: Ugh!
"a better way would be to use UTF-16 everywhere in a Windows application"
No a much better way would be some thin compatibility layer for Windows that allows UTF-8 to be used in Windows in place of UTF-16.
UTF-16 is horrible and breaks all of the native C/C++ string handling and all legacy text applications. At least UTF-8 is usable, even if you have the unpleasantness of off characters in old editors and variable length strings for a fixed number of "characters" when outside of the ASCII Latin alphabet.
GCHQ to pore over blueprints of Chinese built Brit nuke plants
Shoebox-sized satellite enters orbit packing 3Mbps radio
Also remember that the speed of development is due to simply bolting together off-the-shelf cubesat bits and not having to design for long life and no single-point-of-failure (since its so cheap, and then they don't care if it fails soon).
The long term consequences of a vast number of short-lived and then (or even by design) uncontrollable small satellites is a serious one. Really, those things should only ever be put in a very low orbit so they will de-orbit all by themselves in a couple of years at most.
US senators lean on ICANN, tell it to quit squirming and open up
If could vote, I would turf every one of the current board out and appoint a new lot. Ones more interested in the Internet's general well-being and less on their personal fiefdoms.
In addition, I would make it a rule the no board member can stay on longer than, say, 4 years, and all have to have at least some real and recent computer science background (e.g. degree) or experience (e.g. successful management of software-heavy project).
Oh, and a personal unicorn would be nice while I'm at it...
Bug-hunt turns up vuln in LibreSSL
Re: @GrumpenKraut
Thanks for reminding me of valgrind. Yes, it is not quick but it is a useful tool!
My comment about the efecne library is it has some minor performance hit on the allocation/freeing, but once you have an array it is pretty much full speed and not having to check array indexes on every access as the chip's VM unit will alert on out-of-bounds access. How much that impacts on a program depends on the relative amount of malloc'ing versus amount of array access.
Enforcing allocation
If you are using malloc & free then you can run the code using the electric fence library (or similar) that uses the system's VM manager hardware to enforce bound checking and will trigger a segmentation fault and thus a core dump for debugging the code. This has very little performance penalty and requires no code change other than linking with the efance library.
What is much more of a pain is the abuse of stack-allocated arrays as they are much more likely to lead to code injection, and often confuse the debugger if the function context (return address) gets trashed.
Anyone know of a simple way to debug that? I.e. some automated way of using an electric fence style of check on stack arrays without a massive code change?
Also it is worth noting that a number of tools like Coverity are quite pedantic about array use from a static analysis point of view and will help find such problems even before you run the code. Not always of course, but use all the tools you have...
Standards body wants standards for IoT. Vendors don't care
"lack of security for IoT deices results in a negative externality, where a cost is imposed by one party (or parties) on other parties"
OK, simple solution - make IoT vendors liable for the consequences of security breaches if any identified flaw is not automatically fixed within 30 days, maybe forcing them to have some insurance policy to cover it. That liability and/or how the premiums are calculated might just focus the idiots design and marketing minds of having a proper development, testing and support process.
What, then IoT is too expensive?
Oh dear, how sad, never mind! </Windsor Davies>
Facebook appoints self world police, promises state attack warnings
Where will storage go over the next 15 years? We rub our crystal ball
The only solution to the latency issue is to have you processing "machine" on the cloud-provider's infrastructure. At that point you surrender any security as that machine would necessarily have the key(s) to decrypt your data.
Otherwise you can use cloud for secure storage so long as it is encrypted at your end using a key not known to the storage provider, which is a good options for some situations (e.g. off-site backup).
Re: What about support?
You have a valid point, that someone has to support it.
Sadly, often the paid-for support is only a little better than what a popular (e.g. FreeNAS) forum has. I'm guessing you can also get paid support for open source solutions like FreeNAS, so its not an either-or option.
Can we have a straw poll on which major storage vendors really provide good support?
@Roj Blake
Do I put my data on public-facing networks?
Am I subject to USA data snooping laws? Would I know if I was subpoenaed?
If I run out of short-term cash will I delete my own data?
Also money is, like AC power, or water, etc, interchangeable. The numeric value of my balance is not something that would be of special advantage for industrial espionage.
Electricity is a basic commodity, it has no real unique characteristics. Just 230V +/- 10%, 50Hz, (mostly) sine wave here in Europe.
My data is unique which is why it is so much more valuable. Do I trust others to look after it? No!
Sure, I might use a cloud provider to store an encrypted backup, but then if they bugger me around I still have the original, and they don't have access to whore me from advertiser (or TLA) to advertiser. Going cloudy might suit small businesses that have no tech support and limited requirements (say just email & dropbox share) but if you have big demands the cost of the "cloud", and the bandwidth needed to work with, it becomes uneconomical even before we get to data sovereignty.
Will stock market swipe right on Tinder? Match Group files bid to IPO
Big Blue lets Chinese government eyeball source code – report
Re: Not enough
It is a fair point, that with several MLOC and a closed environment for a few dozen folk to review the code, you have very little chance of finding anything.
If, and that is a hypothetical "if", the TLA have had backdoors planted you can be damn sure they are not so dumb as to have obvious code and matching comments to draw attention to it. Most likely it would be some apparent 'typo' that allows an exploit to be deliverer, or it would be some obscure cryptographic flaw (or blind use of closed hardware support) that makes it easy for them and hard for others to exploit.
Job alert: Is this the toughest sysadmin role on Earth? And are you badass enough to do it?
Re: Wot No Huskies?
At the BAS base at Rothera they have photos of the various dog teams and some letters about what happened to the last set when they went back (I think to Canada) to live out their lives. Most did not live long, probably due to a lack of immunity to diseases on the mainland, but at least they were treated well. Still fondly remembered by the older hands.
Self-driving vehicles might be autonomous but insurance pay-outs probably won't be
So just what is the third Great Invention of all time?
Re: Measurement
+100 for this. Not only the standardised units, but the idea of standard parts (like Whitworth's screw threads) and the resulting interchangeability that led to mass production and, in many ways, the latter part of the industrial revolution and all those affordable gadgets we take for granted (you know pipes and taps for clean water, cookers, etc,).
Radio wave gun zaps drones out of the sky – and it's perfectly legal*
It unlikely, unless some moron of a designer makes it dependant on having a signal.
Firstly you can disrupt RF comms at levels way below those needed to actually damage electronics, and secondly most body implants have the benefit of flesh around them which works as a useful attenuator at the sort of frequencies these things work at.
Still, if you need any medical electronics to live, best not to play with an ESD simulator or similar...
Fixing Windows 10: New build tweaks Edge, sucks in Skype
Re: "...huge A3 CAD drawing..."
Yup, some years ago I had to shrink some schematics down to fit A3 and it was only just readable. Now I try to fit on A3 pages and split up the design, which sounds obvious, but then with some packages you don't get that much on an A3 page at normal symbol size :(
No change in US law, no data transfer deals – German state DPA
Volvo to 'accept full liability' for crashes with its driverless cars
Re: What ifs
EVERY article ever written on El Reg about driverless cars, someone in the forum pops up with "who's going to pay for it if/when they crash"
I do. And now we have a car company saying quite unambiguously that they accept the blame for faults in their car design or manufacture, and that is a great step forward (subject to getting country laws to accepts such a thing).
As other commentards have pointed out, an autonomous car will almost certainly out-brake a human driver in any obvious impact scenario. Though how well they will deal with odd cases, loss of communications (doh! stupid idea...) and anticipation of kids, etc, playing at the roadside is another more difficult question to be answered.
Finally, can we please have proper audits and standards for car software? It is shitty enough we have cars recalled due to potential hacking via in-car entertainment (e.g. Jeep) and not shutting off (e.g. Ford) but having full control of all aspects of the vehicle offers far more opportunities for a BSOD than so far (e.g. Toyota's "unintended acceleration").
Google's .bro file format changed to .br after gender bother
Vodafone joins calls to pry Openreach from BT's hands
Virgin (no longer owned by the beardy one) bought over past telcos coax networks, they have laid very little since.
It costs real money to do so, and there is not profit in that when there is no universal obligation on them to do so (and bugger-all for openreach putting in fibre outside of VM's areas).
Now even EUROPE is slapping down ICANN in internet power struggle
ICANN: Just give us the keys to the internet – or the web will disintegrate
4K catches fire with OTT streamers, while broadcasters burn
Porsche-gate: Android Auto isn't slurping tons of engine data, claims Google – but questions remain
Re: All cars have split CAN buses
That sounds sensible. But what happened with Jeep's hacking via entertainment system? Seems someone was not thinking security through at all.
As I have commentarded before, its time that in-car hardware and software was audited for this sort of thing and the results published ncap-style so you can choose to avoid dumb/misled designer's results.
EU desperately pushes just-as-dodgy safe harbour alternatives
Phone thieves to face harsher penalties for data theft
Re: Irreplaceable photographs
The only way this law makes sense is if the criminal then goes on to use/abuse the phone's data.
If your phone is nicked that’s not good, but if there is no violence/injury its only a phone. If you have irreplaceable data on the phone that is valuable then you should not deserve any more compensation (or the scrote any more punishment). After all it could easily fail or be wiped by some botched upgrade and you would get bugger-all back from the EULA even if it were generally dismissed by a court.
Surface Book: Microsoft to turn unsuccessful tab into unsuccessful laptop
Edward Snowden denies making a deal with the Russian secret service
Re: Interesting comments here
Oh I don't know, Europe has plenty of trolls, and not just under Scandinavian bridges doing a bit of goat-bothering.
Just put up something with a political or religious slant and they come out of the woodwork. Logic and reason are not required, in fact, really take away from a good rant.
What is money? A rabid free marketeer puts his foot in lots of notes
Re: Gold Standard
Sensibly used fiat money allows for better management of the economy as Tim points out, but if gov are stupid then gold is a buffer to stop that.
So what is best? Maybe if we stopped any index-linking of politicians pensions, or better still linked them to the economy as a whole, we would see a bit more prudence...
Ten years on: Ronnie Barker, Pismonouncers Unanimous founder, remembered
Ex-Autonomy CEO Mike Lynch sues HP for $150m+
You lucky devs: It's Microsoft Office 2016 ... and VBA lives on
FATTIES have most SUCCESS with opposite SEX! Have some pies and SCORE
Tear teardown down, roars Apple: iFixit app yanked from store
Arabic-speaking cyberspies targeting BOFHs with crude but effective attacks
Diskicide – the death of disk
Re: "post-dedupe"
As soon as folk start talking about compression or de-dupe, they are up to something, and that something is usually a lie.
Compare RAID-protected capacity & cost. Note the IOPS difference, then decide.
Not all work loads benefit from compression or de-dupe to make the extra CPU load and/or RAM usage worthwhile, so leave that to the customer to see if there is some advantage.
Will IT support please come to the ward immediately. Weeeee have a tricky problem
Get on with it! Uncle Sam's right-hand man schools ICANN powwow
Re: Unprofessional. Irresponsible.
Yes - probably best option is to nuke it from orbit.
Start again, new board, rules that stop them plying silly buggers, and if they are OK in a years time then job done. After all, most of the Internet would function perfectly well without ICANN, certainly for the time it takes to wipe and re-install.
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- Next →