Posts by Henry Wertz 1

OpenOffice compatibility and cloud services

"The data in those documents needs to be liberated and ODF is seen as the way to do this – modern-day editions of Office also support ODF. Just don’t expect to install open-source OpenOffice on the desktop and open your old Microsoft Office docs. It won’t work – many documents won’t display properly"

Must call BS on this one. I have not heard of anyone having a problem with *many* documents not displaying properly. Don't get me wrong, some found the few documents they had not display properly were absolutely mission-critical; but this is by no means some widespread issue. And, I would venture, neither are macros.

Secondly.. if it were my gov't doing this, I would find it absolutely irresponsible for them to knowingly spend much more overall for a software subscription to save a bit up front. But, not surprsing, gov'ts love to "kick the can down the curb" when it comes to spending even if they know it's going to screw them later.

Physical separation

To me, physical separation is the best way to go. Don't get me wrong, the rest is also important, but these systems should usually be totally separated.

If you have to connect them, very restrictive firewall. Remote diagnostics? Read-only access to the engine parameters. Some auto park system or whatever that requires "write" capability to steer or break? The firewall should allow only traffic from the CPU responsible for auto-park, and only the type of traffic the auto-park system actually uses. Most current exploits involve unusual traffic types, coming from ports and devices the traffic would normally never come from. Oh and do make sure the firewall is secure, obviously it is not useful if an attacker can just change firewall rules then pass their traffic through.

Yeah basically...

"Do I understand this correctly? Rimini provide some kind of oracle managed service but think that they can use other peoples licenses?"

Yeah basically... it looks like a customer would already be running Oracle; they didn't want to spend the big bucks on running it on their own hardware. So, Rimini would copy this software onto a system on their end instead.

So, first off, not "IP theft" in any sense of the words. Remini and their clients in a few cases exceeded the letter of their license terms. But they were not exceeding the "spirit"; they weren't exceeding number of users, or running excess copies of Oracle, or exceeding licensed hardware limits, or using the copy of Oracle licensed to one client to serve other clients, or really anything that should be any of Oracle's concern. But (just like Microsoft) Oracle has some extra-special clauses in their licenses which Rimini and some of their clients were violating.

Surprised he got off so light

I'm surprised he got off so light. I don't think he should get hard prison times and crippling fines, but I could get $1000 fine off a couple speeding tickets (well, not in my state...), I would think intentionally crashing a companies' stock price* would warrant a *little* more than that.

*Well, crashing it through false information. Crashing it through true information should be fair game so long as you're not shorting their stock at the time.

Ugh.

Pop-ups are of course the most evil advertising ever invented; since the pop-up is actually not held within the page in any way, one can sometimes not even know which web page to blame for forcing pop-ups. May Zuckerman burn in hell for even thinking it was a good idea to use them.

Tablet sales

I'm interested to see total tablet sales. Fondleslabs and sales of expensive tablet sales are dropping? No kidding. I can get a quad-core Android tablet at a local store for $50 (I knew they were possible to find tablets that cheap by special ordering from China but I didn't expect to find them locally). Other stores locally have them marked up to more like $80 or $90. I'm sure people are thinking twice about spending $150+ (up to $500+) on a tablet when they can get a nicely spec'ed one under $100.

Usury laws?

We have the same thing here in the US... It's weird. I know there are usury laws (in Iowa these cap interest AFAIK at 29.99%... pretty bad still but yeah.) But payday loan places routinely end up with rates that amount to 300-400% APR (if not higher.) It's pretty dumb for anyone to go for a payday loan but these rates really are quite predatory, a lot of these people would not have trouble repaying even at the 29.99% rate and they simply don't realize how badly that 25% (or whatever) per month builds up.

ipv6-literal.net not reserved.

" For this purpose, Microsoft registered and reserved the second-level domain ipv6-literal.net on the Internet."

Apparently not! Windows is just hard-wired to handle ipv6-literal.net addresses specially. The actual ipv6-literal.net domain is just owned by some kind of cybersquatter, in a browser for instance it goes to one of those generic pages with ads with "IPv6" in the titles.

My guess?

My guess? Rolled out newer DB software. It corrupted something. On rolling out older DB software, DB still corrupted so it didn't come back up properly. Restored DB from backup and (possibly) brought backup up to date using transaction logs.

Obviously for reliability for a "cloud" DB, it should have been possible to upgrade a small portion of the DB machines (perhaps just 1 machine at first), and see it fail, without really impacting service since the rest would be running the old DB software.

I'm surprised

Is it a surprise that Sonos would no longer develop the app for older phones? No. Support it (i.e. provide tech support?) Maybe not (but I'd assume they'd have any bugs worked out by now for ios 4 and 5 so it might not matter). But I'm surprised they'd simply be cut off; I would have assumed they would run some audio protocol (even if proprietary), and have it stabilized enough by now to not make non-backwards-compatible changes.

Not even 3G? Wow.

Not even 3G? I'm just surprised, some networks already are going 3G-only.

3 of course was built out 3G-only; AT&T has areas where they had to turn off all GSM to run one 3G channel, so they did (in those areas); some of the Canadian carriers went directly from CDMA+EVDO to "GSM path", but to HSPA (no GSM whatsoever.) US and Canada use different bands but excluding those I would hope for 1800/1900 GSM+3G and 2100 3G.

Otherwise, having a phone that plays music and makes calls for a low price, it's not glamorous but it should sell phones.

Well..

Well, I have an unlimited plan. Here's the info I've gathered on all this...

1) VZW does give an actual number. The say "top 5%" cutoff is currently 4.7GB. They don't specify the throttle speed because they don't have one.... these users will not be throttled to xKB/second on busy sites, they plan to allocate them some percentage of the channel while everyone else gets the rest, so the speed would vary depending on how many throttled users were on the site. Once this kicks in people will I suppose report real-world speeds from this.

2) People were thinking the FCC's objection is due to specifically rules on the 700mhz C block that Verizon bought (introduced by Google) barring discriminatory network practices. However, this seems to really bar throttling *specific* services (i.e. if they were throttling streaming video or whatever) rather than barring throttling based on total useage. Now it seems (just in the last day or so) that the FCC is leaning on Sprint, T-Mobile, and AT&T about throttling practices as well, though, so this may not even be related to the C block provisions.

3) Personally I don't see the big problem. I'm paying $30/month for unlimited. VZW has a "promotional" 6GB for $30 ($5/GB) to try to get people off unlimited. Most plans running $7.50 to $10/GB, with the minimum being $30 for 2GB (nothing less available for someone who just wants to use wifi), plus about $40-50 of voice/text costs for unlimited voice and text (they don't give you a choice of getting less any more). Oh, ranging up to apparently 30GB for $300 or 50GB for $375 (plus voice plan). Ouch. I just don't see the issue of people paying this kind of price for each and every GB getting a little priority over someone like me grandfathered into a low flat rate.

Hah

You hack me? Hah I reverse hack you back. I take yo' photo.

"maybe less than stellar CPUs in Russia, could lead to advances in computer science instead"

Well, I do remember in the 1990s using a DOS disk cache that a Russian gentleman wrote. This sucker even did elevator sorting. Man Windows 95'd start in less than 10 seconds with that cache on (versus about 40 seconds with it off.) But, the CD-ROM locked it solid with this cache on so I had to take it off. Oh well. Linux got elevator sort a few years later, so I guess I have them back now 8-)

Anyway, I think ARMs could work pretty well for desktops and servers. There are tasks where they are long-running and don't parallelize, you want a core as fast as possible for this. However, as long as a single core is fast enough so a desktop or server app is not sluggish, adding more cores or making each core much faster are equivalent in terms of adding more total processing power. Those ARMs could have plenty of cores and still save serious power in servers and portable PCs (and of course desktops but people don't worry about that as much.)

Also Samsung

My older Samsung Stratosphere had a Samsung LTE chip, and a Via (CDMA/EVDO) 3G chip. Surprisingly no Qualcomm whatsoever. The Stratosphere 2 I have now uses a Qualcomm chip.

Here's what Qualcomm do -- they do heavy amounts of R&D to develop the newest features for their next chipsets, and they patent any new techniques they come up with. They will license these patents out to anyone (and apparently it's "all or nothing" so they aren't holding back on the good stuff...), but the cumulative R&D costs of actually implementing your own chip must be pretty high because very few vendors have implemented their own chipsets, and those that do seem to go back to Qualcomm chips. I think by market share they could easily be considered a monopolist, but I think they are a natural monopoly and are not anticompetitive at all.

Interesting

I think this is a good way to find out just what features customers and potential customers want, and which features might look good to the dev team but nobody end user will actually use.

IPV6 though...

The article (and ad) reference adding support for new (IPV6 I think) multicast protocols, and for speeding up and stabilizing IPV6. I don't think they're comparing FreeBSD and Linux for opening up a socket and dumping max MB/s (I think both kernels can use a sendfile() style call to read a file off disk straight into an ethernet device memory buffer so you can't get much faster than that...), but rather performance of the IPV6-specific stuff itself.

Surprisingly sohpisticated

This really is a surprisingly sophisticated attack. Even if your "cloud" on Amazon or whever appears to all be on a single LAN, using ssh, ssl, etc. ubiquitously really is a good idea these days.

A bit disingenuous?

"While that may sound harsh, it's actually generous."

It actually sounds a bit disingenous to have Java as the ONLY thing on the list; what about insecure Flash versions, old/insecure Silverlight versions, those ActiveX Office plugins of various types, and a slew of other ActiveX with serious security problems? But *shrug*, anyway, it's true they at least are not blocking current version.

They haven't learned, no.

As others said, betamax... DAT, Minidisc, ATRAC over MP3. They keep thinking, like "Oh, if we come up with something good but keep strict control we can have 100% of the market!!!!" on things like this, and forget the part of the economics course about demand curves where if an "inferior" good is available much less expensively, many customers will choose that good instead.

And those computers! Man, I've seen a few Sony notebooks and they were all VERY weird. Weird BIOSes, hardware that was non-standard just to be non-standard. You know, I saw one with a fingerprint reader, with a chip fairly well supported on a variety of OSes. But, instead of Sony just supplying some software on their Windows install to make the chip useful, they had flashed in Sony-proprietary firmware that completely changed the chip's behavior so it'd ONLY work with their software.

Maybe for IE?

I'm wondering if maybe they will release the IE patches (that are common to IE on XP and Vista/7) but just not work on any others?

200,000 downloads?

200,000 1TB downloads? Damn, that's a lot of data.

Refunds?

I'm just not seeing the problem here -- I am a tad dubious that bitcoin transcations in brick and mortar stores will become popular, but in terms of refunds, wouldn't one just get the refund in (since you are in Britain) British pounds? Or perhaps a store credit?

Yes, thanks Apple!

No seriously, thanks. I'm no Apple fan, but if I wipe a device I don't expect someone to be able to poke around the phone for 30 seconds and recover my data. Apple's device behavior is therefore correct.

Cost?

I'd say "cost". The ARM systems will use less power, generate less heat, and so cost less to run per work unit. They may cost less to build as well. Amazon could offer a slightly lower price for instances where one lets it be placed on any CPU, and higher rate if you insist on a particular CPU type.

A good argument against auto-update?

This seems like it might be a good argument against auto-update... I'm not going to hate on the new UI without using it (although I prefer Firefox's layout to Chrome....). I'm sure I'm going to update my gentoo and Ubuntu systems very soon and end up with Firefox 29, but it's always a rude surprise when you didn't even do an update (because it was automatic), you come in to start up your software and everything's a bit different.

Yeah no kidding...

Yeah, the 2012 interface uses .NET, so .NET has to be installed. That does raise the question though, since Microsoft does say that there may be situations where .NET must be removed, is 2012 Server in fact useable sans GUI?

As for legal issues... well, the previous bundling was a pretty different situation. They were claiming software was inseperable that simply wasn't, using their position in the OS market to take out competition in other markets. In this case, Powershell relies on .NET, and I think the admin utilities rely on Powershell, it really is all pretty inseperable.

"C) So it sounds like the real problem is the willingness of these companies to offer a quality pay packages and invest in employee training."

I just posted, but this sums up what I was trying to get at much more succinctly; places don't seem to want to invest in employee training, and instead seem to think they can find applicants that will not need any training.

I hope this doesn't get embarrasing...

I do hope this doesn't get embarrsing -- as in, LibreSSL introducing security bugs and flaws that OpenSSL did not have. I was actually NOT expecting flaws like AC @ post #2 found (failing to check for success of malloc), I assumed OpenBSD code practices would require careful checking throughout. But, I *would* expect possibly missing a higher-level sanity check or two when they start moving and removing chunky chunks of code.

NSA and Rice

Re: The NSA. I don't see how (theoretically) finding out the NSA knew about Heartbleed for a while (or years) would effect security researchers' view of them in any way whatsoever. It's widely known now (post-Snowden) and widely assumed (pre-Snowden) that the NSA searches for security vulnerabilities -- and not to go tell the world about them. They are after all a spy agency who favors electronic surveillance. I would expect all spy agencies of this type have some people going out looking for 0-day exploits.

Re: Rice. She was part of a pretty bad administration. Cheney and Rumsfeld in particular really had that supervillain vibe going. But she dealt almost exclusively with foreign relations. Meaning it doesn't make a lot of sense for her to be on Dropbox's board. But, she's not one of those people who spoke out for destroying constitutional rights* and having widespread spying like Bush, Cheney, and Rumsfeld did ("Total Informational Awareness", anyone?) and like Obama currently does (defending the NSA's illegal programs, and parroting the NSA line on topics even when that line has been proven false, hoping if he repeats these false statements enough the public will believe them.)

*Other than supporting the CIA's illegal "enhanced" interrogations of terrorist suspects.

Indeed a decent solution.

Indeed a decent solution; I have a Win7 and WinXP virtual machine. With snapshots, if a software install blows up, or an update causes a problem, or you managed to get virus or spyware (I don't use IE even on a Windows system so I haven't had that problem...) then you can roll back to your snapshot. Store your documents on a "shared drive" outside the VM and you don't have to worry about losing files in case you roll back to the snapshot. And don't use the browser inside the VM (or, alternately, have a VM just for browsing that you reset at the end of each use.) This truly keeps Windows in it's place. I'm using Ubuntu (with Unity booted off in favor of the "traditional" desktop) as my host and it's great. But a VM is a VM, you can do it just as well under Windows 8.

No kidding...

Honestly, no kidding. Can this really be a surprise? I know the result is legitimate but they are after all exploiting a flaw to return 64KB of unauthorized data in the reply.

Do I expect people running security vulnerability scans against world & dog to be prosecuted? Nope. Do I expect most people (including site owners) to even care? No (since it's not a targeted attack but a internet-wide scan... oh and since the ones actually being penetrated are already those who don't keep up on security 8-).

Bad analogy time... I wouldn't expect directly testing these vulnerabilities in the wild (as opposed to just checking the OpenSSL version in the connect string) to be legal any more than I would expect it to be legal to go up an down the street popping people's car doors open and testing the car alarms (as opposed to just gettng the year, make, and model and looking up if they came with a good factory lock and alarm or not). Both can provide useful info -- it'd be a wakeup call to see "x% of cars weren't even locked, y% could be picked in under 30 seconds, and z% did not have an alarm even go off", just as it's useful to know "x% of OpenSSL servers have this vulnerability still." But nevertheless I don't expect it to be made legal.

Yeah...

Yeah, when I log into VZW (Verizon Wireless') web site, I get ads just *begging* me to downgrade from an Android phone to an IPhone (and of course, give up my grandfathered unlimited data plan while I'm at it.) I think it's bad form to ignore your customers' preferences.

On the other hand, Blackberry cutting off a source of revenue seems like a dumb move. (Particularly seeing how angry the BB customers got over this dumb move of T-Mobiles...they *were* loyal customers. Emphasis on the were... the other US cell cos current data plans are a downright scam compared to T-Mobile's (they charge about double the price for data plans, and then charge cash overages instead of just throttling your speed if you go over your cap like T-Mo does), I can't see BB users who already deal with T-Mo's smaller coverage deciding now "Oh, I want to pay double to keep using a BB."

track record

"Look at that track record – when people are worried about what we will do with Sun hardware and MySQL. We have a bit of a track record."

Oracle *does* have a track record with purchased product lines -- make sure to get license fees whenever and wherever possible, and eliminate support options that are not through Oracle (for a fee of course.)

I'd guess none

"More interesting is the question just how much source code Tesla should be releasing under various open source licenses, but isn't. ®"

I'd guess none, honestly. If these devices are running Intel Ubuntu there'll be nothing they've customized, just an install with (I assume?) a bunch of unnecessary packages removed Whatever UI these are running is probably custom and not required to be open source. If it's ARM, if it's not one of the ARM setups Ubuntu supports, you can get the BSP (board support package) from the vendor -- these companies do all have source for their BSPs up -- you can likely copy the ubuntu for ARM userland right into that, make sure ubuntu doesn't try to update your kernel, remove excess packages and you're done.

Do they have GPL disclaimers in the manual? The LG and Samsung TV manuals I saw had a whole list of what kernel, nanox, ffmpeg, etc. they used, but they were bone stock.

I'll do what I wish with items I purchase

Well, personally, I will always prefer DRM-free, and absolutely will not buy anything where I cannot remove the DRM. Luckily most DRM systems are easy to crack. I will do as I wish with items I have purchased and will not have bureaucrats and big businesses strip away my personal use and fair use rights.

Don't use common sense

"When it comes to Windows, I'm a bit of a retard... I always try to approach it based on common sense and generic principles of the past,"

First off I love your solution to use Ghost.

Anyway... I found the best approach to Windows issues is to NOT use common sense. Common sense and logic work on a system that behaves in some logical matter and some consistency. Windows does not, particularly when something breaks. I end up googling the specific problem and trying things to fix it -- all to often, it's changing a COMPLETELY irrelevant setting, or toggling some option off then on (or on then off) -- which of course should do nothing since the end result it is set exactly the same as it was. Or some undocumented setting, which common sense will never point you towards. I mean, recently I fixed *printing* from IE on someone's computer by updating the VIDEO driver!!! OK, so newer versions of IE use the GPU acceleration.. but that was already turned off due to it not working on this system! So IE (apparently) decides "what the hell, I'll just use the GPU for some reason for printing even when set to not use the GPU acceleration at all."

You would not find this poor of QA on software shipping with any MacOS or Linux version. Don't get me wrong, Ubuntu and Gentoo certainly can break, but there'll generally be a sense of logic to the root cause of the problem and solution... "Oh, the problem is with foo... I had to tweak the settings for foo... or reinstall foo... or upgrade or downgrade foo".

Oh yeah!

Oh yeah! I forgot to address the article! Anyway...

1) Yes, add-ons can be compromised and it's good to let people know about this possibility.

2) However, it's real greasy if it's just looking for adblock then trying to FUD people. Just be honest, say this site costs money to operate and you'd appreciate people not blocking the ads. And, if you have pop-ups, GET RID OF THEM.

Similar but different issue...

One thing that has bothered me, some Active Directory-based systems have these policies that are like "Not the same last x passwords, also not the last x passwords with minor changes." "Last x passwords" just involves storing the hashes and making sure they don't match. But minor changes, doesn't that mean it is in fact storing several old passwords in plain text?

Anyway, it's better that eclipse is now X'ing out people's passwords on this page. But I'd really like to know if they are still storing plain-text passwords (probably they are.)

PLEASE!!!

Please, EU, I beseech you... you've been beat to it on the 700mhz band, don't split it up differently just to be different! Thank you very much.