nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

* Posts by LDS

5081 posts • joined 28 Feb 2010

Facebook, Schrems case cost Irish data watchdog €2m – reports

LDS
Silver badge
Devil

Hasn't Ireland 13 billions more than planned?

So a couple of millions don't really look a big sum...

0
2

Causes of software development woes

LDS
Silver badge

"The user is not your enemy"

The *real* user usually is not, unless you're in a situation when they are happy with the actual situation, and someone is forcing unwelcome changes from the top.

Just, usually, to get at them, you have to get through layers of people who actually don't use the software but are in charge of some part of its acquisition, so they need to have their say and look "smart".

One of the key action for good requirement is to identify the real users and get at them, look at what they need, what they expect, maybe suggest - subtly - ways to improve their work - don't force "revolutions" if it's not what they really ask for. Most managers, if users are happy, will accept a solution because that makes their job easier.

Yes, you can still meet the old jerk, you have to understand how to neutralize them, when possible.

It's a social skill - something you also need to gather requirements.

2
0
LDS
Silver badge

Eliciting requirements is hard

One issue I often encountered, is that people tasked to eliciting requirements are not really the right one. In this situation there are several ways to do it wrong - you could be too business oriented with a lack of technical understanding, leading to impossible or very expensive solutions, you could be too technical, leading to superb technical solutions that don't address the customer needs, or be a useless office document filler.

What you need is someone able to understand the customer domain well enough, also with enough technical knowledge to "guide" the customer when needed towards a good solution, without forcing it into the wrong one just to sell or use one technology or the other. They need also to be able to communicate and manage requirements properly - especially requirements are not marketing brochures or letters to Santa Claus. People writing requirements MUST NOT come from sales or marketing.

These people are hard to find, and means you can't believe to be able to deliver any software project you may encounter.

Then you need proper tools to manage requirement lifecycle and their relationship with tests.

Unluckily, most of the tools I've used, even expensive commercial ones, are usually uncomfortable to use. Since they moved to web interfaces, even more so. We would need really "agile" - in the simplest and truest meaning of the word - tools - tools quick and comfortable to use, not tools that need more time to be cared for than actually creating the product.

I need something easy to navigate, manipulate, change, using several views and dimension at the same time, in different windows when needed, and everything kept in sync with local changes without roundtrips to a web server,l and remote changes when needed. Something that works as well with a mouse and without it, when your hands are both on the keyboard. I don't care if it doesn't have a phone app or a mobile-friendly site - I don't manage requirements on a phone, it's the worst tool.

6
0

Amount of pixels needed to make VR less crap may set your PC on fire

LDS
Silver badge
Joke

That's what Magic Leaip is working on.

They achieved it boiling frogs and flies eyes into a cauldron with bats ears, to use their ultrasonic capabilities to track eye movements.

22
0

OK, Google: Why does Chromecast clobber Wi-Fi connections?

LDS
Silver badge

Re: when in tandem...

It looks only that some UK models (maybe others?) are, because on the main site it is sold as a modem/router

https://www.draytek.com/en/products/products-a-z/router.all/vigor130/

0
0

Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes

LDS
Silver badge
Joke

"... the Cruise Fleet Management application ...."

Now we know why they lost the America's Cup that way. The skipper was desperately trying to use those applications to plan for the races...

Anyway cruise ships are now so large you need such kind of applications to manage everything and everyone on board. A couple of colleagues in a company I worked for usually had to take some short cruises when a new version was released, or to diagnose issues, poor lads. Inmarsat connections were too expensive, and the ship won't stay harboured for too long (but for scheduled maintenance).

Just they would really need a backup captain to take the helm automatically when the main one thinks showing off past an island is a good PR stunt...

1
0

Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

LDS
Silver badge

"There are many trust models to choose from with GPG"

And all of them imply you trust them - aka some kind of "authority" which is trusted by default, or because you choose to trust it - where's the difference from a CA?

Good, inside your company, but outside of it? If you have to communicate, say, place an order with a company for the first time? Do you go through "old school notarised documents on paper" to ensure their website is actually theirs? Or when you book a room in an hotel in a city you never been before?

All the authentication model work or on mutual trust, on relying on a third party "authority" trusted by both parties.

2
1

PowerShell comes to MacOS and Linux. Oh and Windows too

LDS
Silver badge
Devil

Sorry, both are products of the Devil itself.

Only a very evil being could inspire the syntax used in those shells and their scripts.

21
1

Good lord, Kodak's stock is up 120 per cent. How? New film? Oh. It launched a crypto-coin

LDS
Silver badge

"Kodachrome will not be back in anything but name"

I don't think so - or it will be back in a form alike the old Kodachrome, or it won't be back. Many of the features of it depended exactly on the film design and development, and can't be easily replicated in an E-6 film.

BTW, the development (the K- processes) were standard, and there were other films with other different processes, i.e. Anscochrome, which was one of the first to be inverted chemically (in the beginning Ektachrome required re-exposure).

The K- processes were just far more complex than E- processes. The last version of K-14 AFAIK replaced the toxic chemicals with others.

E-4, later replaced by E-6, used toxic chemicals as well.

Many of older development processes used toxic and even deadly chemicals - some used cyanide as well.

Anyway, it is Kodak Alaris, not Eastman Kodak, planning to reintroduce the reversal films - let's see if the actually bring back Ektachrome, and how well it goes.

2
0
LDS
Silver badge

you might be thinking of "Polaroid"

The Polaroid brand is now in the hands of a Polish company which is also an owner of the "The Impossible Project" company - which manufacturers Polaroid films and cameras, and even refurbish original vintage Polaroid cameras. They are using the "Polaroid Original" brand now.

Lomography paved the way, now there are not so few people looking for a vintage way of making photos, there are also some crowdfunded projects to crate new film SLRs.

3
0
LDS
Silver badge

Re: Kodak could make a shed full of money by....

35mm film is guided by sprockets, and kept in position and flat by a plate in the back - but creating a thin sensor usable in non-interchangeable backs is not easy, even more twenty-five years ago.

But most prosumer and pro level 35mm cameras had removable backs. Usually, you can change them with backs designed to store more film, backs to print date/time on film, backs adding timers for long exposures and time lapse images, and even the firsts data backs able to store each photo settings.

With these cameras, it was possible to provide a digital back, without the need to cram everything - including power - into the cartridge space, keep the sensor in the right place, and allowing controls on the back itself for sensor settings.

Some of the early digital SLRs were exactly created this way - some of them exactly by Kodak (its DCS serie), using Canon and Nikon bodies. They were bulky, and were later replaced by fully integrated DSLR - no longer made with Kodak.

Camera makers were of course more interested to sell new cameras than updating old ones. Some backs prototype were shown by third parties, but never reached the market. They were expensive, full frame sensor were yet to came, and made the camera bulkier.

Actually, those digital backs never had much general appeal, outside situations were they were a real advantages, and only the more expensive cameras could be easily adapted, cutting out most the market.

Almost every medium format and large format cameras had interchangeable backs, and these got digital ones - but they were very expensive, and some, especially for larger formats, were "scanning" ones (working like a scanner), usable only for very static subjects, albeit able to deliver very big resolutions.

2
0
LDS
Silver badge

"I can't see why it wouldn't take off."

Because unless image use happens only inside the "exchanges", there's no way to limit easily an image use when it's in the wild. Bitcoins & C. are useless outside their own "networks", and you store them in some kind of vault until you use them - images are useful for several uses, and are published. Once I display it on my monitor, I've a copy of it.

Sure, Kodak may also use spiders to crawl for illegal usage, but such systems already exist, well before blockchains. Just as licenses and certificates (for limited editions prints).

Or it should develop an application or plug-in to show images only under specific conditions and hinder reproduction - good luck for it, and its acceptance.

1
1
LDS
Silver badge

Re: Zombie brand

There are two "Kodak" now, Eastman Kodak, and Kodak Alaris (based in England).

Regarding the photo film business, the latter took the still film business, while the former still runs the movie film business - it looks some directors still prefer film - even "Star Wars - The Last Jedi" was shot on film.

Both have other product lines outside film.

4
0

Heart of darkness: Inside the Osówka underground city

LDS
Silver badge

Maybe one day we will also visit Cold War underground facilities

There are not a few that were sealed when no longer useful, but still waiting somewhere under some mountain.

5
1
LDS
Silver badge
Big Brother

Forced labor using expendable slaves, no safety concerns, and machine-gun equipped supervisors is extremely fast.

Anyway in wartime everything speeds up - little space for delays to increase costs.

37
0

UK.gov puts Suffolk 7-year-old's submarine design into production

LDS
Silver badge
Joke

he said they could use for "sneaking and spying".

"sneaking and spying" - this young lad has understood where we're going to....

25
0

You. Apple. Get in here and explain these iOS slowdowns and batteries – US, French govt reps

LDS
Silver badge
Facepalm

Re: Who's next then?

The issue is exactly the phones got an update to slow them down...

19
2

Indian data leak looks to have been an inside job

LDS
Silver badge
Facepalm

"it wanted her (and the Tribune) to help identify who was selling Aadhaar access"

Forcing journalists and newspapers to reveal sources is exactly one of the ways to hinder the freedom of the press...

4
0

Take notebooks: About those new Thinkpads...

LDS
Silver badge

"They stopped adding the crap, too many people complained."

Isn't because the FTC complained, with the right "instruments"?

https://www.ftc.gov/news-events/press-releases/2018/01/ftc-gives-final-approval-lenovo-settlement

But just wait for some cousin of Pai's getting the helm of FTC too, and he will create a "restore laptop freedom order" to let Lenovo install crap again in the name of "innovation".

1
0

CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar

LDS
Silver badge

Depends - if you just run the file/processes inspection part on demand it's OK. If you let them "infect" your system with all their drivers and services to hook whatever they like automatically, there's a good chance they start fighting against each other.

On a file server or a mail server, for example, you may want to inspect file/attachments using more than one AV engine, the way VirusTotal works. Relying on a single one may be dangerous.

1
2

Intel, Microsoft confess: Meltdown, Spectre may slow your servers

LDS
Silver badge

"8th Generation Core platforms..."

Well, maybe not everyone run the latest CPU generation?

What is this, another marketing spin to suggest to buy newer Intel chips? Sorry, even if I need new chips I'll wait for those that fixes these bugs... or buy those with less bugs.

23
0

1980s sci-fi movies: The thrill of being not quite terrified on mum's floral sofa

LDS
Silver badge

" it's weak directors with big egos using it to fill in the gaps they've created"

And script writers who believe to be better than the original authors, while they are often really very poor at writing (not only in sci-fi).

But both can get away with it because CGI fills the gaps, and studios have still something to sell, and some of the public don't ask anything more - but we've seen many big fiascos, yet Hollywood executives don't care, in one way or the other - worldwide distribution, TV rights, DVD/streaming - they get most of the money back.

Reviewer in the press will be very careful before tearing apart a big studio release - more even now that they need more ads revenues than ever.

2
0
LDS
Silver badge

"Total recall"... and Philip K. Dick, again

"Total recall" is based on one of Dick's short stories - just like "Blade Runner" and "Minority Report" - so it's based on something from one of the best sci-fi authors. IMHO the original plot is far more interesting, but the first one was at least visible.

3
0

Sky customer dinged for livestreaming pay-per-view boxing to Facebook

LDS
Silver badge

Re: I wonder....

Why? Recording is not illegal - it's broadcasting that is. Moreover, while professional sports may have sold exclusive rights, your amateur sport team don't, and they may like to have photos/videos.

Notes "signatures" are there to block the naive forger. But I would like to see professional player painted to achieve the same - but maybe tattoos could be used for the same purpose...

4
0

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming

LDS
Silver badge

"keeping compatibility with a large user base"

Most users don't look for an OS - the look for applications to perform what the need or like.

And they may not want to abandon them just because someone in a marketing department decides they should not run anymore, or have to be bough from a store to get a 30% ransom, or need to have a new UI to match the latest fashion.

One of the reasons Windows kept its market its exactly because of its backward and forward compatibility - you could usually run new applications on older systems, and old applications on newer ones, within reasonable limits. So you can decide what to upgrade and when.

Kill this, and make it a fully consumer system with built-in obsolescence, and many customers will look elsewhere for systems that don't force them to chase the latest fashion at all costs - especially at higher costs...

50
1

Meltdown, Spectre bug patch slowdown gets real – and what you can do about it

LDS
Silver badge

"What will it take for Amazon et al to create their own, secure CPU?"

A lot of time and money?

Given all the main CPU supplier failed one way or the other - with Intel failing any of them - it's not exactly a simple and cheap task to build a high-performance high-security CPU.

7
1

US Senators force vote on Ctrl-Z'ing America's net neutrality death

LDS
Silver badge
Facepalm

"rather than lawyers and accountants and bureaucrats"

Which is exactly the exact description of Pai himself.

13
0

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns

LDS
Silver badge

Systems without an AV may need the reg key to be set manually

Or the patch won't appear in Windows Update.

5
0

Least realistic New Year’s resolution ever: Fix Facebook in 365 days

LDS
Silver badge
Mushroom

Re: Not as unrealistic as you think ...

Could we suggest North Korea a target?

0
1
LDS
Silver badge
Devil

"He’ll need to learn “history, civics,..."

If he did, he would have never created Facebook in the first place....

4
1

US border cops told to stop copying people's files just for the hell of it

LDS
Silver badge

Re: doesn't mean much

AFAIK, the reasons for car searches in the US were widened a lot in the '20s (or '30s) of the last century because of gangsters and alcohol smuggling. A century later, they are still in effect...

The problem is that when you give law enforcement agencies such privileges, it's very hard to get them back.

9
0

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

LDS
Silver badge

Re: Don't run any JIT you don't know

I believe with some ROP techniques you can achieve the same. And of course if you can lure any user to run anything in user mode, you can still hide inside the code to read kernel data.

0
0
LDS
Silver badge
Joke

"One that is per core effected"

Could I suggest Oracle to base it on caches sizes?

0
0
LDS
Silver badge

Re: Why is everyone so negative?

When the system is yours, you can run a kernel debugger if you like. The issues arise when someone else can run code accessing your kernel without your knowledge...

3
0
LDS
Silver badge

"When will Intel be shipping CPUs without these vulnerabilities? "

Maybe Intel will attempt to sell Itanium again.

Jokes aside, it needs a silicon redesign. Memory accesses should be checked anyway for privileges before moving anything to the cache, and probably performance will suffer as well.

There could be other solutions, but they may be even more complex. And of course there are inventories to to sell... it can take many months.

1
0

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

LDS
Silver badge

Re: "Think of it more as a workaround than a resolution" @LDS

I don't really know if that was something suggested by Intel, or something devised by kernel developers to avoid bottlenecks. I think more about the latter, but I could be wrong.

Some information about the use of the features that lead to this issues, and some of their possible solutions are in "Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 3A: System Programming Guide, Part 1".

Intel has always suggested different models, but the more secure one implied the use of segments and specific "gates" to call across rings, which is very "heavy" and no one used - and in 64 bit mode AMD thought it was fine to get rid of segments. IMHO, one day they will find it's the right way to write secure OS.

Anyway, today you'd need to read some long manuals, i.e. "Intel® 64 and IA-32 Architectures Optimization Reference Manual" (788 pages) or "Intel® 64 and IA-32 Architectures Software Developer Manual: Vol 3" (1998 pages), to have a good knowledge of all the available features and recommended use.

3
0
LDS
Silver badge
Devil

"that is because that half lives in kernel space, to speed up the monster ..."

You should thank that decision now, less user/kernel switches and back, so less performance issues...

0
0
LDS
Silver badge

"Think of it more as a workaround than a resolution"

Actually, even mapping kernel memory into a process address space - albeit protected by some access control bits - is a performance workaround to avoid the performance hit due to switching address spaces.

From a security point of view, fully isolating the kernel memory from user processes is a much sounder design - not a workaround. The issue is CPU are not designed to switch them quickly, and anyway performing the required checks takes time.

0
0

Samsung topples Intel as semiconductor top dog, but lead 'literally built on sand'

LDS
Silver badge
Joke

Aren't all these business built on "sand"?

Were most of the silicon is, after all?

6
0

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

LDS
Silver badge

"historically assumed that you controlled your computer and the workload that ran on it"

Actually, no. Mainframes could run different workload for very different users, and when they started to rent their "time", they had to ensure separation of workloads.

But x86 CPU have their roots in simple chips designed with no security at all. When protection mechanism were added, often they weren't use because the incurred overhead was deemed to high in performance terms.

In many ways, mapping kernel memory to user space but keeping it "hidden" trough the paging mechanism is a kind of performance trick. From a security point of view, having to switch address space fully is much more secure - the problem is that with the current implementations that's slow.

That's the same reason why the full four rings, segments, etc. were never used, too many cycle required when going through a ring boundary. IMHO CPU design should look at ways to reduce the security checks overhead properly, instead just trying to bypass it.

16
0

And we return to Munich's migration back to Windows - it's going to cost what now?! €100m!

LDS
Silver badge

'Most research is sponsored by proprietary software companies, and as such might be biased'

Of course researches sponsored by FOSS companies and organizations are not.... they all live out of thin air... Munich may be doing a mistake or not, but both FOSS and proprietary sides are obviously biased.

14
23

Security catch-up: Nigerian prince email ring cops collar ... Louisiana OAP?

LDS
Silver badge

https://www.uscis.gov/eb-5

0
0

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

LDS
Silver badge
Devil

If these news came before xmas...

... I would have liked to see the impact on PC sales...

I can't believe they could change how the kernel/user space communication works - and test it - in just a few weeks.

Consumer protection agencies should really give a deep look into this.

8
1

We've heard of data gravity – we're just not sure how to defy it yet

LDS
Silver badge

Re: It's not gravity - it's bulimia.

It's not that simple - you can force customers into a subscription without collecting data (i.e. Adobe Lightroom before they made the "full cloud" version"), you can collect data without a subscription (i.e. Android or Windows 10).

The subscription model is not new - it was how software was "sold", or better "rented", for most Unix workstations in the '70s-'80s. It does ensure a steady cash flow, instead of attempting to sell upgrades. Bad for customer who use it occasionally, good for the company balance sheet.

Data hoarding is a different matter, although it does often come along with the subscription model (they may not want to pay for all the data storage). If and how it generates money really is still to demonstrate. Sure, some like Google and FB made them selling the idea of "target advertising" or the like - some others believed it, but if it really works is yet to see. I believe that if it really worked, we would see on web pages a few well placed ads, and not the mess we actually get.

I'm quite sure they're selling data "invisible to anyone who was unfit for his office, or who was unusually stupid". Of course, spamming billion of ads will generate some data useful to say "See? People actually buy from ads!".

0
0
LDS
Silver badge

It's not gravity - it's bulimia.

Companies are collecting data just for the sake of it. They hope one way, one day, to find a gold mine within. They are mostly collecting rubbish, like some hoarders. I would call it DHD, Data Hoarding Disorder.

They fear gateway, because it just mean to tell the customers data can actually processed and acted upon locally, probably by a Raspberry Pi-like machine. There's really no reason why a thermostat should send data to "the cloud" for processing. It does only because the maker believes it can magically create value from them.

We're going to flood networks and storage with data with no real value - data that could and should be processed locally to deliver the service they are collected for, without ever leaving the "premises".

But executives have been brainwashed into believing "data are money" - and they will collect everything just for fear if they don't, someone else will do and find the gold mine. It hasn't anything to do with physics - it's just another symptom about how much psychology matters in business decisions, and in the worst way.

14
0

Microsoft Surface Book 2: Electric Boogaloo. Bigger, badder, better

LDS
Silver badge

Re: Real alternatives?

Your specs are highly niche - especially a built-in Cintiq-like display, hard to find in more generic devices aimed at a larger user base.

Wacom does make some specifice devices (http://www.wacom.com/en-us/products/pen-computers/wacom-mobilestudio-pro), but they may not be poweful enough.

Dell and others have mobile workstations (i.e http://www.dell.com/en-us/work/shop/workstations-isv-certified-dell/precision-7710/spd/precision-m7710-workstation), but they may have not Cinqit-like displays. One reason it the keyboard gets in the way when you're working directly on the display - and many prefer to work with something larger than a 17" display. Moreover big GPUs need cooling.

There could be some companies building such machines, but you'd need to look for them.

2
0
LDS
Silver badge

"how many engineers and devs"

If you believe it's only for "engineers and devs", you're holding it wrong ;-)

4
4

Where did all that water go? Mars was holding it wrong, say boffins

LDS
Silver badge

"So rocks float?"

It just depends on what they float in...

7
0

ALPHABET TOTALLY LOSES ITS SCHMIDT: Exec chairman Eric quits

LDS
Silver badge
Devil

"I just got a big tax break!"

Mwaawwwaaaah!!! Need some time off to spend all those billions!!!

9
0

Firefox 57's been quietly delaying tracking scripts

LDS
Silver badge

"but what about all the other distros?"

They don't do most of the work. They mostly repackage someone else's work with some changes, and may work with limited resources. They don't build full products from the ground up.

Firefox is not a skin over WebKit or Edge, it's much more expensive to develop and market. Do you believe building a rendering engine is something you can do in your spare time?

Do you really believe every product can be developed the same way, especially with a bunch of unpaid amateurs in their free time? Do you understand what dedicated resources you need to develop a product like Firefox, and keep it updated?

Look, how Chrome became the main browser? Because it's developed by people in their free time, or because there's a Moloch like Google behind it?

Keep on believing in the FOSS Nirvana, it's just a way for company like Google to destroy competition and took full control of what you can use.

11
3

The Register - Independent news and views for the tech community. Part of Situation Publishing