Posts by Ken Hagan

Re: Of Course 1601

"A better choice would have been using Julian Date, which goes far back enough to allow for most needs."

Actually the FILETIME type is signed and has several dozen millenia on either side of the 1601. I assume 1601 was chosen because it falls on a 400-year boundary. However, 2001 would have worked fine and had the additional advantage of placing the epoch firmly within the era of atomic clocks. I assume the historic date was chosen because programmers have inherited an irrational fear of negative dates and times from society as a whole. They should have consulted an astronomer (in which case they'd have ended up measuring from 2000.0).

Re: Martian microbes

It is believed by those who have studied it that the two planets have been exchanging meteorites for the past few billion years, so it would be rather surprising if there weren't microbes on Mars or if they were significantly different from the more hardy of terrestrial varieties.

That said, the emptiness of space increases with the square of the distance from the sun, so it is quite possible that the moons of the outer planets might be different. It would be sad if we never found out because some jerk on Kickstarter had watched too many episodes of Red Dwarf.

Re: An OS is 'just' SW...

Yes, VmWare *have*, and yet articles like this suggest that it is still surprising to some, so the OP has a point. I think the average punter is so used to walled gardens and "the computer says no" that it is refreshing to meet with something like this, even if it is just an obvious consequence of the kinds of software freedom that Stallman et al have been advocating for years.

Likewise, you are presumably aware that QEMU and such like are able to runs VMs even when the guest was written for a different CPU family, so this approach is potentially even more disruptive and I expect *that* will (eventually) be a surprise to the average Joe as well. (A more interesting question is whether it will also surprise the masters of the universe who hold fruity shares in such high regard.)

"What purpose does this serve?"

According to the article, the process revealed three new vulnerabilities in the spec. That's what usually happens when you sit down to test something rigorously or prove its correctness formally. LibreSSL is (or soon will be) better because of this work.

Whether or not you ever use the resulting implementation is irrelevant. Like the old saying about battle plans: the value lies in the act of making it, not in having it once the bullets are flying.

Re: How Hot?

"64-bit chips can do 64EiB"

Not actually true as far as I know. For example, see https://en.wikipedia.org/wiki/X86-64#Physical_address_space_details for an assertion that it was limited to 48-bits back in 2010. The preceeding paragraphs (on the virtual address space) also assert that the 48-bit limit is baked into the AMD64 spec. 48 bits is 256TB, so we are now within two orders of magnitude of being able to put a moby in an x64 machine.

Re: Google IT

"Its quite a standard practice in systems that you cannot re-use passwords over a certain period or number of changes"

As is the quite standard user response of using the same basic password and simply incrementing a suffix (or appending the current date) to generate an endless series of different passwords that, in your mind, never change.

Re: Cue bleating politicians....

A politician who knows what nmap and wireshark are? Pull the other one...

Re: Are you so desperate for ad revenue, Marissa?

There's the interesting thing. On the face of it, Yahoo have been irrelevant and bereft of income for a decade or more and yet they are still going. How? No-one is really sure. Why do I care? Well, using Yahoo as a model and extrapolating, Microsoft's cash pile is large enough that they should still be pushing some "operating system as a service" type of product well into the next century. (By then, of course, people will have their personal computing as a body implant running off biological power, which gives a whole new and disturbing meaning to the phrase "Intel Inside".)

...a line management view that "IT is not our primary mission."

Actually that's arguably the most actionable point to come out of this. Someone has classified these databases as secret. Either that's not true and their whole classification system is broken, in which case heads should roll, or it is true in which case the response to "IT is not our primary mission" is simply to point out that "security is" and sack the idiots who disagree.

Formally arguing that the most security-sensitive systems (by your definition) should be excluded from your security audit is a clear indication that you are too stupid to do the job.

Re: Haven't a clue

Actually, we'll never know that for sure. The point, surely, is that the politicians authorising the payments and the spooks trousering the money for their pet projects will never know that either.

The problem is not proving that email trawling occasionally turns up results. That's probably not hard to prove. One or two examples would do it and (sure enough) that's what gets trotted out every time someone complains. The problem is proving that the money spent trawling (which is measured in the billions if some reports are to be believed) would not turn up more results if it were spent differently. Sadly, in a world with finite resources, that's what you need to prove to justify the costs.

Re: That Friday feeling!

"Worstall's services are no longer needed by El Reg."

You mean "being paid for", not "needed", or am I missing an economics joke here?

Re: $80K for a $5K investment ? Per month ?

I think it is more the case that there are so many *insecure* systems that the crims can charge $85k for access. Your secure system isn't interesting.

Apropos the article, whilst it is nice to have figures I don't think it is news that canned exploits dominate the scene. The term "script kiddie" dates from sometime in the last millennium.

Re: It isn't that

It's quite shocking news to those of us who thought GPS was (only) a positioning system. Taking a (numerical) derivative and (numerically) integrating it to arrive at a more accurate measurement than the original data would be quite bizarre.

Presumably the explanation lies in the Doppler measurements. These are an additional source of raw data and so it is much less surprising to be told that they can be used to improve the accuracy of the positional ones. Is that it?

"Going forward, ensure that all manufacturers agree that commercial pointers etc. use almost the same frequencies to minimise the variance."

Nice idea, but I think at least part of the problem is that some overseas vendors are selling class 3 devices over the internet branded as "professional" laser pointers. Since they don't comply with your laws, or with plain common sense, they aren't likely to comply with a well-intentioned suggestion.

I think that is generally true. I know more than one person who has been pulled over for driving at the speed limit late a night on an empty road. They get breathalysed, enjoy the joke, and go on their way.

Re: I'd expect more of The Register...

In fairness, the two CVEs are both content-free and MS have not publicly disclosed the bugs yet. The Xen bug report suggests that the problems lie with the delivery of exceptions to 32-bit guests and so perhaps the host bitness wouldn't matter. The MS report states that the problem is with the chipset, not the CPU, but is otherwise (as you note) not exactly informative.

A "more suitable article" probably can't be written right now unless you are willing to reverse engineer the patches.

Re: Really - there wasn't a cleaner or anyone else in the building...

"the millennia-old "doors open *INTO* the place you're going *INTO*" paradigm"

That'a a paradigm? Hmm, well for the buildings that I can accurately remember right now, I'd say it works nearly every time for houses and no more than 50% (possibly quite less) for other buildings.

Re: CCTV -- quality of the images

The poor quality of CCTV systems amazes me. We all carry around mobile phones that can do far better and a few minutes of web research will confirm that the actual sensors are cheap as chips. It must therefore be obvious that the high cost of a CCTV system is the physical deployment and wiring, possibly the optics, and definitely not the sensor.

So how the hell to CCTV salesdroids get away with the fuzzy, SD, monochrome imagery that we see in crime reports?

Rather more to the point is, if they *did* ever acquire sovereignty then what is wrong with existing laws that US citizens could not already buy and sell stuff "up there" with the same legal framework as applies "down here".

Or perhaps Congress reckons there's nothing left to perfect in Reality and has decided out of sheer boredom to start perfecting the Hypothetical.

Re: Success is whatever you define it to be

"Which in turn isn't what they eventually discover they needed."

But don't fret, because by the time they've worked this out, they need something else and they don't know that (yet) either. Rinse and repeat.

Re: There's already an opt out

"Ah, but the fun part is that YOU approve a tag, so if you absolutely have to use FB it is a fun exercise to go and tag other faces with your name every once in a while."

To judge from an earlier post, at least some school-children are already aware of this and are busily collecting and sharing pictures for the purpose.

Instruction set architecture hasn't mattered for about 20 years. Software compatibililty, on the other hand, will continue to matter as long as closed source is commercially significant. (In this context, I note that x86 emulation has been tried several times and has yet to catch on. I see no fundamental reason why it has failed, but merely note the experimental fact that it has, to date, done so.)

Promises of the imminent demise of x86 (and x64) sound about as convincing as promises of commercial fusion power. Both will almost certainly happen eventually, but it is anyone's guess when (and, indeed, which will happen first).

Re: Can someone explain this?

"and instead get this dank little island on to IPv6"

Sshhhhh. Don't tell them about IPv6. With any luck they haven't noticed yet and the legislation will only apply to IPv4 connections. IPv4 is *next* year's panic (and the ISPs will no doubt say that they'll need a bung four times larger to record the data).

Re: Why are "we" still using "flash"

"So what development tools in a Windows environment do you recommend instead?"

A fair question, but I think there is only one answer: HTML5 with gobs of JavaScript.

On the plus side, it exists and has been largely standardised in a public fashion and has multiple implementations (just about, although I think we are down to about three now). Even its limitations can be seen as a plus point if you have reactionary views about "modern" UI design.

On the down side, JS was designed to write handlers for HTML elements and it shows. Anything more than a dozen lines long is using the language beyond what it is suitable for. Much the same could be said for your favourite assembly language: good for a few short routines of pure magic, but only a fool would try to write an entire app in ASM these days. (Then again, as recently as the 1980s people did exactly that quite successfully by taking extreme care.)

But what clinches it for me is that fact that there is nothing else out there. Flash and Java both suffer from being unforgivably dire security nightmares and both suffer from a parent company that refuses to release the design so that anyone else could have a go at fixing it. Therefore, both violate the Hippocratic maxim of "First do no harm.". If you are a programmer writing client-side Java or Flash for other people to run on their machines, shame on you. (And don't be surprised or upset if you find that an ever-growing fraction of your target customers refuse point-blank to consider your product because they have a blanket ban on your chosen platform.)

Re: Better late than never?

They already *have* a unified OS (Linux). They may be considering unification at the level of user shell or application suites. If so, they should study Microsoft's recent experiences (tried it and are now backing out) and Apple's earlier experiences (thought about it and decided not to try it).

Quite, since if that was your *only* backup then you now have to pull it back down to your local system (over your domestic link) and then upload it to somewhere else (over your domestic link). For anyone who took the original "unlimited" claim seriously, that's probably not technically possible (over your domestic link) within the time frame, so they *will* either lose the data or have to pay through the nose for a few months.

"Once you have to give the EXE permission to make changes to your system, then you are at it's mercy."

The same goes for anything that might include an executable, such as a MSI file that has helper DLLs or an NSIS installer that uses plug-ins. It's 2015 and the closest we've got to a trustworthy software installation method on Windows is "install KDE for Windows and hope that the package you want is in a repository".

Re: Cameron reminds me of an ancient Danish King

You mean he is cleverly undermining Theresa May by showing that her entire negotiating position is both evil and clueless?

Actually, no, I don't grant him credit for that much cunning.

Re: There's nothing wrong with upgrading to Windows 10

"There any howtos in that [tweak your privacy settings] regard?"

Last I heard, they'd all been back-ported to Win7 and Win8x anyway, so why worry specifically about Win10's implementation?

If you don't trust your OS vendor, you need a new OS. If you have to use Windows, you may as well use the version that MS are actually bothered with supporting full-time.

Lucky you. On the other hand ... pity the poor saps who have PCs that according to Microsoft *can* be upgraded, and who then attempt the upgrade only to discover that they couldn't and are now in a state where the upgrade didn't result in a usable system and so they are unable to navigate to the place where they click to roll back to the previous version.

Or, as mentioned already by several people, those whose PCs can be upgraded but they won't have driver support for their scanner or printer or ... (Good news for hardware vendors, obviously. They get the sales and Microsoft get the blame, despite the fact that most printer and scanner drivers these days are trivial wrappers around a USB driver stack that is provided almost entirely by Microsoft.)