* Posts by Ken Hagan

8135 publicly visible posts • joined 14 Jun 2007

Slow IPv6 adoption is a GOOD THING as IETF plans privacy boost

Ken Hagan Gold badge

Re: NAT has to go, yes

No I wasn't trolling. Taking Windows as an example and looking at the last few years of patches, it is pretty obvious that putting a Windows box on the public internet adds only a handful of possible exploits to, compared to the dozens that exist if we go through the end-user. It is also pretty obvious that any system you put on the net now is going to have a default firewalling option of "nothing in", so the reachability of the address is irrelevant unless you have an end-user (or crapplication) willing to help from the other side.

Oh, and thanks for holding back on the reference. Anonymous Linux fanbois don't have quite the "RFC status" that I was looking for.

"Better hope not I've got real IPv6 systems in real big organisations... but then my comments about IPv6 couldn't possibly have come from actual experience... could they?"

Based on your posts so far, I'm surprised to hear this claim. Perhaps your experience is out of date. Modern Linux and Windows systems are far better protected and far more configurable than your posts suggest.

Ken Hagan Gold badge

Re: Getting more peopel to adopt IPv6

"I don't care about what the spec is, or how it's intended. Only how it is actually used and what's available to me. Both from ISPs and from device vendors. Everything else is masturbation of the most pointless and vapid variety."

Then you could avoid a number of pointless and vapid arguments by criticising your ISP and device manufacturere in future rather than IPv6. Remarks like "How does IPv6 handle these scenarios?" lead the naive reader to believe you are blaming the protocol.

Ken Hagan Gold badge

Re: Getting more peopel to adopt IPv6

How is that better than (or, in any significant way, different from) what my router does now?

It gets a /48 prefix from my ISP. My ISP presumably routes packets in my direction based on that prefix. My router advertises the prefix. My IPv6-capable devices figure out addresses based on that prefix. My router blocks all incoming connections by default. My router cost about £50.

As far as I can see, IPv6 already works, is already here, and the only problem is that most of the world either hasn't heard or has decided to be "in denial" as part of some lifestyle choice. Still, eventually we'll be able to switch off IPv4 support on our own networks and all the denialists will disappear at a stroke.

Ken Hagan Gold badge

Re: What IPV6 really needs

"The problems with FTP and other early DARPA protocols have been know for decades, it is pure laziness (by the IETF) that they haven't been amended."

Umm, FTP *was* amended -- http://en.wikipedia.org/wiki/File_Transfer_Protocol#NAT_and_firewall_traversal

Ken Hagan Gold badge

Re: NAT has to go, yes

"And there is one of the biggest problems with IPv6, just imagine the 1990s on IPv6, all them Windows hosts directly addressable from anywhere on the internet... imagine the size of the botnet you could build."

A reachable address only helps you build a botnet if you have an exploit to throw at it. Also, in practice just about every Windows machine is reachable "in reverse" because you can persuade the end-user to click on a link and tunnel through their NAT on your behalf. I think you'll find securing (or simply not running) servers is considerably easier than teaching end-users not to click on dodgy links whilst running as admin, so it isn't clear to me that universal addressability actually makes things much worse than they are at present.

"Although I should point out that my particular love of IPv6 is the "YOU WILL HAVE AN IPV6 ADDRESS ASSIGNED TO EVERY INTREFACE" directive."

Got a reference for that? On second thoughts, don't bother. All of the systems I'm familiar with are quite happy to let you enable or disable IPv6 on different interfaces just as you please. Indeed, it is hard to see how a router with an IPv6-capable subnet on one side and a legacy subnet on the other could possibly work otherwise.

"IPv6 is a fucking mess, designed by people who gave absolutely no consideration to security or privacy."

That would be a "mess" that seems to work fine for millions of people, including some of the world's largest web organisations, and "no consideration" apart from making IPsec support compulsory. Maybe it is your understanding of IPv6 that is a mess.

Look out, sysadmins - HOT FOREIGN SPIES are targeting you

Ken Hagan Gold badge

Re: Well if it involves...

"Yes I'm that shallow."

And for the GCHQ strategy of "stiff upper lip" to succeed, we need *every* IT admin to be "not that shallow". Hmm ... I think I see a teensy-weensy flaw in this plan.

Meanwhile, other parts of the Establishment are trying to increase the numbers of women in IT.

Ken Hagan Gold badge

Re: They'd never get me

I assumed the amusing clock was a typo.

ARM tests: Intel flops on Android compatibility, Windows power

Ken Hagan Gold badge

"cripple SW development with poor architectures"

Ho ho. Coz we all still write our apps in assembly language, right?

Seriously, the ISA wars ended when Intel introduced out-of-order execution, over twenty years ago. Instruction decode is unimportant, whether in terms of execution time or die area, and x86 has been an orthogonal instruction set since the 386 so compiler writers don't actually care. There are probably people posting here who were born after the issues you raise were important. Perhaps you are one of them.

Ken Hagan Gold badge
Unhappy

"The performance is not as high as we're seeing in the Intel device," Watt admitted, "but [...] we're getting much lower power."

So this isn't really a meaningful comparison. If you underclock the Intel device so that it's performance matches the ARM device, how do they compare? Alternatively, if underclocking is impractical, how about comparing energy consumption for a given task instead?

The article pretends to be concerned with battery life, but that's measured in mA-hours at a rated voltage, which is energy rather than instantaneous power. I'm sure anyone capable of making the measurements described in the article is aware of this, so I'm afraid to say I find the comparisons rather dishonest.

Early! Do! Not! Track! Adopter! Yahoo! Says! It's! Rubbish, Bins! It!

Ken Hagan Gold badge

Re: Better alternative

I'm sure the dataset is already polluted beyond redemption (*), so I'm amazed that anyone spends advertising money on web sites, but as long as they do then I don't see why El Reg shouldn't profit from their stupidity. (* I think I saw an ad on El Reg the other week that actually looked interesting and I was surprised because I couldn't remember that *ever* happening before.)

A simpler response is to block third-party cookies. (That presumably blocks all Yahoo! cookies because who the hell actually goes to the site anymore? Every time they get mentioned in a story I think "Are they still going?".) This is an option that has been available in most (if not all) browsers for ages. It is under the end-user's control and there's little the anti-DNT crowd can do about it.

The one thing left to track is your IP address, but everyone is in denial about IPv6 and so most consumers will be behind CGN in a year or two.

Ken Hagan Gold badge

Re: Call me cynical...

I've done a fair number of clean Windows installations over the years and whenever that's included IE10 (or 11) I've been *asked* whether I want to change that default. I imagine the OOBE for consumers buying a new PC with Windows pre-installed is pretty similar. So those who speak of a "default" are really saying most end-users are too effing thick to read what's on the screen during setup.

Of course, maybe that's precisely the target market for your average advertiser. Maybe that's why they are so cross. Diddums.

Now is 'the wrong time to send hundreds of millions of dollars to Kremlin' - SpaceX boss

Ken Hagan Gold badge

Re: Those bloody monks

lower case is fine. it's easier to read and write. that's why it exists. the mistake was failing to deprecate (and eventually stop supporting) upper case. it is particularly absurd in this instance because hardly anyone in the modern world actually understands the languages that the upper case letters were originally used for. the script has actually outlived the language!

'25,000 Windows Server 2003 boxes' must be upgraded A DAY to meet OS support death date

Ken Hagan Gold badge

Obvious FUD is obvious

"Claunch said IT systems running on out-of-date server software may "cease to operate correctly" due to "some latent defect that has been triggered by changes in the client's use"."

Umm, is that a threat? Since we're talking specifically about users who bought their server about ten years ago and have left it to fester in the corner, the only changes that are likely are ones coming through the update channel.

"Nice server you've got there. 'Twould be a shame if something updated it."

Script fools n00b hackers into hacking themselves

Ken Hagan Gold badge

Re: Bah!

It's worth the same as a Bitcoin or a Renoir -- whatever you can persuade someone else to pay for it.

Ken Hagan Gold badge

Re: Give these people an award!

Yup! The phrase you are looking for is "victimless crime".

Denmark dynamited by cunning American Minecraft vandals

Ken Hagan Gold badge

Re: I see two possibilities...

I go for option B.

Maybe flying the US flag inside-out is a bit like flying the Union Jack upside-down: a distress signal. Maybe these people need help.

Firefox, is that you? Version 29 looks rather like a certain shiny rival

Ken Hagan Gold badge

Re: WTFFFFF?!

"Windows 3.11 worked."

No it bloody well didn't. It crashed and burned as soon as fart in its general direction.

You must be thinking of NT 3.1. That worked, slowly.

Ken Hagan Gold badge

Re: Hate it already

"Exactly the same arguments are going to apply to this as apply to the W8/Unity changes"

Perhaps the FF devs missed those two controversies. Easily done, if you've got your head stuck so far up your own arse that you end up looking out of your own eyes twice.

Ken Hagan Gold badge

"Firefox is still the best of a bad bunch so there's not really any other choice"

There's Iceweasel, for those who prefer how FF used to look. It gets the security patches but not the re-imagining of the UX.

Ken Hagan Gold badge

"Make the UI common across all platforms."

It is far more useful to make the UI conform to the idiom of the local platform. That's what it is running on, after all. Of course, it's hard to say what the idiom of the local platform *is* on most desktops these days, since every half-wit programmer and his mate seem to feel empowered to re-write the rule book for their app because their app is "special".

Earth calling half-wits. No it effing aint.

Go ahead and un-install .Net, but you'll CRIPPLE Windows Server 2012

Ken Hagan Gold badge

In fairness, this is only .NET 4 we're talking about. The phenomenally bloated previous versions aren't even installed by default on Win8 (and I presume not on 2012 either).

Also in fairness, Powershell is way better than CMD.EXE. (Edit: ...and considerably lighter than cygwin.)

Friends don't let friends use Internet Explorer – advice from US, UK, EU

Ken Hagan Gold badge

Re: Mum's laptop

Given the interval between Patch Tuesdays, I don't think you can blame your mum's infestation on the fact that the Patch Tuesday due in a fortnight "didn't" (ie, won't) contain anything for XP.

Ken Hagan Gold badge

I assume IE6 runs on Server 2003.

Remember, just because the consumer/cheap version of the OS has gone out of support doesn't mean that MS aren't still publishing exploits (er, patches) for the identical-codebase-but-more-expensive server version.

In fact, one way to get around XP's demise would be to find (if you can) someone who would sell you a licence for Server 2003. That, of course, would set you back a few hundred, but the possibility means that MS can't charge more than "a few hundred" for ever-extended support for XP.

Ken Hagan Gold badge

"Heartbleed wasn't an "out of memory area" bug."

Indeed not. It *should* have been, but they were using an allocator that turned it into a "in memory area" bug.

Then again, for all we know, this latest IE bug might be similar.

Ken Hagan Gold badge

Re: This sort of thing doesn't happen

"BTW, isn't the "Heartbleed" problem also a "use after free" (whatever happened to "uninitialized variable(s)")bug?"

It's been several days, but not as I recall. Heartbleed was failing to sanitise external input and consequently exposing a load of memory. It was made worse by the fact that the OpenSSL allocator didn't overwrite-on-free, and so the memory was potentially "interesting".

Overwrite-on-free is trivial-to-code and fairly inexpensive. Its primary purpose, however, is not to render buffer overruns less interesting but rather to make use-after-free much more likely to be fatal. Bugs are therefore caught during development rather than three years after release.

And regarding the "uninitialised variables", that's arguably the complete opposite problem: use-before-allocate. I say "arguably" because although in C initialisation doesn't exist and allocation is considered complete when uninitialised memory is handed to the application, most other languages try to ensure that something like zero-initialisation happens. Again, it is trivial for a debug allocator to ensure that insane-initialisation happens by default and so any bugs in this area show up during development.

Without wishing to slag off Microsoft (coz others have already done that for me) it *would* be interesting to know just how bugs of this nature are making it into the current release of IE, a decade after Microsoft's big splash about secure software development. In the case of OpenSSL it was because they made a conscious decision to bypass all the help that might have found them sooner. With hindsight, that was such a bad decision that OpenSSL may not exist in a few years time (having been replaced by its fork).

In IE's case, no "fork" is possible, but we're long past the time when you had to run IE because most websites didn't work on anything else. Alternative browsers exist and end-users ought to be asking whether IE's development practices are up to snuff.

Edit: In the context of "uninitialised variables" it is perhaps relevant to note that Microsoft's C++ compiler has a long-standing bug in *failing* to initialise built-in types in scenarios where the standard requires it to do so.

Victory for Microsoft as Supremes decline to hear Novell's WordPerfect whine

Ken Hagan Gold badge
Windows

Re: Good

"What made the Mac first and then Windows platforms users liked was exactly a uniform UI among applications letting you to start easily even with a new, unknown one. The days of "I will design my own UI and you have to use it" under DOS were gone, but not everybody understood it."

Ah! Those were the days. We used to have UI standards, you know. Everyone had to follow the rules or face ridicule. Applications that maximised themselves on startup were just rude. Putting a green tick on your "OK" buttons was considered poor taste. Failing to define keyboard shortcuts and a sane tab order for all your dialogs was shoddy workmanship.

Nowadays, of course, the youngsters don't even *have* keyboards, or even "OK" buttons in some cases and applications don't run in any mode *except* maximised.

TIFCAM they call it. Disgusting, I call it. Wouldn't have happened in my day.

Trolls and victims watch Supremes for definition of meaningless patents

Ken Hagan Gold badge

Re: @DougS

"The patent does say how the pulse is taken, essentially they use a "difference amplifier" to filter EMG from ECG and time the ECG."

Well that can't be relevant because using a difference circuit to extract a small signal from a large background has prior art going all the way back to the early 19th century.

Amazon veep: We tweak our cloud code every 16 seconds – and you?

Ken Hagan Gold badge

"We tweak our cloud code every 16 seconds – and you?"

Am I the only person who reckons this is something they should be keeping quiet about? What's a tweak? Does it mean they are finding bugs every 15 seconds? Even if these are features we're talking about, doesn't it still mean the behaviour of the system is unreproducible/unpredictable on timescales longer than 15 seconds? Is that a good thing?

Apple patents Wi-Fi access point location lookup

Ken Hagan Gold badge

Re: Good that Google didn't illegally map all private Wifi access points in the EU.

"But whoever okayed the patent needs a good talking to!"

The patent was okayed by the several hundred cretins who passed the law saying that the USPTO should henceforth grant *any* patent which is accompanied by the paperwork and the fees, leaving it to the courts to decide whether it is valid or not. The situation won't improve until people stop slagging off the patent clerks and start pointing out that the entire system is broken (in favour of the lawyers, natch).

Frankly I'm amazed that we're only up to "US Patent 8700060".

NASA spots 'new' star just 7.2 light years away

Ken Hagan Gold badge

About 25 years ago, in a lecture that had strayed onto the subject of Dark Matter, our prof suggested that the true explanation might not be the various forms of exotic, supersymmetric or wacko particles that were then in vogue. It might just be a lot of bog-standard matter, too cool to see. I think he was semi-serious. This is the sort of stuff he had in mind, but I don't know how common these objects would have to be in order to make the numbers work.

Ken Hagan Gold badge

Re: Solid surface?

At 3-10 times the size of Jupiter, I imagine it is a gas giant.

Lord Kelvin estimated that Earth's "heat of formation" would have taken about 100Mya to wear off. A rocky planet 3-10 times the size of Jupiter would have a surface area to volume ratio many times less than Earth and so would presumably cool more slowly. I think the surface would still be molten.

Ken Hagan Gold badge

Re: Why is it warm?

For a planet, gravity also releases gravitational potential energy and the gases are mildly radioactive. These are certainly reckoned to be the important factors for Earth (http://en.wikipedia.org/wiki/Earth%27s_internal_heat_budget) and are presumably even more important for a gas giant because gas is a rather better conductor of heat (via convection) than solid rock.

Apple patent pokes at holographic iPhone screen

Ken Hagan Gold badge

Re: How ? ? ?

"That, my man, is because of the USPTO, which simply accepts anything written on a napkin if it comes from the Right Companies."

Or indeed, the Wrong Companies. I believe the law is that they'll accept anything written on a napkin, period. The effect, as we can all see, is that patent protection is increasingly hard to achieve in the US for genuine inventions. Ironically, this probably means the current patent system in the US actually violates the consitutional demand for such a system to exist.

One day, someone will try to argue that either in court or in Congress and the whole house of cards will come down.

Vladimir Putin says internet is a 'CIA project'

Ken Hagan Gold badge

Re: the Russian economy

BBB- and presumably headed downwards if Russian businesses are cut off from the internet.

Yes, there's a lot of gas over there but guess what, there's a lot of shale elsewhere that might come on stream in the near future, especially if Putin's friends decide to hike the gas price. The same probably goes for most other primary resources: Russia can either continue to sell at the world market price or it can voluntarily send its *own* economy into a nosedive. If it wants to ever be anything other than a primary producer, it needs to develop manufacturing and service industries and in the 21st century that is not compatible with firewalling the entire country off from the rest of the internet. You might as well cut yourself off from physical transport networks, or the postal service, or international finance.

Similar advice, of course, applies to China, whose economy continues to grow as long as it sells its own people down the river, and stops growing as soon as it tries to cash in (*) any of the benefits of being an economic giant. (* like, raising living standards)

The other "Tiger" economise of Asia learned this ages ago. Growth was phenomenal whilst they were playing catch-up. Once they caught up, they discovered that further growth was as difficult for them as it was for us.

Ken Hagan Gold badge

Re: Doesn't matter who "invented" it

@John Savard: Yes, but... Britain at the time was Russia's ally and Germany's enemy so it is a tad misleading to talk of "the West" as a single entity "responsible" for anything.

DeSENSORtised: Why the 'Internet of Things' will FAIL without IPv6

Ken Hagan Gold badge

Re: Maybe what the world needs

Is your employer aware that s/he is paying you for a task that the rest of the world automated several decades ago?

Assigning IP addresses is the "job" of the DHCP server. Remembering them is the "job" of a DNS server. Seeing them is the "job" of the APIs in well-written software. Typing them is no-one's "job".

Ken Hagan Gold badge

Re: Names. Names. NAMES!

"The only other way would be to have your own unique domain (tomshome.co.uk) and uses sub domains I guess."

Um ... yes. They thought of that 30 years ago and so DNS is a hierarchy. That's exactly how you are supposed to do it. Only a complete moron would try to solve the name shortage by inflating the top-level domain. Oh wait...

Ken Hagan Gold badge

Re: Maybe what the world needs

What *is* this fixation with literal IP addresses?

Unless you are configuring a router or a DNS or DHCP server, you should never even *see* an IP address, let alone have to type one in or remember it. If you have some other network software that regularly throws literal addresses in your face, report it as a bug.

Even if you *are* setting up such a machine, you'll always be using the same prefix (yours) and the double colon notation spans the middle ground. The bit you have to deal with manually is the final hex digit or two.

For domestic customers (and small businesses, actually), you don't even need to do that. Your ISP will deliver a prefix over the wire and your router and devices can all do the right thing without any configuration at all.

Minecraft players can now download Denmark – all of it – in 1:1 scale

Ken Hagan Gold badge

Re: As a 29 year old who doesn't quite 'get' MC...

29 is old enough to "get" MC, but you need to have started your family in your late teens. I don't know the actual stats, but I'm guessing that teen parents aren't a big part of the El Reg demographic, so you've probably got a few years to wait.

Joking apart, Minecraft has much of the same appeal as Lego, but is a lot cheaper and truer to the original blocky ethos of the latter. Making blocks smaller would make building anything more tedious so it might actually count as a backward step.

OpenBSD founder wants to bin buggy OpenSSL library, launches fork

Ken Hagan Gold badge

Re: Madness is doing the same thing and expecting a different outcome

"I am appalled at the likes of C++ or Java where, it seems, none of us can master even the full semantics of the basic language"

In fairness to the C++ guys, the worst of the complexity results from a sincere attempt to actually describe and then remain compatible with the C subset. In no particular order, C's integer types, promotion rules, decay of arrays to pointers, lack of initialisation guarantees and (until recently) lack of a memory ordering model, have been the bane of anyone who actually wanted to write clear and safe code. Classes, namespaces, exceptions, templates and the like are pretty damn clean in comparison.

Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor

Ken Hagan Gold badge

Re: Please No !

"(whoops not call it that any more)"

Why ever not? :) As far as I'm concerned all the "debate" about what to call it is irrelevant. It is "Windows 8 with the latest service pack" and anyone who hasn't got the latest service pack running can whistle for support. Funnily enough, that's exactly the attitude of Microsoft, too.

You can start shouting about a "new version" when it is chargeable (and, consequently, not everyone can realistically upgrade and so software vendors actually have to support both platforms).

95 floors in 43 SECONDS: Hitachi's new ultra-high-speed lift

Ken Hagan Gold badge

440m in 43s

How long does it take for the passengers stomachs to travel the same distance?

Inside the Hekaton: SQL Server 2014's database engine deconstructed

Ken Hagan Gold badge

That million-fold difference.

"Data retrieval latency is orders of magnitude slower than memory. We're talking milliseconds compared to nanoseconds, a million-fold difference."

Good luck getting nanosecond latency out of the terabyte-sized memory mentioned in an earlier paragraph.

On a CPU running a few GHz, you'll get nanosecond latency out of your L1 cache. By the time you are hitting DRAMs or flash, the latency is more like microsecond. You've lost at least two of those orders of magnitude, maybe three. On the other hand ... that still knocks seven kinds of shit out of a disc and into a cocked hat. Back on the first hand, a decent disc cache subsystem will have delivered most of that performance already, even on DBs that are slightly too large to live entirely in memory.

So it will be interesting to see if this actually makes any measurable difference.

Lavabit loses contempt of court appeal over protecting Snowden, customers

Ken Hagan Gold badge

Re: living a lie

"In the UK, it emerged that Prince Charles actually has special powers, largely secret, to lobby and veto policies by the democratically elected government."

I call bollocks. If these "powers" are secret then they don't exist. Logically, the act of using them would require that they be made public, or else no-one would know what they'd been compelled to do against their will. Since that hasn't happened, we can conclude that they haven't ever been used. They are a figment of the Graun's over-active imagination.

It is true that Chaz has the ear of ministers, like many other lobbyists. However, the blame, er, responsibility, for the actual decisions rests entirely with the ministers involved. That's why we spit contempt for the ministers whenever they roll over for the lobbyists. We don't say "Oh, you cruel lobbyist forcing the nice minister to be a complete pratt.". We say "You complete pratt, listening to a pathetic lobbyist.".

And then we vote them back in for some reason, but I digress...

Microsoft's Nadella: SQL Server 2014 means we're all about data

Ken Hagan Gold badge

Re: an application he said had been "born in the cloud,"

It means the waiting is over. We now *know* that Microsoft's new CEO has no more of a clue than the last one. Win9 will be more window dressing, the next version of SQL Server will be a subscription model with all your data held in the cloud, and there's going to be a major new platform announcement as they reveal "WinBS", the successor to the legacy WinRT platform.

NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS

Ken Hagan Gold badge

Re: Maybe I'm naive,

"How the heck do you expect the NSA to find every security flaw before the rest of the entire planet?"

I don't, but...

There are relatively few SSL suites in widespread use and pretty much all secure communication on the internet is built on top of them, so they are pretty important. OpenSSL happens to be open source, but that's probably not an issue since I'm sure the necessary arms can be twisted if the NSA want a look-see at Microsoft's crypto libraries. If the NSA, with a budget in the billions, doesn't have a team poring over these suites then someone needs to have their employment contract reformatted.

I expect that team to find a buffer overrun vulnerability in a codebase that lies square in the middle of their competence with a couple of years of it being published. Whether that is before the rest of the world is another matter entirely. I also assume that several other nations have teams doing much the same, so they might get there first.

Obama allows NSA to exploit 0-days: report

Ken Hagan Gold badge

Missing the point, surely?

It is no secret that the NSA exists and has a massive budget. Any moral outrage about its activities should either have been consistently expressed for the last few decades or, if only recently felt, should be based on revelations concerning who they target rather than how they do it.

I don't have a big problem with the NSA using a 0-day to spy on (say) North Korea.

France bans managers from contacting workers outside business hours

Ken Hagan Gold badge

Re: Solution

I took the OP to mean "well regarded ... as a regular source of material.".

Ken Hagan Gold badge

Re: Fine until

"They are either unique or they are not. Stop mangling a very useful word."

I sympathise, but I thought that "not as unique" was rather appropriate. It will, after all, come as a great surprise to those concerned to discover that they are replaceable. One must break these things gently, even if it pains your inner linguist.

Russian deputy PM: 'We are coming to the Moon FOREVER'

Ken Hagan Gold badge
Facepalm

Re: title

Actually I didn't see the icon.

Sorry.