Posts by Adam 1

time to take stock

I'm sorry but when a Torvalds rant comes across as a reasonable response to your baffoonary, it is probably time to take stock, admit there's a problem and start methodically working towards a sensible solution.

Re: HTTPS can still transport malware

HTTPS isn't magic but it does cut out whole classes of vulnerabilities that can cause malware to be transported to you.

Or another way, with HTTPS, the site has to be compromised or otherwise be untrustworthy (or a combination of compromised DNS and compromised CA has tricked the browser). With HTTP, you only need to connect via a rogue free WiFi access point in order to introduce malware not actually sent by the source website. And before anyone comments on some l337 haxor skills required for such pwnage, Google WiFi pineapple and then watch the YouTube instructions whilst awaiting your kit to be delivered.

Re: I think it was well known....

> about BAE experimental aircraft and projects that hadn't got off the ground?

Shirley it is only the ones that they got off the ground that are worth considering?

/Coat please

Agile is fine

The problem is when someone thinks that it equates to "unplanned", or that changing requirements has no consequences.

When you boil it down, the claims it makes are hardly controversial. "Issues discovered early on in a process are cheaper to remedy than those found later", so tasks are supposed to be self contained a and be achievable in half a day. Sprints are equally a week or two so idea to usable feature is much shorter. If it is found to be a dumb feature, it is not likely to be intricately linked to hundreds of other features and therefore ridiculously expensive to change.

Analysis and design is really a Goldilocks artform. Too little, and the inevitable feature request comes in that requires an entirely new implementation even though in the customer's eyes, the request is simple. Too much, and projects get stuck in analysis paralysis, too scared to head down a direction because of unknown unknowns, or worse where the requirements change and developers become unwilling to throw away that code they have so much mentally invested in, even if a clean slate would be a better spot to start.

Of course, it is the unit tests and continuous integration that makes it possible to deeply refactor code without risking breakage, and these are often what companies won't invest in. It is always seen as an overhead, and the future efficiencies it creates are never credited to it.

Re: Storm in a tea cup

There is no problem with the way the software responds to a failing battery. Slowing things down is certainly preferable to having a phone that reboots continuously. Noone is complaining about that. The complaints all stem from the fact that this throttling is done silently, making your 'old' phone feel slow, and without telling people of the relatively cheap resolution to the speed issues this causes them.

Re: Hopefully vapourware?

You can do broad stroke heuristics. How many connections are attempted, where are they destined, how big is the payload, how long between connects, what ports are used, and the sorts of DNS queries these things make.

Re: This is what we need to worry about

If this threat is to teach us anything, clearly we must give encryption a backdoor.

/Logic brought to you by the numpties who run the show.

> Since your fingerprint (or face, or (presumably) DNA) is stored as a salted hash in the Secure Enclave of the phone

Disclaimer, it has been a few years since I last looked into facial recognition (wasn't quite up to snuff back then), but I work on systems with deep integration of fingerprint and vein scan as well as regular password authentication.

Hashed authentication for passwords/passcodes works because you can* store Hash(secret + salt) and later test whether Hash(guess + salt) == stored value without storing the secret itself. You don't need that secret, just statistical proof that it is neigh impossible for the guess to not be the actual secret**.

Biometric templates are different because you are not able to get an identical scan for verification. Even two photos taken on the same camera on a tripod in a studio seconds apart will have subtle differences. If you were to perform a substraction operation on the bitmaps, it would not be pure black. Because of this, templates are more like a series of measurements of angles and ratios of various features. It can be thought of as a template in the sense that you can't take those numbers and reconstruct the original scan/photo, but the verification logic needs to have those numbers to determine whether the candidate finger/face is "close enough" to the template. (This is why we can meaningfully talk about false accept rate and false reject rate for biometrics). My point is that you can encrypt the template but you cannot hash it.

*But please don't. Google scrypt or bcrypt and use one of them.

**Aka a collision

Re: Error?

@gnasher, 9 times out of 10 I reckon a 1ms sampling profiler points you at the guilty target but it does depend on the problem domain. One good gotcha if you're doing this on Windows is that by default your clock has a resolution of around 10-20ms unless you use the high resolution counters. This caught me out more recently than I care to admit. Each call to my method was in the order of 0.3ms, which almost always appeared as 0ms. Once I had profiled with the high perform counters, it became easy to recognise where the time was being spent, so I could prioritise both speeding up that method and seeing if there were opportunities to call it less frequently.

Re: maybe it's time to re-consider server-side inefficiency

@BB, I think that I understand what you're saying. That you may be able to compensate for double digit performance losses by being a bit more careful with the design.

Believe me when I say that this is exactly the sort of tail chasing that software engineers the world over are trying to do to limit the side effects of these OS level (software based) workarounds. But there is only an incredibly small window of time for that analysis of optimisation opportunities and designing something to fit, get it tested and published for customers (who will want to do their own UAT before going live).

And understand that the typical RDBMS is in the ballpark for a 10%-20% performance hit. If your typical load was 75% capacity, what you would have called well planned capacity last week will suddenly be 90%+ utilisation and in the real danger zone. Remember also that it is an exponential problem. If your transaction takes 12% longer, the lock contention is statistically much more likely to hit another transaction (think the birthday paradox). Then once you start getting a tipping point of deadlocks, even the retries cause problems.

As much as I would like to think optimising gives an answer, for many it is going to be more $$ for bigger AWS or Azure plans or bringing forward capex.

Re: like mnany I suspect.

> if it doesn't run code from the outside and if you don't want the performance hit - then why patch?

In the case of Azure, you are not going to be running on bare metal. You are going to be on a VM guest, so the important question is whether your kernel's data can be read from collocated VMs belonging to other customers. I am personally unclear on whether patching the VM host is sufficient or whether both host and any guest need both be patched.

But yes, if you have a machine which is air gapped with a performance critical workload then you are one of the lucky few.

I am sure we won't be waiting too long for this to be exploited via JavaScript or a PDF/docx/xlsx file with some macro. That is going to suck big time.

Re: Good stuff!

UPLOAD VIRUS

Re: The perfect IoT device!

> If they loved her so much they'd have given her a real key.

Just going out on a limb here, but if they're all sharing a Christmas dinner, one of them could've just got up, and in the spirit goodwill to all mankind, opened the door when she knocked.

Re: Refunds and Compensation

One of the compilers that I use still has an option for Pentium safe floating point division. A lot of people didn't bother swapping them over I guess because OS and compiler vendors whacked together a quick work around and pulling out a CPU is beyond the technical knowledge of most.

Either way, I'm not looking forward to this patch. No customer is going to call support and say "hey there, because of Intel's screw up we're not getting adequate performance". It's going to be a bunch of your product is a bunch of ... Fix it yesterday.

Re: Who cares

"thinking only of themselves" + "doesn't affect me" = humorous irony

But keep calm folks. At least s/he didn't mix up affect/effect.

Re: Moving Things On and Into Higher Levels/Greener Pastures/Darker Depths/Shadowy Systems

One could never be disappointed with any reality that is replaced with bacon. But a far as sharing merriness with our most masculine of commenting martians, I would only advise you factor in your local incarceration durations for possession of such substances.

that's backwards

You seem to think it is Google's job to make iOS easier to use. There are plenty of tablets out there which can run chrome/Firefox/opera/Vivaldi/palemoon and would happily run Edge or Safari if the authors of those browsers elected to publish them. I too have some family who .... struggle .... with things technical, but even they learn very quickly after you show them the "internet button". Of all the .... limitations .... in Safari, for me, the icon is way down on the list. In fact, I will admit to liking that icon. If they need to see the Chrome icon, any of those tablets will suffice.

The rendering engine isn't some abstract concept. It is the biggest difference between ie6 and modern Chrome. Poor* rendering engines directly hurt your experience. They may be slow, use more memory, draw incorrectly (or fail to draw), and fail to protect you from threats by ignoring CSP rules. It directly influences whether you think your tablet is too old which costs you real money if you buy a new one.

*and add to that poorly maintained

Re: I wouldn't know, I can't even install it.

> it *refused* to install because it was incompatible with my screen reader

I hope it's not rude to ask, but you visit the comments here a bit, and the question that I'm sure is on all of our lips is what does the screen reader software do when it encounters a post from amanfrommars?

Re: Give Us The Facts We Need

Or more usefully, how many Norris x Percentage of maximum velocity of a sheep in a vacuum is that?

Re: So, instead of warning the user of the issue...

Yes, a notification that said that "due to your battery aging and no longer able to deliver the required voltage, we have slowed processing to avoid system shutdown. Please replace your battery to restore full system performance" would go a long way to avoiding such complaints.

Except I'm guessing that would cause warranty and other consumer protection laws to force them to give you a new battery if it goes into this mode too early after you purchase it. But screw you customer, that would cost us money.

Re: can't blame the malware

> trying to squeeze every last cent of build cost out of the thing by using components that are ok for normal use, but are inadequate if the thing needs to run at full power for anything longer than short bursts.

This is an imminently sensible thing to do, and I don't think it is part of the problem. There is nothing wrong with a designing a device that is primarily going to display farcebook, some cat videos, the occasional game of flappy birds and maybe the occasional phone call. It isn't designed as a bitcoin miner and therefore doesn't provision the hardware (particularly with active cooling and dedicated hashing chips rather than general purpose CPUs) in such a way to allow it to run at full throttle doing that indefinitely. That doesn't matter. If presented with such a workload, it should power down some of its CPU or GPU cores and reduce the clock frequency when it detects the temperature rising too close to the threshold. If that still doesn't tame the temperature*, it should shut down to prevent damage.

My car may look like a car you can take on the track**, but it is engineered as an urban commuter vehicle. Yes, in can floor the fast pedal if the situation warrants it, but I'm under no illusion what would happen if handed over to a mildly competent racing driver to race on a closed track. After a few laps, the oil (engine or transmission) would hit a threshold temperature, some dash lights would come on, and the thing will go into limp mode until some service centre numpty tells me about voiding warranties. That is not a cost cutting tightarsery, but an engineering compromise. Sure, they could add 14 radiators but every bit you add increases build costs, has ongoing maintenance costs, decreases reliability and adds weight.

*Clearly means that inadequate passive cooling is available.

**Ok, it looks nothing like such a vehicle

Re: Step one

> For all that google are great at remembering everything anyone has ever done they somehow keep forgetting the restricted privacy settings I enter

Upvoted. Partly because I appreciate the irony you point out, but if I'm honest, it is mainly because there's a part of me that hopes that whatever google analytics beacon is tracking my upvote and downvote patterns may hopefully get the hint.

Re: Slightly more complicated as far as AES is concerned

Weaknesses is too strong a word. Noone has (publicly admitted to) found an exploit, but the simplicity of theb fact that all the keys from all the rounds are derived from the single initial key is incredibly trivial and therefore can feel too good to be true.

As an aside, this is one of the more accessible ways to explain AES.

Re: JSON?

If he was really Hungarian, he would have been called personNorbert

Re: Mining new coins

Ok agree that the inevitable crash will be pretty spectacular. I don't think the cost of production rises because there are less left. It rises because there are more people mining. The rate of discovery is fixed across the whole network, so more miners means you have to invest a lot more to find them.

The real trick is to not pay for those computers and electricity. Think MitM JavaScript injection of miners, or even malware. Can your rig compete with a botnets of 100,000+ exploited "security" cameras?

But anonymity is not just a state thing. It is also corporations tracking every possible data point. Just imagine what "BI" that visa has on you? And how they use it to market to you? And how they could sell that information, either individually or in aggregate. I do not wish to be profiled by companies who profit from figuring out what marketing I may respond to. And that is leaving alone the whole can of worms about the degree to which governments in what we might think of as free countries apply the concept of warrants.

Re: How many battery "breakthroughs" is that this year?

> If you try even triple energy density of Li-Ion battery (0.875MJ/kg x 3) you're right next to gunpowder which has energy density of 3 MJ/kg. If you want increase it 5 times you're now in TNT territory (4.6 MJ/kg).

> Would you prefer car that can do half the range or the one that goes further but literally has 500Kg of TNT under your ass ?

I heard that there are some nut jobs out there that attempt to drive vehicles with 43.1MJ/Kg. Won't catch me near a diesel though. That must be, by the arguments above, 10x more dangerous than TNT.

> it's a gas

You temperaturist.

Re: Opt out

We possibly have a disagreement about what correct behaviour is. If the app developer of a map application says it wants GPS, that is so the find me function works. If I configure **my** device to return nonsensical data, then I will expect the find me function to do weird things. If I give it real data, it will work as per the app developer's intention. If I reject the permission, it will probably crash. Not necessarily because they believe their application is pointless without it, but because most languages have really clunky handling of monads and it never occurred to the developer to check what happens if an exception is thrown or check the error code that got returned. In other cases, the app developer just can't be arsed to structure their code in a way that would minimise the required permissions. In other cases, the permission model itself is not fine grained enough (particularly around file and media access). The developer may want a very small subset of the permissions mentioned on the token, but you need to grant or reject the lot.