* Posts by bell

46 posts • joined 20 Jan 2009

Ugh! Is that your security budget? *Sucks teeth and shakes head*


For a given value of effective

All that the suits need is support for the claim that they are "Taking cyber [security] seriously.". The amount spent and the trend in that amount sound very detailed and very objective without having to leave the world of pounds and pence. If they have benchmarked their spending against industry norms they'll get extra points for thoroughness even if the outcome of the benchmarking isn't talked about.

This is part, a depressingly effective part, of managing the only aspect of risk that the stratospherically high-ups care care about - reputational risk.

The question of whether corporate or personal reputation is more seriously considered is left as an exercise for the commentariat.

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?


Re: "I don't think I want my refrigerator talking to some food police."

The food police - otherwise known as SWMBO.

If the Internet of Things will be SOOO BIG why did Broadcom just quit the market?


That would be "activist" investors then?

Europe is spaffing €20bn on handouts for tech


Not sure I get the cause and effect here

Maybe I'm just very slow on the uptake but I could really use a step-by-step breakdown of how - and under what assumptions - the removal of geoblocking destroys the quality and variety of creative outputs and/or the industries producing them.

Why would being able to delay release in other countries or discriminate between purchasing countries in pricing terms appeal to investors in these projects? Is there some preferential pricing for local buyers required for accessing government funding, ...?

At what scale of required investment does this start to have an effect - Publishing a novel, producing and releasing a single, an album, a TV series, a three part motion picture epic with elves running on falling rocks?

Linux kernel dev who asked Linus Torvalds to stop verbal abuse quits over verbal abuse


At some point there is more to your contribution than your code

It seems to me that the issue here is not only (or even mainly) about how developers are treated on the kernel developer community. It is about maintainers and reviewers being told how to treat others. Many people find it easy to tolerate watching people yell "You're an arsehole!" at each other. There are fewer, but still a significant number, who can cope with being told "You're an arsehole!" from time to time. It's a lot harder not to take it personally when you're told "Be an arsehole or fuck off!". No matter what we feel about the relationship between our code and our selves, how we interact with other people is very intrinsically us.

The approach which many senior or long serving maintainers have found works for them ranges from abrupt through aggressive to ad hominem. The attitude seems to have gone from "It works for us, it will also work for you." to "If it's not working for you, it's because you aren't sufficiently like us.". So when claims are made (including by commentards above) that the USB 3.0 project wasn't producing as good a result as it could the criticism very quickly falls very personally on the maintainer.

Clueless do-gooders make Africa's conflict mineral mines even more dangerous


Amusing, but also really frightening

The core message of "Bureaucracy Happy Do Gooders In Footgun Debacle" warms my heart. If only because I would like to believe that no good ever came of bureaucracies.


I see no reason that any other mechanism for limiting demand would have led to less negative consequences. Have I missed something? Or is funding the overgrown gangs of the less governed world through our gadget purchases the best thing we can do for the rest of the people there? At least once this sort of thing has gotten going?

For extra credit: Does the same apply to cocaine manufacture, narcotics distribution in general, vice even more generally?

The BIG stretch: Software and flexing your firm's size


Other software, other bounds moved?

Very nice idea. Surely it's only part of the story though.

Is there not another set of software ("enterprise" being such a dismal adjective or classification anyway) which increases the practical size or complexity of a network of ad-hoc contracts? Or do all the real, perceived and just fervently hoped for impacts of software make firms more likely to be the optimal structure?

Bong Ventures LLC: We've been cyberhacked


That's an odd definition of intelligence you have there ...

Now where do I get a research grant into artificial cunning opportunism?

Hundreds of dot-brand domains predicted


So who is in ...

... on a collective to purchase .off?

Dibs on the .directly.off subdomain!

Canadian prof: Wikipedia makes kids study harder


Differences which have been overlooked

Beyond the possible value in a wider or "genuine" audience there are two other important differences between the WikiPublic and a lecturer as audiences for an essay:

- The lecturer has very limited time to devote to each submission. This leads (possibly unfairly) to an assumption about how thorough the review will be.

- WikiFiddlers are permitted to be far harsher critcis than lecturers.

VMware gets Go-ing with Shavlik buy


Please Sir ...

One trawls a network for instances of a freebie hypervisor and trolls a comments page for humour-impaired gits.

European parliament loves the Tobin tax


If not Tobin, then what?

If we look past wanting to hurt the bankers - as satisfying as it may be it's not really constructive - there are some other goals which are also worth pursuing.

Even as a raving capitalist I'm not comfortable about the way that the financial economy dwarfs the real economy. The real economy needs the financial economy for for liquidity and risk finance. The extent to which the financial economy has become disconnected from the real is alarming though - particularly when disasters in the financial economy can have a serious impact in the real economy.

Tobin taxes may not end up collecting very much - the Swedish experience demonstrates that they will put a serious crimp on the ballooning of the financial economy though. Instead of slating them outright let's hear some proposals on how to tailor them to bring finance and the real world back into a reasonable relationship.

Google whacks link farms


Be nice ...

'... capable of weeding out search results that are gibberish, like "side effect of nike air with polyamory remote controlled helicopter Britney Spears on free live sex Ugg boots accutane casino lottery."'

Now, now. That really wouldn't be fair on aManFromMars.

South African wireless traffic lights pillaged by SIM-card thieves


One more thing ...

Specifically in Johannesburg, the likelyhood of lightning damage to kit connected by copper pairs is enormous. As it is we lose huge numbers of traffic lights either drowned or struck during the storm season. Add some extra wiring in there and I think you could get close to 100% failure over December.

UK.gov braces for possible Wikileaks hacklash


Yes but no but yes but no but.

Yes, it's coercive. The physical world analogy is closer to parking the entrance to a harbour shut than blowing up a truck in the basement of an IRS building though.

I'll grant you the point on extra defence. It would be lovely if it didn't all go to consulting muppets though. Some improved co-operation and less petty empire minding between departments would go far further toward improving the resilience against this sort of thing.

Txt tax would wipe out half UK deficit, claims union baron


It's just too easy ...

To point at the difference in quality of grammar and spelling between the pro-fligacy (yes I know) and pro-restraint commentators on government spending.

For a nearly as easy exercise let's try to extrapolate from there to the quality of the arguments.

Canonical COO jumps clear after 10 months


And the point would be ... ?

Just beyond your grasp, apparently. The fundamentalist rants and whines in that lwn thread are just bloody pathetic.

This is not about one man's opinions. Assay's views as published and Canonical's general approach to FLOSS (or whichever acronym suits you best) are not at odds. Canonical was never intended to be a funded mouthpiece for twats who get all butthurt because bad, nasty Nvidia won't open their drivers.

PARIS concocts commemorative cocktail



In honour of the the nature of the mission which it commemorates and because it has clearly caused the plucky plastic protagonist to forsake his better judgement (it must be mighty cold sitting there).

E Ink unwraps colour e-paper reader


Sure, it's nice, but ...

Do we really need colour?

Particularly if it comes at the cost (as I assume it must) of increased power consumption even for monochrome operations.

S African rhino rustlers tackled using satellite horn implants

Thumb Down

Missing background

I really couldn't care what some misguided twat is purchasing the powdered horn for.

I do think it was a little sloppy to omit the important and rather sad background this development takes against though.

There has been a massive and alarming increase in rhino poaching in South Africa this year. According to the WWF there were 470 rhino poached across Africa between 2006 and 2009. 200 rhino were poached in South Africa to mid-October this year. The big anti-poaching success story of the year -the arrest of 11 people in late September - came with it's own distressing aspect: two of those arrested were vets.

Mozilla and Opera call for Google open codec in HTML5 spec

Thumb Down


And since it seems impossible for the web to be free and have video, kill the video and move on.


This is all just an annoying distraction

Let online video become fragmented and die. The web is about more than YouTube.

The back and forth over codecs, patents and video standards is taking up time and effort which could have been far more productively spent on other aspects of HTML5. Ones that would provide some value for the web as an application platform - like extended form controls and datagrids (which have been canceled for lack of interest).

Ball lightning is all in the mind, say Austrian physicists


Bit of a context failure there ...

Kendl was saying that physics didn't need to be stretched with any 'new and other suppositions' to make ball lightning fit, not that this was the final answer on the matter of ball lightning.

More generally, this theory provides an interesting opportunity to make ball lightning explicable. It does so by providing two classes of ball lightning observations - real ball lightning and phosphenes. If use irresponsibly this just provides cover for cherry-picking but the idea that not all ball lightning is created equal will provide at least an interest in distinguishing between the two.

Linux gets jiggy with more filesystems in 2.6.34 kernel release


It doesn't have to be that hard

Yes, the software is non-trivial. An individual's involvement can be trivial though, and still valuable.

Much of the criticism leveled at the recent Ubuntu release was of trivial issues caused by a lack of testing breadth. Many of the annoyances of Gimp and Firefox are quite superficial.

There is a lot of deep geekery going on, and it produces great results. As these projects move more and more into the user space they are requiring increasing breadth as well though. Most of that breadth is going to be provided by volunteers. As such a lot of it is going to be quite shallow since volunteers need to earn, pay bills and have some fun with the remaining scraps.

What little bit you can do to provide some of that breadth can be valuable. Even if you're a one trick pony, testing and patching a single obscure corner case it does help. A great thing that open source projects give us is a way to engage with our tools in a way that isn't possible otherwise. Take that opportunity for engagement, you'll help the development of the products, and probably help your own skills development too (except your pool and darts skills of course).

US Navy's plane-hurling mass driver in tech hiccup


Only in one small regard

The speed with which the magnets can be made to respond. Building the field won't be instant, and it won't vanish quite instantly either. I would guess that it would need to be far closer to instant for a railgun than for a launch catapult.

White House devs overlooked gaping Drupal vuln

Thumb Down

There is so much irresponsible going on here ...

... that it's just beyond funny. Starting with filing a full CVE vulnerability for a problem with release candidate software. File a bug against the module, contribute a patch if you're feeling constructive, there's no evidence of this problem being known and ignored for any period of time. The Drupal security team are perfectly within their rights to claim that it's only their problem if it's a release version. If that deprives the poor widdle researcher of his moment in the security advisory limelight, tough! No need to go proving the guy from Verizon right about narcissistic vulnerability pimps.

El-Reg has also really failed to apply the critical analysis that we have come to expect. You were on the way there with your (simplified to the point of dubious accuracy) description of blocks. Just one or two more questions - following down the road of who gets the privilege by default and under what circumstances that group would grow - would have painted the whole story in a different light. Be a bit more careful about what you're biting ... please?

Cybercrime talks end in failure


Ordinarily I would agree ...

This is not a topic that the private sector can really do much about though. The big issues are law enforcement co-operation, extradition, harmonisation of offence descriptions and the like. Very much government activities.

Open source - the once and future dream


Does it have to be a business

I'm not sure that open source needs to pay shareholder returns. It just needs to pay programmer salaries so that the programmers can buy Jolt and gaming rigs or mortgages and alimony - depending on what point they're at in life.

Kicking off a project of meaningful size is difficult with a purely volunteer team (although it has been done). Besides commercial concerns the initial kick could also be delivered by academia or a very large end user organisation like a national government or a global megacorp. Once the project exists in a useful form the salary for a programmer working on it can come from anyone, anywhere who finds the project useful. Part of the appeal of open source to programmers outside the coutries where most development work is done is that they can participate in a way that is impossible for closed products.

Industry groups leap to Chip and PIN's defence


That would be a four way tradeoff

The three way tradeoff that Mr Brunswick mentions is on the mark for new projects. He's missed the extra one relevant to upgrade projects - ease and cost of transition. That's the one which has caused all the headaches (and I must assume many of the design compromises) to date. It's going to complicate any efforts to roll out an improved system too.

Wreck of 1930s flying aircraft carrier dubbed 'historic'


Isn't that by definition

Surely romantic == (desirable + doomed)

Or have I been listening to the lit major wife too much again?

Bishop Hill: Gonzo science and the Hockey Stick


As long as it remains science

May the best science win, certainly. In order for that to happen the issue needs to remain in the realm of science - not dogma, and most partcularly not politics and regulation. Scientist can - in theory - move on from a bad idea, embrace a better one that grew from it's corpse and take knowledge forward. Politics certainly doesn't accomodate this behaviour, and once ideas have crept into law...

This matters because government influence on science and technology is not just about which reasearchers at which universities get funding. Once the basic science is done the engineering problems need to be dealt with, and a lot of this is done by the commercial sector. Once the goverment have decided what the problem is and which approaches to managing it are officially sanctioned that's where the corporate spend has to go, so it's where corporate R&D money goes.

The distortion in infosec spend caused by SOX, HIPAA, PCI-DSS and friends is an urelated by illustrative example. Closer to topic there is the massive spend on stack scrubbers for coal power stations in the 80s.

NSA beats warrantless wiretap rap


Missed: One point

This is not a criminal prosecution, it is a civil liability (tort) case. The question of being "sufficiently particular to the plaintiffs" is relevant and sensible here.

Tort cases are about extracting damages. Under the US civil suit model these are often quite ridiculous numbers since compensation and penalty amounts are both paid to the plaintiffs. As such they need checks and balances beyond just determining right and wrong.

Knowing what the size of the affected group is, and what range of damage they suffered is is important to making informed award decisions. A representative disbursment of an reward (far more important where penalties are paid to the plaintiff), is also dependent on a meaningful portion of the affected group being represented.

It may well be the most effective way for the EFF to raise the profile of the issue, but with that few committed plaintiffs they're unlikely to be able to make Uncle Sam pay. For a good reason, even if its is bit annoying this case.

Gov retreats on vetting database but ain't climbing down


The crusader without

Yes, the enemy is mainly within. The causes of those behaviours are badly understood, so the possibility of a campaign to address them is near zero. It is also nigh impossible to police the home environment effectively, even were there to be a morally acceptable way to do so. From a political point scoring point of view none of this matters though.

The only objective any of the intrusive data-centric initiatives currently under way is to avoid the accusation of "someone saw this coming and did nothing". The population in general accepts that you often won't see family abuse, but there is an expectation that the minority which doesn't originate at home can and should be spotted. However ill founded this feeling is, and whatever the other social costs of pandering to it, it would appear to be a political imperative that none can resist.

Election makes net snooping a pariah policy


re: Avoiding political heat

The Internet is not all that different, in terms of the protection we should expect for our privacy. It is very different in terms of what can be accomplished in an automated fashion though.

I have no doubt that the desire for wholesale surveillance and fishing expeditions in the data was always there. The three things that make a government willing to try it now are:

- The cold war is over, so the "we won't win on their terms" objection to mass surveillance has gone

- The goal is very close to technically achievable (assuming shedloads of funding)

- A peculiar belief that it's somehow less intrusive and dehumanising if done by computers in black boxes than by men in black coats.

Not saying I agree with any of the reasoning, but that's what I think it comes down to.

Catholic priests, scientists head to Rome to ponder alien life


I think the point is being missed here.

Sure. the Catholics coming over all science minded after both these millennia is a bit rich. But the fact that they're dong a more convincing job of it than the better practiced competition is pretty newsworthy.

Newfangled cookie attack steals/poisons website creds

Paris Hilton

Surely some of this is easily avoided

While tampering with session cookies is definitely an issue, although not an insurmountable one, the javascript injection is really avoidable. Memo to expedia: Cookie content is NOT trusted data.

Paris, 'cos even she's not as wide open as reports suggest.

Bug in latest Linux gives untrusted users root access


Schmekurity economics

Security features do not happy end users make - as nicely demonstrated by AC@22:00, and the comments about redhat breaking the feature on purpose. End users are made happy by more features, which require more development effort, which requires lower barriers to entry.

If you're playing market catchup (as Linux is on the desktop) then this may mean loosening things up to make emulations, wrappers and crude ports work. I must presume that the sco binary wrappers that eased Linux server uptake 10 years ago had some similar requirements.

The other area for lowering barriers for entry is making things easier for developers. This was a major part of how Microsoft won PC/Mac round 1 in the 80s. I'd be surprised if this wasn't also part of the RHEL decision. Easier for developers means allowing them to be a bit sloppier, or making them jump through fewer hoops to achieve a goal that would be hugely painful to reach correctly (pulseaudio seems to fit into this bucket).

I think that the Linux kernel team have made some better tradeoffs in this regard than the Windows team, with de Raadt and company just refusing to play. It's a factor in the fight for desktop marketshare, and unfortunately it's not in Linux's favour.

Mission sets e-bike land speed record


@Reg Sim

I'll second your point on humping the fuel tank/battery being a crap city riding position.

I'm not so sure about the range issues though. Regenerative braking removes a lot of the power consumption issues of stop/start travel, and electric motors don't suffer as bad an efficiency crash as i/c on acceleration.

Cyber security minister ridiculed over s'kiddie hire plan


They can all be right ...

You do need some broad and deep expertise at the top end of any security effort. These roles probably require a more structured organisational approach to security rather than a messy and exploratory technical one. Further down the chain the bar won't be quite as high but the people are still required, implementation is still a highly labour intensive endeavour. The pure compliance jobsworths are doing more harm than good though.

Maybe the attacking side of information warfare does require utilising the skills that have come to the authorities notice through criminal activities. The field is quite immature. Ultimately it's in everyone's interest for the field to mature and get some discipline and structure. Wishing that we had reached this point already doesn't make it so.

Undead deleted photos linger on social networking websites

Thumb Down

No Michael, it is actually that easy

Consider yourself reported to the analogy police.

Any file system since the year dot has removed or marked as unavailable the link between the filename and the bucket of bits it represents. No matter how careful you are to record the filename it won't do you a bit of good. Even before the bits have been replaced.

Facebook are apparently failing to perform even this basic step, which would be enough really. I also fail to see how it would be infeasible for them if it is feasible for other Web 2.0 soilpipes like Flickr. Possibly beyond them, but not infeasible.

Vatican declares 'the internet is blessed'


They sure can write.

That big excerpt on evil on the Internet is as succinct and comprehensive a criticism of blogWikiRedditTards as I've ever read.

Bates: Cops to defy courts over return of indecent material


Surely the status of the material is what's at issue?

I may be missing some important issues here, but the answer seems quite obvious to me: If the data is privileged in terms if past cases then it should be returned to the counsel in those cases or destroyed if it's not the only copy. Since drives are cloned for this sort of thing it could probably be done at a physical unit level, very convenient.

This addresses the difference that's glossed over in the judgment. Neither the police nor the courts can decide to destroy the confidentiality of privileged material. The courts should be able to declare who can and cannot claim to be legitimately in possession of such material though.

Sphinx - text search The Pirate Bay way



I too am amazed the people continue to torture themselves with MySqueal while ignoring the pachyderm in the Open Source Database room.

As much of a fan as I am of Postgres I do think that a dedicated free text search engine has its place. I recently implemented Sphinx search for a content management project I was working on and found that it provided some query time sorting tweaks that Postgres just didn't quite. If you have someone sane setting the requirements for result ranking you probably wouldn't need the features, but Sphinx was the one thing that beat Postgres's free text performance.

This is in no way a slur on Postgres, which does the job of managing relational databases briliiantly. I'm not even sure that free text search should be regarded as being part of that job.

IBM fingered over early Linux mistakes


They've got it back to front

I'm not particularly prone to "dealing with the way things are", but there really is a case for it here. I remember reading an article reporting a similar winge from the Swing team some months ago, and having the same reaction.

People contribute to projects to meets their own needs. From the pimply 45 year old in his mom's basement to Big Blue themselves it's the same story. FLOSS projects can do themselves a big favour by adapting to take what benefits they can from this situation and minimise the damage it can cause.

World domination to the first project to get that right :)

Google AdWords: 11 herbs and spices revealed


Nice consumer jouranlism, but ...

Yes, Google are not informing their customers. If you believe in the sacred rights of the customer then this is sacrilege.

One of the points made strikes me as a bit odd though - "If you do the same search ten times, you get ten different sets of ads." This is pretty much what I would want as an advertiser. I don't my ad to become part of the furniture and I don't want to never be seen because I rank fourth, no matter what fiddled the rankings.

Will magnetic switching by light keep storage vendors spinning?



It's fantastic to see that there's corporate investment in this sort of basic research. They'll need to put some time into the firmware too though.


Biting the hand that feeds IT © 1998–2020