Posts by Henry Wertz 1

The hype died down, but...

The hype over Green IT died, but I don't think the results did.

Workloads have been consolidated; whether through virtualization, some "on-site cloud" setup, or whatever, in many cases a larger number of low-utilization servers have been consolidated into a smaller number of higher-utilization systems. Low power Xeon and ARM server systems are on the market, as well as radically low-power solutions (like a 5-10 watt server) if it's just for a small office. Desktops, portables, etc. it's far better now than it used to be -- you can look for an ARM or Atom or something to really save power. But even if you don't, you had desktops with like 75 watt CPUs that'd idle at about 20-30 watts 10 years ago; now you have desktop CPUs that might burn 5-10 watts a core under full load, and nearly 0 up to a few watts idle (and maybe 1-2 watts a core full-load for an ARM or Atom). Usually this is sold in terms of reduced power and cooling costs rather than green benefits, but of course saving power is the main green benefit, these two are one and the same.

To answer my own question

To answer my own question, after some googling, it's a matter of Windows 10 having no user-visible version numbers -- if this were Android, it'd be like "this app won't work on Android 5, Lollipop" or whatever version. "Windows 10 Redstone", the next Windows 10 phone update, is expected for release June 30, at which point phones will get it OTA. So probably they've found the W10 Redstone preview will not run the HERE app due to some incompatible change.

Why they have done this

I do hope most vendors do not interpret the FCC's rules as an excuse to ban 3rd party firmware. Here is the FCC's reasoning though, and the suggestion I sent to them during the comment period.

The problem they've run into is not people using channel 13 or running the AP a little over power; it is access points running in the mid-5ghz band, with no TPC (transmission power control) or DFS (dynamic frequency selection), so they run on the same channel as a nearby radar site and show up as big interference blobs and streaks on it. However, I think it's far more likely that most of this noise is 5ghz or dual-band APs with whatever years out of date factory firmware, than interference popping up because of people putting DD-WRT or OpenWRT or the like (particualary since, per Google, the Broadcom and Atheros drivers on these automatically handle DFS.)

I wrote the FCC during the comment period and suggested that nobody would be intentionally doing this, so the best course of action would be to simply make people aware of the problem. At present, the DD-WRT GUI gives no inidcation of which channels are subject to DFS and which are not -- I suggested if the DFS channels have an asterisk by them, many people would simply avoid the asterisk'ed channels. (It does appear that both Broadcom driver handles DFS on it's own, based on country code given, while Atheros ath9k uses mac80211 and hostapd to support it, if you pick a channel with radar on it it'll change channels on it's own.)

Absurd

Obama, you are absurd.

A) We "accept" the TSA so we should give up our Constitutional right to privacy? Nope. The TSA is a joke, I won't go through the full body scanners, and think the searches and such are ridicucous. And the stats back this up. Also that dropoff in flight bookings the last 10 or 15 years? These are people who are deciding they do not want to deal with the TSA, it makes flying too unpleasant so they either drive or don't go at all.

B) There is no give on encryption. If you build flaws into it, it WILL be broken and be effectively useless. This isn't tech companies being difficult and there is no middle ground on this.

C) You must think the public are idiots by claiming the Snowden revelations exaggerate and expecting anyone to believe it. They are not fairy tales, but real leaked documents.

I wonder how it'll benchmark

I'll be curious to see how this plays out. I wonder if it will go how Microsoft expects. I mean, with Linux's better disk I/O handling, caching, memory management (also all more tunable to handle odd workloads), and less propensity to run background tasks at innopportune times... I'm wondering if companies with large SQLServer investments won't find they can run fewer machines (so both fewer WIndows *and* fewer SQL Server licenses) with a Linux version.

Driverless cars may not be doning something right

"If a minor bit of boof-tinkle-tinkle, of the sort that happens every day between meatbag drivers, like this is newsworthy, the driverless cars must be doing something right."

Well.... these cars all have a driver who is supposed to take over (and apparently do fairly regularly) whenever they think the car is going to crash. Given this, the car software's flawless (up to now) driving record is completely unsurprising. After all, you could have a post-pub-crawl BOFH (or PFY) driving your car without worry if a second, sober, driver was automatically going to take over as soon as the BOFH started aiming for the trees ("it appeared out of nowhere!") That said, I doubt the cars behavior is too bad or someone would have mentioned it by now.

To be honest, hopefully this will provide good data for Google -- it sounds downright dicey to me for a car to stop dead in a traffic lane then GO INTO REVERSE just because of a few cones. That is when you stop, turn on the turn signal, and either wait for traffic to clear or (if it's not going to) wait for a good enough gap in traffic and go for it. I wonder if the software just didn't notice the cones in time, if the hardware couldn't see them (and Google found the car needs a sensor aimed lower or soemthing), or if the software just assumed (up to this point) ONLY cones in a "this lane is closed" configuration as opposed to a few blocking off a small bit of road.

If a cone or two is enough to make the current software behave like this, I wouldn't want to get in a Google car here in the midwest. In the midwest(ern US), you'll find bad enough potholes (luckily not too many) to risk destroying rims or suspension if you go straight through them (I've recently gotten a nice rear end noise which I think is a broken rear stabilizer link...); cones blocking off maybe a foot or two of roadway (so they can patch said potholes, in between times when they close a whole lane or two to repave); these what look like straw-filled rolls shoved into the storm drains (but sticking onto the road several inches) that mean you must go a few inches out to go around them. And, generally road markings that are totally worn off the road, so hopefully it doesn't (for example) rely on lane markings to stay in a lane or the like.

Don't get me wrong.. I'm more positive on these then say, Jeremy Clarkson; but I do think it's possible the difficulty of this is being underestimated. This may be one of those situations where software implementing typical driving rules covers 99% of the drive, but there's so many different "remaining 1%" situations that it could take more code to handle that than to handle the main drive.

Silly but clear

First off, I do find this a bit silly; it really does seem fair if a virtualization product limits use to x cores, you should need to pay for x cores. I mean, if someone's stuck a copy onto AWS are they then liable for like a 8,000,000 core license or whatever?

That said, I thought it was common knowledge that Oracle has pretty strict licensing terms, and that they are pretty strictly enforced. They may just have to suck it up and migrate to PostgreSQL or something if they are wanting to be able to have their DB floating around in the clouds.

I suppose a practical solution to mitigate this would be to segregate off an Oracle-only section (enough for redundancy) so the Oracle stuff stays there, and everything else runs in the rest, so you'd have to fork up for that section but not the whole data center (at least in the future, I guess you may be toast and just have to negotiate that huge bill down for past usage.)

Existing emulators

The existing emulator runs a whole system emulation (qemu variant) and boots up an Intel copy of Android on it. Without hardware virtualization the performance is not actually usable.

Emulating Android using API translation is actually rather interesting, but it would indeed be pretty difficult -- when they first started on wine, they got "hello world" and minesweeper type apps running pretty quickly, but then found with more complicated apps they may have 95% or even 99% of the API it needs but any given app doesn't need the same "extra" 1-5%. They also ran into the problem of more and more new APIs coming out.

I wouldn't be surprised if they didn't run into an analogous situation; they implemented some core Android APIs, got encouraged as some apps came right up, then ran into problems as they found the ones that didn't come up each would need different API work to fix, making a real mountain of additional work (plus they probably had a new Android come out in the interim, needing further APIs to be implemented to be fully up to date.)

I switched to an ARM Chromebook instead

I went the other way, and finally decided to switch to an ARM. I'm glad I did. I got an Acer Chromebook 13, popped in an SDCard and put Ubuntu on it. It has a Tegra K1, so a 2.2ghz* quad-core ARM (+ 1 low power core that the kernel automatically switches to when it's running 1 CPU at lower speed.), and the 192-core CUDA video card appears to be roughly comparable to a GT720 in terms of CUDA units and speed. Supposed 13 hour battery life -- I measured about 15 hours battery life in ChromeOS (I think it would have gotten over 20 under lighter usage), and in Ubuntu about 12-13 hours under lighter usage down to maybe 8 hours under heavy use (maxing out all 4 cores compiling or H.264 encoding some videos or the like.) It kills my previous Dell speed-wise (admittedly elderly, a Core Duo), is much lighter, nice keyboard, no fan and no noticeable heat production (under full load one spot on the bottom seems to warm up like 5 degrees), seems well put-together and surprisingly has pretty good speakers.

*I think it's supposed to be able to do 2.4ghz, but probably has the speed disabled for thermal reasons. Maybe? The CPU temp never seems to get particuarly high, so it may be for battery life or some other reason.

SATA/NAS Pi?

Re: putting SATA, dual ethernet, or the like on the Pi. Doable, and it's not some big problem with power budget; it's cost. SATA's not an expensive port, but when you're selling a device for $30 total it is. There're ARM boards with SATA (Allwinner A20-based boards for instance do have on-board SATA as opposed to a USB to SATA bridge that some devices have), more ethernet ports, and so on, but they just cost an extra $10 or $20.

Glad I don't use WIndows

"Today's move does mean you can expect to get a lot more technical support calls from friends and family who don't know what's going on"

I don't get excessive calls from friends and family, I've made it clear to them I do not recommend they run Windows and that I don't provide support for it. I will solve their problem if it's something easy, but I'm not going to spend hours fixing the litany of Windows-problems that simply do not appear on any other OS

Man reading about things like this makes me glad I'm not using Windows any more. I mean, Ubuntu will remind you when there's a new Ubuntu release but it has "remind me later" and "never remind me again" buttons, and this reminder can be totally disabled too (for anybody, not just business users.) It doesn't go around repeatedly trying to slip an OS upgrade in as a normal software update either.

A few comments

Three comments here --

1st, props to Mediacom. Nobody ever gives props to a cable co and it feels odd to do so. But the likes of Comcast are now encrypting ALL their cable channels (INCLUDING local OTA (over the air) channels that FCC regulations REQUIRE them to carry in the clear... when the FCC brought enforcement action against Comcast, Comcast took them to court instead of following the rules.) So you need a cable box to get ANYTHING. In contrast, Mediacom not only has OTA channels unecrypted, but SD copies of ALL the channels (except pay ones like HBO) in the clear. I can plug my cable straight into the USB TV tuner and mythtv handles it fine.

2nd -- honestly, I must agree 100% with what Sanders etc. say. It's predatory pricing to rent out these low-end set top boxes (that have about $5 worht of parts in them, so probably cost under $30 full retail) for $2-3 a month. The cable cos were SUPPOSED to be required by the FCC to support CableCard, so you'd stick that in your cable-ready TV and not need a box. But a) Some cable cos are straight-up violating the FCC rule by not having cable cards available or supported. b) The ones that "support" it, the customer tends to have to keep calling until they find someone who knows it even exits and knows how to set it up. c) Predatory pricing, some cable cos have it but charge more to rent the card than for a deluxe set top box. They can't comprehend that someone may want to use the controls on their own TV. d) I don't mention DVRs here, CableCard is useless for computers due to excessive rights restrictions requirements.

3) "They don't have rules that allow monopolies, they lack rules that prevent them." False. In the US, most market have a cable *franchise*, potential competition is LOCKED OUT of the market. Artificial monopoly due to regulation. I'm not saying deregulating is necessarily the solution but your argument is not based on facts.

4) Why party and state after names? US has 2 nearly-identical main political parties, (seriously, by UK standards one is nearly center center-right and the other nearly center center-left, to the point that they'd probably both be one centrist party there), but members of BOTH parties like to pretend *they* are totally different, and pretend whatever topic they are on that any problems are ALL the other parties fault. (For example, federal spending is greatly increased each and every year, but both parties claim they want to DECREASE spending -- pointing to programs they want to cut and ignoring the huge spending they want to spend on OTHER things -- and those deficits are ALL the other party's fault.) But since the parties are so similar, unless you recognize someone from an election you won't be able to tell which party they are a member of jut by hearing them talk, thus the little letter.

As for the kill switch

As for the kill switch itself -- it's tricky, because I absolutely object on principal to having a third party redirect my traffic. But, the botnet itself is already generating unauthorized traffic, it's not redirecting any traffic the user authorized anyway. But, since I don't use Windows, I don't have to worry about it 8-)

"How about ISPs blocking traffic to the bad IP addresses that control botnets? That would not involve anything remotely resembling a backdoor on people's computers."

I view the ISPs job as providing me internet access. If an ISP wants to do this, sure, but it is quite simply not the ISPs job to prevent Windows computers from infecting other Windows computers. And, for Windows, that ship has sailed regarding not having "anything remotely resembling a backdoor" on it, see the numerous complaints of Win10 users turning of the "phone home" stuff only to have it turn back on every time they get updates.

Ahh hypocrisy.

Ahh, the hypocrisy of Congress and the US'es main 2 political parties.

(Find out the pubic is being spied on): "Oh? You don't want the NSA spying on you? We're 'balancing' your rights. If you have nothing to hide than fwah-de-blah-blah..."

(Find out THEY are being spied on): " **WE** are being spied on? How dare they! This is completely unacceptable!!!"

Although up to this point the main 2 political parties have basically tripped over themselves to see who can take away privacy rights faster, maybe now that they realize THIS WILL AFFECT THEM TOO they will actually start to reign in this out-of-control spying and place some oversight over it to make sure the "reigning in" is not just ignored.

(The irony of this all being, this specific spying incident -- spying on diplomatic relations between various Congress-critters and Israeli counterparts -- that is actually the kind of thing the NSA is intended to spy on.)

True, but...

It's true that you cannot expect the same performance from a 4S as from a 6. But, there have been cases with Android devices where a port of (next version of Android, like 2.x to 4.x) was made to the device, they found in internal testing that performance was inadequate (usually because the device was a bit short on RAM), and the update not pushed out. If IOS9 had significantly higher system requirements, it should have been either held back for 4S, or.. well, honestly, I think all phones should permit flashing an older firmware on if you want to. Or if the 4S owners are lucky, ios9 is missing a few optimizations and it runs fast enough on 4S.

On the other hand, I haven't seen a first-hand comparison, so I guess my feelings on this depend on if this really makes the phone all laggy, or if it's just ever so slightly slower and there's much ado about (almost) nothing.

Slot machines?

Has anyone looked to see what slot machine vendors have to say about this? They worry about security (both for the obvious reasons, and regulatory framework that ironically requires slot machines to have much higher security than ATMs or electronic voting machines). I've seen one boot, it's pretty verbose.. the BIOS validated itself, the bootloader, and the package it booted. The bootloader validated the BIOS and packages (kernel and root filesystem). It booted into Linux, which validated the bootloader, the kernel and the executables. The executable appeared to run a self-check of some sort before the slot machine software came up.

Not that a setup like that would be viable for most systems, as I want to be able to actually add and remove software from my system. But, they may have something practical to say about (for example) being able to disable or restrict the ME, so people who are not interested in it's functionality are not exposed to the potential additional attack surface it represents.

Crypto from Linux

"My system is a linux/windows dual boot, with some of the drives accessible from both OSs. Presumably this would fail if the windows involved were win 10 (not that that is going to happen in the forseeable future). Come to that, would linux partitioning tools screw the drive so that windows could not read the data either?"

Can't speak for Windows in terms of being able to repartition (they love to use "magic" sectors, hidden files, and so on...)... but I think the principles are the same, see below.

I just got a Chromebook13 (Nvidia TK1, quad-core ARM + decent GPU) that I set up to dual boot Ubuntu (ChromeOS on the internal flash, Ubuntu on an SDCard). I accidentally repartitioned the flash first; whether it would have screwed up the encrypted "vault"s on there or not, I don't know (I doubt it); the ChromeOS automatically decided something was screwy with the partition it wiped itself back to factory defaults (and then when I re-expanded the partition back to full size it did it again.) I would GUESS (as long as you don't trash the NTFS filesystem) that Windows, including the cryptosystem, would not care a bit if it's partition size changed.

So, from Ubuntu, I mounted the largest volume on the flash drive and looked around. I went to the /home/chronos and it's empty, /home/user/ and it's got an empty directory with 40 character (0-9, a-f)... I found there's a /home/.shadow/ directory with same 40 character (0-9,a-f) directory in it (so you can't even get user names), under that under vault/user/ there are files and diectories all named like ECRYPTFS_FNEK_ENCRYPTED.(15 chars).(40 chars).(40 chars) (these are not hex, it's (0-9, a-z, A-Z) ). So, if I wanted to snoop, not only encrypted file contents, no useable file names either. I assume it'd be similar with Win10...either useless file names and contents, or "best" case useable file names but unreadable contents.

For the record, I've looked into Chromebook key handling, and it's sensible; the disk crypto key is based on username, password, and TPM value (or a value from Scrypt library if you ha a non-TPM system.) This key is not stored or sent out anywhere! When you log in, the Google account password is not sent to Google, rather a hash value is sent. If you use the Chromebook to change your account password, it updates the on-disk crypto to use the new key (I assume having to reencrypt everything?) If you change your account password elsewhere, then log into the Chromebook, it logs into Google, then realizes the disk crypto key doesn't work; it gives you a chance to put in the older password. If you can't, it wipes the encrypted data and starts fresh with the new password (hased with username + TPM data).

So yeah, accessing one of these Win10 accounts from Linux-side would fail. But it's not a Windows-specific fail, it's true with any encrypted disk system.

Detroit

"Having been to Detroit, you were wise to not go. Robocop is a documentary."

As if. I've heard it's better now, but when I went about 15 years ago to visit a friend... well, the actual city in Robocop looked quite in good shape compared to the reality. It looked like it had been nuked about 20 years in the past and left there. Buildings with all windows broken out, burned out, collapsed, and blocks of just grassland (had the buildings collapsed or did these use to be parking lots? I don't know.). Driving in on the interstate, the road (still supposedly 70MPH speed limit) suddenly became alarmingly potholed to the point that I almost hit my head on the roof, slowed down to about 40... still was shaking about as bad as that Klingon War bird when they slingshot it around the sun... I had to slow down to about 25MPH for the car to not threaten to fall apart. I looked out the window and found to my alarm that some of the concrete had worn down so much that I could see the rebar and see right through the bridge. The onramp nearest my friend's apartment had a "road closed" sign in front of a big pile of rubble, it had collapsed. On the other hand, I wasn't particularly worried about being mugged or anything, the whole area seemed largely depopulated (his apartment building had nothing within blocks of it, for instance.)

These mixups happen

I ran into problems with my local cable company until I cancelled internet service (I won't name names because a) they use the same billing software as several other cable cos. anyway, it's just an example of technical snafus gone wrong rather than malice and b) They don't have much competition in virtually any market they're in anyway).

I kept getting my cable internet service shut off for complaints (from whoever) about torrenting. They said I was should also be receiving notices in the mail but I did not. Long story short, I got shut off several more times while running absolutely no torrents, finally got a printed letter in the mail (with a handwritten address with 2 digits in my address swapped, crossed out by someone else and the correct address written on it.. probably why I never received the previous 2 notices.) This listed files, times and IP... the files were things like wrestling videos I would have never watched, and it was not my IP address (the IP doesn't change often but one of the logfiles logged the IP address when it did.) In fact the IP on the printout was for a different market.

I'm just saying, I'm not surprised to find there are problems when they suddenly start measuring data usage and assessing overage. 66GB when the cable modem's unplugged is pretty bad 8-)

elliptic curve

Per the link AC above points to, there are two vulnerabilities here. The ssh/telnet administrative access one (which sounds like some kind of programming blunder, but there's no actual info on it yet except that it exists and is being patched) and the VPN one. The link discusses the VPN change... the VPN uses an elliptic curve-based pseudo-random number generator, and the patch changes the constants fed into this PRNG to initialize it. So speculation would be that the former values were found to be exploitably weak. I'll leave it as an exercise to the reader to decide who would want to snoop into VPNs.

Just badly designed

"...But, in that case, the CCD being on and (presumably) constant transmitting of video signal only uses an extra 10% --- is that realistic?"

Yeah. Wifi chips are rather power-hungry, and the (I assume ARM) CPU is probably using some power. CMOS camera chips (it's probably not CCD) use in the order of 10s of miliwatts. W=V*A (watts = volts * amps) so this means under 10milliamp curent even if the Nest is 3 volt.

"What they actually mean to say, is that instead of powering off like you tell it to, it goes into standby mode."

Given the high power use, I doubt it's even going into a true standby mode (i.e. putting CPU or wifi chip into a lower-power but slower-to-respond mode.) Needless to say, I figure if you go to the trouble of turning something like this "off" it should get MUCH closer to "off" than this -- it's no problem if it takes a few seconds to get ready when turned on. (Satellite TV boxes get a pass on this to some extent, since they are potentially recording shows when "off"... but a device like this that should actually be doing nothing when "off" has no reason to use that much power.)

Bad actors

I would like to point out, the reason the feds (etc.) have so much trouble persuading people to give up their privacy, is because of how clearly the feds (etc.) have abused their powers. Seriously, if the feds (etc.) had at least tried to follow federal law and the Constitution (and British feds follow UK equivalent), for example by getting a warrant before they dove through data, and quit assuming people are stupid and can be "persuaded" with nonsensical spurious arguments, they may have had better luck. In other words, if they had earned the public's trust, instead of being bad actors violating it at every possible turn. Of course this doesn't change strong crypto with a backdoor in it being nonsense, but they wouldn't have such widespread encryption as now if the feds hadn't thoroughly abused their position.

They probably don't

"I wish Microsoft would understand that most people run Windows 10 on SSDs and having 16GB Spare is no mean feat. "

Probably most people still run Win10 on spinning rust. That said, it would be good to cut down the requirements for these things.

Open source?

"Couldn't they have offered to sell a perpetual licence to the font in question on a per website basis to all existing customers?"

I don't know if they could or not. I don't think they own the fonts, they are like a broker.

I wonder if Fontdeck has considered open sourcing their software? If they are losing money this won't help... but if they are making enough to keep the site up, but not enough to do the development they feel they need, they may find that people love the site enough to (given source code to work on) add the functionality for them. The typical risk of doing this is someone duplicating your product -- but in this case, the web site is not the main product, the vast collection of licensable fonts is.

Dear Hillary Clinton, and Clipper chip

Dear Hillary Clinton: The industry is not being difficult with you. Strong encryption with a backdoor simply doesn't exist. Encryption with a backdoor tacked on, mathematical analysis will make the backdoor apparent and all too soon this will become useless encryption that anyone who wants to can crack.

I'm voting Libertarian.

--------

Recall the Clipper chip. Introduced 1994 and off the market by 1996. One device (an encrypting telephone) used it. By the time that device even shipped, 2 flaws had been found in the chip that would let the chip encrypt without a recoverable key; it also relied on the algorithm being secret (the chip was a black box with a few commands for setting your key and such, plaintext going in and encrypted data coming out, or encrypted data in and plaintext out.)

So, you would not be able to use some special crypto chip for this like planned in the 1990s, since it needs to run on the existing installed base of phones etc. If the chip design had to be kept confidential, it could not be integrated into the main SoC that the phone or tablet uses, and it seems unlikely phone and tablet makers would want to have to purchase (and find room and power budget for) a single-purpose crypto chip. The Clipper chip was made at a special secure fab facility; it seems likely a chip would not be made on the most modern process (since they won't send it out to a regular fab company.) On-CPU AES acceleration lets modern CPUs encrypt at about 1GB/second or more. It seems to me on the server-side, a) Google, Microsoft, etc. would be quite resistant to being expected to order and install thousands of crypto chips and b) At the scale of Google and Microsoft, they end up pushing the limits of even 10gigabit switches, these chips better be pretty quick to not turn into a big bottleneck.

Doing it in software, you can't keep the algorithm secret. For the usual crypto libraries to support this new algorithm, they'll need specifications to implement an open source implementation. Oh, you're going to ship .o for various CPUs? You forget about the existence of debuggers, these guys and gals that analyze viruses for a living will have no problem turning a .o back into a description of the algorithm.

Probably a necessity

Probably a necessity. Linux, since there are POSIX standards to follow and so on, and old UNIX roots, in general info you know about a much older version of that distro applies to a newer one (and indeed other distros), and if you learned a newer one up and down you can apply a lot of that info to the older distro, it'll be missing some features compared to the newer one but similar enough for the newer distro knowledge to apply.

Windows, Windows 7 and Windows 10 really are quite different, you could learn Windows 10 up and down and find Windows 7 is different enough to have some real difficulties. I think there'll be demand for these Windows 7 training and tests for a while.

Should be used but isn't

I have the feeling this will not be used much. I mean, look at "obvious" use cases where it isn't.

, and the sole

Slot machines? They're very secure, and the sole device type I know of that most definitely does use whitelisting among other security. I've seen one boot (it's very verbose so, in theory, the casino owner could watch for irregular boot messages); the BIOS was mildly customized to check the bootloader for tampering before loading and running it; the bootloader checked the BIOS and the stage 2 loader for tampering; stage 2 checked the bootloader and Linux kernel and initramfs. The Linux kernel initramfs verified everything it ran was on some list, and the slot machine software was on that list. The slot machine software ran some further self-checks to check for tampering.

ATM machines? Obviously don't do this, or (even if it were running Windows) the ATM malware that Windows-based ATMs seem to get again and again would not be able to run. Those crappy electronic voting machines they had a few years ago? Nothing. Signage computers? Nothing. Those PC-style cash registers typically net-boot, but then aren't actually prevented from running other software. Various PLC systems, and other single-use systems, you've read about them on El Reg every now and again getting waves of viruses over them -- which is partly on Windows just running things just because, but also indicates they don't use a whitelist either.

I'm just saying, if a vendor of a single-purpose device (that uses a PC) can't bring themselves to use a whitelist, I doubt this'll be used widely, even though it's a good idea.

wifi devices shouldn't be equipped to step off LTE-U

""Wi-Fi devices aren't equipped to recognize the presence of an LTE-U device and don't know that they should only transmit when the LTE-U device has scheduled itself to remain silent," the EFF said."

Good. I'd be interested in an LTE-U "access point", I suspect LTE's access control and scheduling characteristics will avoid collisions between clients and so allow much higher channel utilization than 802.11n or 802.11ac. But, I don't think that's what's happening. Barring that, if I had a "be nice to LTE-U" option in my access point, I'd turn it off.... carriers have plenty of licensed spectrum, they can damn well have their LTE-U hardware step off when wifi is active, rather than expecting wifi to step off for their LTE-U hardware.

I guess it's fine.

I guess it's fine then.

You must understand, it's rather extraordinary for these people negotiating TPP to have expected to be able to negotiate a totally secret agreement, then expect the various countries congresses/house of commons/parliaments to pass an agreement they have had almost no chance to look over. It really was almost expected that groups like Motion Picture Ass. of America, who have tried to ram through most objectionable laws but found public scrutiny made it difficult... to stick clauses into TPP -- and either hope nobody noticed them, or hope countries would not reject a 2000 page agreement over a few pages of garbage they rammed in.

But, it sounds like things like this may not have happened, it may have merely been representatives from all these countries trying to come up with a trade agreement.

OK I've decided

After reading John Savard's post that both cores using FPU only stalls one core when running AVX instructions, I think it's pretty clear that the AMD design can reasonably be said to have 2 cores per module.

Re: Replace technology drudgery by automated life-cycle convention

"Re: Replace technology drudgery by automated life-cycle convention. "

Not sensible. There are two big objections (that would scuttle this technique even if reliabilty were not a concern, which it most definitely is.)

1) Custom hardware. So, you get gcc to emit code for this CPU (and make sure it handles any corner cases properly). You still must support the various 1970s-era hardware on this probe. Does it use interrupts or polling? DMA? I/O ports? Some other mechanism? It's unlikely the existing code has seperation between the "OS", "drivers", and "application code", this is an embedded CPU running a dedicated task in a limited-RAM environment.

2) They have an existing, working code base, and are not looking to make radical changes or rewrite from scratch or anything, they're not looking to port other stuff to run on this CPU either. So, to port this to C, you'd have to have people knowledgable with assembly and (I guess) Fortran anyway, to decipher what the existing code does and write up a description of this behavior. They would then write a C implementation of this behavior. Then, they would cross their fingers that GCC's build of this code would still fit in the same RAM that just managed to hold the hand-written-assembly implementation.

So, is NASA *really* hiring or is this one of those "woe is me...." type articles? I'm in my early 30s, know assembly (x86, PDP-8, 6502) and Fortran (and have a "Fortran IV with WATFOR and WATFIV" book just sitting on the shelf), have no problem with working on older hardware, and have full respect for the Voyager I and II probes and what they have done. I did several reports through my educational years as Voyager II flew past Uranus and Neptune and even got to talk to Professor Gurnett (who was largely responsible for the Plasma Wave instrument on board the Voyagers).

What's going on.

"Right, the same way as you keep adding lanes to a motorway when it keeps getting jammed up at rush hour. And an extra lane whenever an ambulance needs to get through."

Not at all like this. For the most part, for their backbone they'll have exactly the same fiber and just put newer equipment on the ends of it.. voila, higher speeds. Same for the link to the customer (except it may be.. well, let's face it, almost certainly is.. cable or phone line or wireless instead of fiber.)

"The economics of scarce resources is pretty much the same on the Internet as anywhere else, which the NN lobby has consistently failed to understand."

You're failing to understand. The internet backbones are keeping up with demand; the Netflix of the world pay fully for what they use (they are not getting a freebie, they are paying for backhaul to various peering points and for the equipment and space there, just like everyone else.) The Deutsche Telekoms and Verizons of the world are charging their customers for use of their network, and for providing adequate internet connections... then wanting to double-dip and charge everyone else for what their own customers are already paying for. Pure greed.

The talking head from Deustsche Telekom is being particularly disingenuous because they are (I assume intentionally) conflating the use of CDNs (Content Distribution networks) -- legitimate -- with the greedy double-dipping scheme these certain ISPs want. The CDN provides a useful service -- by putting CDN servers within various ISPs networks (the CDN may or may not pay the ISP) and charging whoever's providing a service for use of the CDN (lets's say video streaming), it cuts the load on the video streaming service provider's servers, it cuts the amount of internet traffic this uses, and cust the internet traffic coming in through the ISP's "pipes". In contrast, the greedy double-dip scheme provides none of these benefits and tries to charge the video streaming provider for equipment and traffic they are already charging the ISP customer for.

Finally, I'd like to add, in a free market, this wouldn't be a problem. In the Netflix example, in those areas where Verizon is not an effective monopoly, Nextflix customers are ditching Verizon en-masse in favor of ISPs who do their job and ensure adequate internet connections instead of trying to greedily double-dip money from companies who have nothing to do with them.

"The EU just burned a very important bridge as they will come to understand very soon."

*rolls eyes*.

US likes to say they are the world's last superpower, but I just don't see it any more. I'm not seeing any important bridges being burned here.

"Balance"

First, regarding the comment from TFA about Congress "balancing" privacy and national security. Keep in mind any time ANYBODY in power says they want to "balance" your rights that means they are taking them away.

"Assume the NSA owns the judges and assume that they own anyone in power. "

Well, once factor here, the US effectively has a one-party system. Both main political parties favor a large, expensive government (while blaming the "other" party for overspending); both main political parties gave lip service about worrying about surveillance while tripping over each other to pass spying laws; both main political parties have had no problem "balancing" (i.e. taking away) people's civil rights. You've got this bizarre situation now where religious nut-jobs (who would have their own party in a functional multi-party system) and tea-partiers (who would have their own party in a functional multi-party system) and so-called "conservatives" (the traditional Republicans) all are trying to take over a single party. (Democrats seem to have avoided this problem, but honestly like it or not they're almost politically identical to the Republicans they claim to oppose so much.) The reason for this? The political polling system is totally broken, some people in the old-school media select people to put on the poll, and the polls have NO choice for "none of the above" (and a chance to specify a name). So 3rd-party candidates (or main-party candidates the media does not select) will NOT be on the polls. There've been cases the last 10 or 20 years where a candidate got 20% of the vote while not being on the polls at all! Again, the solution is as simple as requiring a "somebody else" choice on polls.. so if no-one else gets significant polling it might just end up being "1% other" but if the poll-creators miss some viable candidate they'll show up on the poll anyway (and maybe they'll be added to later polls as a direct choice.)

Interesting

First, shame on vmware for trying "you don't have a copyright interest" argument. If you manage to build a kernel with zero of his contributions, then maybe this argument has merit; but you haven't, you are using his copyrighted work, straight up.

As for license violation? Tricky. The typical "GPL case in Germany" has been companies using GPL'ed software while TOTALLY ignoring the GPL (no acknowedgment of GPL software, no source code for modified software, no link to kernel.org or wherever for unmodified software.)

This isn't that clear cut - in this case, there's a proprietary "VMKernel" that is not Linux-derived and is closed-source.. this does all the virtualization, and has some drivers available for it (but nowhere near as many as Linux supports). This VMKernel can load "vmklinux", which is a full (well, stripped down) Linux kernel, used to load Linux driver modules (for disk and network I assume), and there's a few VMWare support modules that this loads to pass data between vmklinux and VMKernel.

VMWare has full source up for vmklinux and (I think) the support modules. But the argument being made is that VMKernel and vmklinux are basicaly tied together into a single product.

Personally, I can see why people are unhappy about it, but I do think VMWare's design successfully keeps the VMKernel and vmklinux seperate, with a shim layer in between. The fact that vmklinux is ONLY useful with VMKernel/ESXi is immaterial, plenty of Linux kernel ports are single-purpose. BUT, it is kind of pushing it so I can see how it could be argued the other way too.

Specifications

I don't see 802.11ah being built into access points (the same ones that provide 2.4/5ghz.) I thought "Hey, nice, an extended range 802.11n". Well, no. This will typically use a 1mhz channel with peak data rate of ~4mbps (and designed to provide 100kbps minimum.) I figure it's in the same boat as Zigbee and Thread, perhaps one will dominate this market, perhaps the whole market will whither on the vine (I don't feel like getting an internet-conected doorbell 8-) or perhaps it will just stay all fragmented and incompatible.

It's possible it'll end up just staying fragmented and incompatible; if you look at "regular" wireless doorbells and thermometers, they do not follow any standards. There's no expectation of mixing a doorbell button with a different doorbell, or using a outdoor remote thermometer with a even a different model receiver from the same vendor.

I wouldn't be a bit surprised if you had a "totally IoT tricked out" house (without regard to compatibility) if you didn't need a zigbee network bridge, an 802.11ah bridge, and a Thread bridge (3 seperate receivers plugged into your switch.)

edit: With all that said, if future APs and clients started showing up with 802.11ah, I wouldn't complain. Getting a mbps or something is a lot better than being in a dead spot and getting zero. 8-)

8-)

Smug mode enabled.

DFS and radar

"That is a lot of FUD for devices whose 5hz signals can often be measured in meters."

It's not FUD, there's some shots online of 5ghz wifi interfering with weather radars. It can be received meters away using a tiny wifi-sized antenna... but weather radar uses a much larger antenna to try to detect reflections from up to 200 miles or so away.

"Debian Linux, as an example, defaulted to a minimal wireless config where the wireless was limited very limited channel wise until I specified my actual region. After I set my region, it opened the channels allowed by my country. To change that, would require me to actually go and edit the kernel source."

(Or change the regulatory region.) But still, point made, the aftermarket firmware can follow regulatory limits.

I actually know where the FCC is coming from here. Their response is 100% wrong, but the problem is there?

I have a Cisco E4200 with DD-WRT on it (among some other access points, but his is the only one with 5ghz support.) I set the regulatory domain to US and it removes channels 12, 13, and 14 on 2.4ghz. On 5ghz? If I take the channel off "auto" it lists like 20 or so channels, but about 12 of those are supposed to require DFS. The GUI gives no indication those channels are any different from the other channels.

My proposal to the FCC is

1) Scrap the signed firmware thing. It's a waste of time, the firmware signature system will be cracked anyway and it'l then be just as easy to put my own firmware on as it is now.

2) I assume most people are not intentionally breaking FCC regs, but the current GUI just gives no information whatsoever to determine if a setup follows FCC rules or not (it uses the installed regulatory DB to remove totally prohibited channels but doesn't seem to use the DFS, TPC, etc. info at all). If the DD-WRT so much as put a asterisk ("*") next to DFS channels, and a short explanation of what the asterisk means (in short, pick a different channel or use "auto"), most people would choose non-asterisk channels. If the user chooses a DFS channel anyway it can either give a firm warning or refuse to set to that channel. They can't "force" DD-WRT to do this (since they are based in Germany) but it's such an easy change I seriously doubt there'd be resistance.

Not on demand

Someone at HP doesn't know what "on demand" means. If it's integrated into the screen and can't be removed, it's not on demand since it cannot be "turned off".

Anyway... *yawn*. These have been around for decades, banks tend to use them. Why would I want to buy a computer with it built in when I can just buy the overlay from 3M if I wanted one?

"the cynic in me is thinking "Did people *really* call 911 on seeing someone driving drunk?"

In US, people are NOT cool with drunk driving. The drivers here are too poor when sober, there's too much traffic on the roads, to have some drunk bastard careening down the road. Even worse, screwing around with her cell phone while driving! Yes, I'm sure she was called in.

To be honest, I've had enough problems with people screwing around on their phones when the car is rolling down the road (I can't refer to this as "driving" because they are not driving, they are letting the car to go where it will while they stare at the phone...). Since she was holding the phone with one hand (instead of using some kind of mount), and frequently looking at it... if I'd seen this live video I'd have called her into the police even if she was stone-sober, for screwing with the phone while driving.

Chivo243, hehe... I found the designated decoy hilarious 8-)

I just posted to the FCC

I just posted my proposed solution to the FCC (along with commenting that DRM -- Digital Rights Restrictions -- do not work, and attempting to require vendors to lock down firmware on all new APs will just cuase a time-wasting "arms race" between vendors and end users.) This isn't an exact quote of it but is essentially what I sent them.

In short, the problem -- I have a Cisco E4200 with DD-WRT. It allows to set regulatory domain to "US", and this removes 2.4ghz channels 12, 13, and 14, but the rest of the regulatory info is apparently not used.. But, in 5ghz, I can set the channel away from "auto" and it shows like 20 channels... but about 12 of those are supposed to require DFS (dynamic frequency selection, i.e. they should require channel to be on auto.)

Solution -- most people are not intentionally using improper channels, they are using improper channels because the GUI gives NO indication that a bunch of those 5ghz channels are not free for any and all usage. Make it so the GUI shows an asterisk ("*") or something next to DFS channels. If the user selects a DFS channel anyway, the firmware can either give them a stern warning or refuse to set that channel. The FCC can't put much pressure on DD-WRT to do this (since they are based in Germany) but I can't imagine DD-WRT or Tomato makers not being willing to take a relatively easy step like this.

I didn't need a special setup...

One of my old wifi cards (PCI), the sucker would lock up every so often.. with the transmitter jammed on. I don't know if it was transmitting the same packet or jibberish, or just whatever the equivalent of an empty carrier is for OFDM, but the whole network would drop dead until I powered off the computer (rebooting the computer would not reset the card.)

brogrammer?

" You attribute objection to sexism to "fat humorless women" because apparently objection to sexism comes from not being successful as a sex object..."

He was not objecting to people objecting to sexism. He was objecting to people that will take up any cause, real or imagined, and then rail on about it. (Admittedly in a rather sexist manner... I wouldn't say "fat humorless women", since I've seen thin humorless men do this too.) In some cases there's clear evidence that what they are on about is true, in other cases you'll hear them describe the problem, and it doesn't even resemble what you'd hear from virtually anyone else. People in the computing industry object to this description of it being so sexist because generally it's not.

I've never heard the term "brogrammer", but in the US "Bros" (when it doesn't mean "brothers") does mean guys hanging around doing guy stuff. I don't think ".bro" should offend anyone, but if someone does object, what the hell, calling it .br instead makes no difference to me.

Possible

"One possibility is that GCHC have dveloped a "reliable enough" automated technology for monitoring who leaves the embassy building,"

That's a possibility. Last I heard, with the kind of facial recognition available... it was like 99% accurate (that was looking straight at a camera), which sounds OK but does mean in a 50,000 seat stadium you'd have like 500 false positives; it's not really practical to look for a bunch of faces (or even once face) over a bunch of cameras.

But looking for a single person leaving a building is a much narrower problem, it would be practical (if there's a camera in the area) to have an alert sent to the police station if he steps out.