* Posts by Jon 37

336 posts • joined 28 Nov 2009

Page:

Mind your language: Microsoft set to swing the axe on 27 languages in iOS Outlook

Jon 37

Re: Apple is going to write off all ...

No, it sounds like Microsoft has taken an "all or nothing" approach. In future either a language will be fully supported across all the Microsoft Office apps, or the language won't be supported anywhere. These languages were supported by Outlook but not all the rest, and Microsoft decided to drop support rather than translating Word / Excel / Powerpoint / etc into those languages.

I expect that translating Word / Excel / Powerpoint / etc, and keeping those translations up to date, would cost a big chunk of time and money. Microsoft obviously believes that dropping these languages is better for the bottom line than doing those translations.

Linux desktop org GNOME Foundation settles lawsuit with patent troll

Jon 37

Re: I hope it's a good result

Paying sets a precedent. If that's your policy, anyone can threaten you with a patent lawsuit that they stand no chance of winning, and then offer you a settlement that's less than the cost of litigation.

Apparently the cost of litigating a patent lawsuit is in the region of $1m+, hence the trolls in this case asked for a 5-figure sum to go away.

If your policy is to pay, that will be very expensive as lots of trolls line up to take your money.

If your policy is to fight, get the patent invalidated, and get costs and damages from the troll, and if you have the resources to be able to follow through, then most trolls will run away rather than be destroyed. As happened in this case.

Micros~1? ClippyZilla? BSOD Bob? There can be only one winner. Or maybe two

Jon 37

Re: In keeping

Too vague - could be MS, Google, Facebook, ....

Facebook to surround all of Africa in optical fibre and tinfoil

Jon 37

Re: someone explaining

Power is sent over large distances across the cables. You just have one power wire in the cable, and the amplifiers are wired in series. So for a US-UK fibre, the landing station in the UK might generate +1000V DC, with the 0V line from the power supply connected to the ground. Then the landing station in the US generates -1000V DC, with the 0V line from the power supply connected to the ground. This gives 2000V (less the ground return losses) across the cable, which has to cover all the losses in the cable and power all the repeaters. (I forget the exact voltage I read about, but I think I got the number of digits correct).

Also, modern amplifiers don't use light->electricity->light conversion. They have fully optical amplifiers.

So they use electricity to power a laser, and that laser light goes into a magic box that works in ways I don't understand. The incoming signal goes into that magic box and the amplified (i.e. brighter) signal comes out.

The end really is nigh – for 32-bit Windows 10 on new PCs

Jon 37

Re: Probably just as well, given how much RAM it uses..

Windows 10 32-bit doesn't support more than 4GB of RAM, even with PAE.

Microsoft originally enabled PAE to support >4GB RAM on 32-bit desktop systems. (IIRC, this was back in the WinXP days). However, when people started using it, they discovered that many drivers crashed if there was >4GB RAM, because they were doing things like storing addresses in 32-bit variables etc. As a result, they issued a patch that limited all 32-bit desktop systems to ~3.5GB RAM. Although PAE might be enabled to support other features like NX, any RAM that would not fit into the normal 4GB address space would be ignored.

32-bit Windows Server systems could have >4GB RAM using PAE. Microsoft figured that the companies that make server hardware are the sort of companies that would fix their drivers to support PAE. The companies that make consumer hardware are often not that kind of company.

See:

https://docs.microsoft.com/en-us/windows/win32/memory/memory-limits-for-windows-releases

"X86 client versions of Windows don’t support physical memory above the 4GB mark"

Also see a long, technical explanation written at the time by someone who thought MS should have enabled PAE even though it caused crashes. (I respectfully disagree with his opinions - I think MS did the right thing - but I greatly respect his technical investigations and his thorough documentation of this issue):

https://www.geoffchappell.com/notes/windows/license/memory.htm

Move fast and break stuff, Windows Terminal style: Final update before release will nix your carefully crafted settings

Jon 37

Re: Really!?

There is a finite amount of programmer effort assigned to the Terminal project. Do you want some of that effort:

A) Spent writing fancy settings-update code so that all the old settings get upgraded automatically, in a clearly labelled pre-release version where people using it have been warned there may be breakage, OR

B) Spent actually implementing new features or fixing bugs?

Most people would say B.

(And for the record, it's *not* fixable in the install script, because Windows is multi-user and networked. So you have to cope with a program being installed while user X is logged into a completely different PC, then later user X logs in and his/her user profile is copied from the fileserver to the local PC, then user X runs the new version of Terminal. So the settings upgrade code would have to be part of the Terminal application, and run as one of the first things the Terminal application does when you launch it).

Cisco UCS servers slugged by 'This SSD will self-destruct in 40,000 hours' firmware farrago

Jon 37

Re: Just wondering......

If it gets sent back under warranty, because it broke, it's useful to know how much it's been used. Taking that information, and aggregating across many drives, can give you useful information about why drives are failing. (For example, if you discover SSDs don't normally fail before X TB written or Y years, then you should be increasing or reducing your warranty cover to those thresholds).

Similarly, that information may be exposed via SMART monitoring, which allows the owner to monitor how much their drive has been used and arrange for it to be replaced at an appropriate time.

All hard drives and SSDs have a small processor in them, and all processors have some kind of timer that can be used to increment a field once per second, so there's no extra hardware for this.

Cloudflare outage caused by techie pulling out the wrong cables

Jon 37

Re: These comments are enlightening

Cable labels may not have prevented the mistake, but they may have made it faster to recover once the mistake had been recognised.

Also, note that their "redundant" fibre wasn't diversely routed, since it all went through one patch panel... the redundant pairs should have been kept as far apart from each other as possible.

Jon 37

Re: Cables with labels on

The problem here is they unplugged all the cables. So knowing what a port is for, doesn't help you know which of the 48 cables you have hanging there should go into that port. You need labels on the cable too!

(Preferably a unique number per cable, with the same unique number at both ends of the cable. Then your documentation can tell you what ports that cable number is supposed to be plugged in to).

NASA reveals the new wavy Martian wheels it thinks can crush the red planet

Jon 37

When building payloads, mass reduction is really important. You have to get the thing as light as possible. This means you can't over-engineer things - for example the ladder on the side of the lunar lander was only going to be used on the moon, which has less gravity than earth, so they made the ladder too weak to be used in Earth gravity, but strong enough to be used on the moon. Bearing that in mind, there are a lot of differences between the missions:

* The lunar rover had to carry a couple of astronauts in EVA suits; that's a lot of weight. I believe the current mars rovers are lighter, so they can use weaker, lighter wheels.

* The lunar rover only had to last for a week or so of use; the mars rovers have to last years of constant use.

* The lunar rover drove on the moon; the mars rovers drive on Mars which has a different rock composition.

* The lunar rover was built many years ago; more modern materials are available now, and design tools (especially computer simulation) have advanced a lot, so modern designs can have less mass.

* The mars rovers are 6-wheel, and are designed to drive even if one wheel siezes up, to allow the mission to continue even if a motor fails. The lunar rover was 4-wheel.

NASA mulls restoring Saturn V to service as SLS delays and costs mount

Jon 37
Joke

Re: Sensible idea

Besides, I'm sure he'd say "I'm the best astronaut, I don't need a space suit. I'm going to play the best game of space golf ever! Then I'm going to set up a hotel there, it will be the best space golf hotel."

Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'

Jon 37

Re: vital?

LGBT+ people have a higher suicide rate. Getting support from people who've been there, can help. So LGBT+ support & information sites, including LGBT+ news and community sites, can save lives. It lets people know that they're not alone. That's "vital".

Jon 37

Cloudflare won't say what "adult content" is

No, it's not advertised as a porn block (at least on their website). It's advertised to block "adult content", you assumed that meant porn. However, everyone has different ideas of what is "adult content", and it's really a spectrum anyway - you don't want your 5 year old watching a 15-rated movie by accident, but you'd probably have no problem with your 15 or 16 year old watching it.

The fundamental problem is that Cloudflare haven't documented what they consider to be "adult content" (at least not anywhere I could find). They need to come up with a formal policy of what it takes to be "adult content", publish that, and have a way to report problems.

Similarly, they need a definition of "malware". A web site using drive-by attacks to infect you just by looking at it is clearly malware. Unless it is a documented Proof-of-Concept as part of disclosing or discussing or testing for a vulnerability, and the payload is harmless. But tools like the VNC remote desktop tool have been classed as "malware" in the past, just because a lot of malware uses them and they're a small open source project that can be ignored when they complain about being misclassified.

They also need to clarify in those policies what happens if a domain contains *some* "adult content", e.g. if a news site publishes one risqué image does the whole domain get blocked? What about chat sites like Reddit, that has a lot of forums that would be interesting to children (e.g. computer game discussions), but also has a lot of explicit adult forums?

If they publish their policies, parents can make an informed choice whether to use them or not.

Whoa, someone actually texted you in 2020? Oh, nvm, it's just Boris Johnson, telling you to stay the f**k at home

Jon 37

Re: Spam spam spam spam

> WTF is "Protect the NHS" even supposed to mean?

The big concern is if COVID-19 patients overwhelm the NHS. Then it's not just the COVID-19 patients who will die: The people with medical emergencies and chronic conditions, who would normally be saved by the NHS, will die, because the NHS won't have enough resources to cater to them.

You might have heard the phrase "flattening the curve"; that basically means "if a million people get sick with COVID-19, and it's spread out over a long enough period, we can cope, but if a million people get sick at the same time then we're utterly screwed and healthcare will collapse, so we need to slow down the rate the virus is spreading even if the same number of people get sick in total."

So by taking measures to reduce the rate that SARS-CoV-2 is spreading, you help reduce the risk that the NHS collapses.

(A note on the names: SARS-CoV-2 is the coronavirus that causes the disease COVID-19, in the same way that HIV is the virus that causes AIDS).

Your Agile-built IT platform was 'terrible', Co-Op Insurance chief complained to High Court

Jon 37

Re: Agile?

See:

https://www.halfarsedagilemanifesto.org/

Google reveals the wheels almost literally fell off one of its cloudy server racks

Jon 37

Re: What were they thinking?

Leaving them loose means they're going to fall over and/or walk across the floor during an earthquake, with cables breaking. They might fall on a passing worker.

Bolting them in place means they're going to move with the building during an earthquake. That's probably not great for hard disks, but the rest of the parts can probably survive that. Passing workers are safe.

Fitting shock absorbers to each rack would be very expensive. It would make it easier for parts such as HDDs to survive. Passing workers are safe so long as the aisles are wide enough that they're not hit by rocking racks, although there is an amputation risk if a worker has their hand between two racks. Avoiding that risk probably requires drastically reducing the rack density, so there are large gaps between adjacent racks, then filling that gap with a flexible plastic sheet to allow hot-aisle/cold-aisle separation.

The cost of bolting down can be easily justified; the cost of shock absorbers can't.

At Google scale, losing a datacenter due to an earthquake isn't a big deal. And having to fit a lot of new HDDs in a datacenter is a risk worth taking when compared to the cost of shock-mounting the servers.

Microsoft nukes 9 million-strong Necurs botnet after unpicking domain name-generating algorithm

Jon 37

Re: MS at least try to be the good guys every now and then

> "safe surfing" works, even on unpatched windows systems

Sadly not true. Any site that serves ads may also be serving you malware that will get installed automatically unless you have a patched system. An ad blocker helps a lot, and is an essential security tool nowadays, but is not perfect.

https://en.wikipedia.org/wiki/Malvertising#History

Amazon launches itself into retail IT with 'all the necessary technologies'. Not saying which, but you know...

Jon 37

Re: Pickpockets paradise

> Something else that was not tested in the review is a family shopping trip: What happens when a parent signs in and a child picks stuff up?

There was a picture of the instructions in the article. You can let other people in, such as your children. But you have a shared "virtual shopping cart". So if you let them in, then if they pick stuff up and it isn't put back, you will pay for those items.

Jon 37

Re: Shops are required to accept cash

Here's an article from last year about various US jurisdictions that require shops to take cash:

https://www.latimes.com/local/lanow/la-me-san-francisco-cashless-businesses-20190507-story.html

There was also a suggestion that the UK should have similar laws, but I'm not aware of any politicians taking that seriously yet. See the last line of:

https://www.bbc.co.uk/news/business-47456698

The issue is that many poor or technology-illiterate people don't have credit or debit cards, they only use cash, so if all shops become card-only that will be a problem for those people. That will need to be addressed somehow in the coming years - either we let all those people starve because they can't buy food any more (morally unacceptable and probably politically unacceptable), or we ensure they get cards and training on how to use them, or we require some or all shops to accept cash.

Want to own a bit of Concorde? Got £750k burning a hole in your pocket? We have just the thing

Jon 37

Re: WTF does British Airways have a say in anything ?

It's BA's way of saying "we haven't maintained this the way we would a flight engine, so we don't think it's airworthy", and also "if you try to use it for flight anyway, and it breaks, don't sue us".

HMRC claims victory in another IR35 dispute to sting Nationwide contractor for nearly £75k in back taxes

Jon 37

Re: Rigged definition of an employee

Nope, the law says you can be an employee for tax purposes under IR35, while being a contractor for every other purpose (holidays, benefits, etc).

Surprise! Plans for a Brexit version of the EU's Galileo have been delayed

Jon 37

Yes, many of the services are compatible, so if you can see enough GPS + Galileo satellites you can treat them as basically the same.

There are other options too:

EGNOS is free to use. It's provided by the EU, and consists of some ground stations and a geostationary satellite. The ground stations measure the error in GPS and the satellite broadcasts a radio signal containing that information. Suitable GPS+EGNOS receivers can receive the EGNOS signal and use it to correct the GPS so it is accurate to within 1.5m, as well as being immediately alerted if a GPS satellite is broadcasting a wrong signal. Aircraft can use EGNOS-enhanced GPS when landing, to precisely fly to the start of the runway.

There's also "differential GPS", where you set up a fixed GPS receiver and send the data from that to your mobile GPS receiver. So long as the two are close enough, you can get incredibly precise positions. (Centimeters). Amongst other things it's used by farmers to automatically drive their tractors, so when planting or spraying or harvesting, each piece of the field gets covered exactly once - no overlap or missed bit.

Broadband providers can now flog Openreach's new IP voice network in bid to ditch UK's copper phone lines by 2025

Jon 37

2025 is utter nonsense. This is going to require a public education campaign equivalent to the TV Digital Switch Over (DSO). For DSO, people had the ability to voluntarily switch for several years, then Digital became standard in all new TVs, then several years after that they did the switchover with a massive amount of publicity and help for the people that hadn't switched yet (primarily older people).

Bearing in mind that they're only just starting to offer a no-PSTN option, and I'm not aware of any suppliers that offer it yet, they're many years away. They need to make this the standard for almost all new installs before they try to get people to switch.

Perhaps 2030 might be achievable, with hard work.

Jon 37

The best you can do on the audio part of the line is ~50kbit/s. (The best modems were "56K", but they almost never actually got to 56kbit/s).

A 50kbit/s improvement is going to make no noticeable difference on a 40Mbit VDSL (FTTC) line, or even on a 3Mbit ADSL line. It's not worth the huge expense of changing things to get it. Better to put that money into more FTTP or even FTTC rollout.

Boeing didn't run end-to-end test on Calamity Capsule, DSCOVR up and running, and NASA buys a Falcon Heavy

Jon 37
Mushroom

It's tradition

I see Boeing are following the traditions blazed by NASA, and treating manned spaceflight just as carelessly as NASA treated Space Shuttles Challenger and Columbia.

Auf wiedersehen, pet: UK Deutsche Bank contractors plan to leave rather than take 25% pay cut for IR35 – report

Jon 37

Re: Alternatively

> the fact that you can't get an appointment with a consultant on the NHS, but can pay privately to see the same consultant within 2 weeks indicates that there is a clear bias to work privately and not for the NHS

That's not how it works.

The NHS has waiting lists. You start at the back, it's first-come first-served. There is some prioritising based on need, but even those with great need still have to wait.

The reason people pay is to avoid those waiting lists. A private consultant with a huge wait isn't going to get any new business, the customers will go to a different consultant. So private waiting lists will naturally tend to be smaller than NHS.

The way to reduce the waiting lists is to increase or reallocate the NHS budget to pay for more NHS staff.

EU tells UK: Cut the BS, sign here, and you can have access to Galileo sat's secure service

Jon 37

Re: Were we not told...

I suspect the EU would also like a free trade deal, so it can continue selling to us. But only if that deal includes the UK continuing with EU standards on everything, and the UK has ruled that out.

The EU is not going to allow us tariff-free access if we're going to trash worker or environmental protection to make our products cheaper, or if we're going to provide state aid to certain companies so they can undercut the EU market prices. They (quite reasonably) want to have tariffs that at least compensate for those factors.

Xerox names the 11 directors it hopes will oust most of HP's board and put $33bn hostile takeover to shareholders

Jon 37

Re: Interesting list

None of that matters. This board is supposed to rubber-stamp the Xerox takeover of HP, get huge bonuses and then be made redundant, leaving the running of HP up to Xerox and Xerox's existing board.

So the important qualities are: willingness to vote for the Xerox deal, and experience of takeovers.

Since they're not going to be running HP for any significant time, PC experience is irrelevant.

Ex-Autonomy CFO Sushovan Hussain's part in the accounting badness was 'wildly overblown'

Jon 37

Re: Its not over until its over...

They're not getting their $5B back. The senior people in HP who grossly overpaid for Autonomy want to claim that's someone else's fault, and they were blameless. So they're attacking Autonomy's old management every way they can, claiming that Autonomy lied about how well they were doing, and that's why HP overpaid. That includes both civil and criminal charges. They just need to get something to stick - and preferably a lot of things.

For HP this is purely a blame game. For Autonomy's old management this is a legal nightmare.

We’ve had enough of your beach-blocking shenanigans, California tells stubborn Sun co-founder: Kiss our lawsuit

Jon 37

Re: I am rather surprised

The question is though, "is it a public path". It was never officially designated a public path, but people have been using it for years.

His argument is that previous owners have made a business decision to allow access to the beach over their private property, so they could make money from parking, beach shop, ice creams, etc. However it's private property and the new owner can decide to block access. The state continues to own the beach, and people can access it by sea.

The state's argument seems to be that there's always been free access there so surely that must continue.

Personally, from what I've read I think he's in the right; I believe the courts have twisted the law to try to come up with the answer that's "best for the public", and to cover for the fact that the state has screwed up. If the state wants access, it can use Eminent Domain to buy the land from him at a reasonable price. However, a "reasonable price" will be quite a lot - he's built a mansion with a mostly-private beach, having loads of people using the beach will significantly devalue the mansion, and according to the Eminent Domain rules the state has to pay compensation for that as well as the price of the land. If the state had chosen to buy the land earlier, before the mansion was built, it wouldn't have had to pay so much. That's the difference between the $380,000 that the land has been valued at (which excludes the devaluation of the mansion) and the $10m that his lawyers offered to sell for.

(And now I get to be downvoted to oblivion for having an unpopular opinion...)

$13m+ Swiss Army Knife of blenders biz collapses to fury of 20,000 unfulfilled punters

Jon 37

Re: Book projects generally work out

A book author that wants money to live on while writing, doesn't need all that money up front. So they don't need a Kickstarter. Patreon allows authors to write ebooks, post at least a chapter each month, and their readers each pay a small amount each chapter (with a per-month cap). If they don't post they don't get paid; if quality goes down too much then people will stop subscribing.

That way, the risk to the readers is much much lower - they're paying for results, not for the promise of results.

When the book is written, the author can give a complete electronic copy to their Patreon supporters, and/or publish the ebook, and/or do print-on-demand. If they want to, that's the time the author could do a Kickstarter for a bigger print run which is cheaper per book than print-on-demand.

Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5

Jon 37

Re: Prior Art

That's not how copyright works.

Copyright is all about copying code (or music or ...). Copyright doesn't cover *ideas*. (Although the US courts have ruled that copyright can cover a single chord, or a big set of function prototypes).

So the fact that there are previous webservers that may have provided inspiration, or the APIs that solve the same problems as previous webservers may be similar just because they solve the same problem, is irrelevant. There's no allegation that any *code* was copied from the previous webservers.

Why is the printer spouting nonsense... and who on earth tried to wire this plug?

Jon 37

Re: DIY Electricians

First, your appliances will work just fine if you swap Live/Neutral. However, your fuses (or circuit breakers) and switches won't be as effective, so you will be unsafe. Long explanation:

The Neutral and Earth wires are connected together somewhere. In the UK, this is often at the connection point where the wire to your house ends, just before your electricity meter. In that case the electricity supplier will have lots of places where their combined neutral/earth wire is connected to metal rods in the ground.

So, if you accidentally touch the Live wire in your home, the power will flow from the electricity supplier's Live wire, through you, through the ground, through those metal rods, and back through the electricity supplier's Neutral wire. There will be a fuse in your fusebox and/or in the plug, on the Live wire, which will blow, stopping the current, and limiting the electric shock you get (although it can still kill you).

If you have Live/Neutral reversed at the fusebox, then the fuses are effectively on the Neutral wire. So when you touch the wire that is labelled Neutral, but is actually Live, the fuses won't help you. The power will stay on and you may keep frying.

In the case of a short-circuit that's just Live-Earth, not going through a human: The fuses are designed to protect against wires melting and things catching on fire, but they won't do that if they're in the Neutral wire. This may cause your house to burn down.

Also, if you turn a light off to change the bulb, or pull a fuse to do electrical work on a circuit, then you're safe - that turns off the Live wire, and if you accidentally touch the Neutral it won't matter. If you have Live/Neutral reversed at the fusebox, then the switch is effectively on the Neutral wire and if you touch Live then it may kill you.

No box shifting, no Buck Rogers. Bezos-backed Blue Origin blasts off once again

Jon 37

They're still building capability. You don't go from nothing straight to a reusable human-rated orbital space launch system. You get there in steps, proving each step before moving to the next.

SpaceX started with many small expendable orbital rocket launches, and also briefly had a small reusable non-orbital platform for testing their landings. Their rockets gradually got bigger, then they introduced reusability - with many early failures. Now they have a reusable space launch system and are working on larger ones and human-rating.

NASA's efforts started off as the Nazi Germany missile program, they gradually built bigger and bigger rockets, then bigger and bigger human-rated rockets, culminating in the Moon missions, and then built the semi-reusable human-rated shuttle. (Note: This was a long time ago, their idea of human-rated does not match our current definition, partly because we've learned from the accidents they had).

Blue Origin are taking a different approach, which is probably cheaper. They started out with a small reusable rocket, and are gradually building larger and larger reusable rockets, with a goal of getting to orbit with their next one. They are also considering human-rating for their rockets. They haven't had as much funding as SpaceX, so their growth has been much slower.

Apple completes $1bn amputation of Intel's 5G modem biz, Chipzilla out of mobiles for good

Jon 37

Re: 5G Futures

Apple believes in vertical integration.

They design their own CPUs, now they probably want to design their own modems too. In the distant future, they can integrate the CPU and modem onto the same chip, or perhaps just the same multi-chip-package, to make their phones a tiny bit smaller, lighter and cheaper to manufacture.

They have plenty of money to throw at R&D, so they'll get it working eventually.

Intel's back. Can't keep it down. Back with 5G. Back in the game, back with modems... that have 'MediaTek' written on them

Jon 37

Re: Huawei = evil, MediaTek = acceptable

MediaTek = Taiwan, Huawei = China.

Taiwan are US allies, and have similar values to the rest of the "western" world. China:

* are engaged in a trade war with the US

* have very little respect for Western copyright, patents or secrets - especially in their huge domestic market (over time they've gotten better at respecting those in their exports).

* are trying to improve their military capability to allow them to defend against US forces in the region

* have been regularly accused of stealing US military technology

* claim that Taiwan belongs to them, but can't invade Taiwan because there's a big US navy presence there.

* regularly complain because the US regularly sends its warships through the South China Sea, which China claims belongs to China and the US claims is international waters

* regularly complain because the US regularly sends spy planes to fly just outside China's borders, to gather intelligence. These are occasionally harassed by Chinese fighters.

Hence, for the US (and the UK, as US allies), there's a huge difference between the two countries.

Dead or alive, you're camming with me, says RoboPup: Bomb squad hires Boston Dynamics Spot to snoop on suspects, packages

Jon 37

Nah. Boston Dynamics have had a distinct lack of commercial success - they have neat technology but no-one buying it in significant quantities. So they are keen to sell their robots. So a successful trial with a bomb disposal squad would be great for Boston Dynamics, it opens up that market. Even a not-great trial, with good feedback provided so Boston Dynamics can make fixes and changes, would be good for them.

So it's possible the bomb squad got a good discount.

Cambridge boffins and Google unveil open-source OpenTitan chip – because you never know who you can trust

Jon 37

Re: Applications could include...

Google's application for this is to ensure that their servers are running the software they want them to run, not malware written by state-level attackers. This is a very good thing.

Google open-sourcing it will allow other cloud vendors to use it, which is a good thing. Note that the other cloud vendors will each have their own root of trust for their own servers.

It may also allow companies to use it. Although companies are likely to blindly trust their server manufacturer's root of trust used to sign the firmware from their server manufacturer, and the OS vendor's certificate used to sign the OS image from their OS vendor (MS, Red Hat, Ubuntu, etc), it still provides a much better level of assurance than they had before. This is a good thing.

This chip is unlikely to be used in many consumer devices. Because it's there to protect attacks against the motherboard firmware, and on a locked-down device it's awkward enough to change the firmware that it's not worth worrying about. Unless the attacker knows of a bug, changing the firmware requires connecting wires to the flash chip on the PCB, which is beyond the abilities of most people. The OpenTitan chip would provide protection against state-level attackers who have discovered suitable bugs, and want to write their malware to the firmware. However, it's an extra chip and more PCB space, which has a cost, and consumer device and IoT manufacturers will not want to pay extra for security.

Jon 37

Re: I don't know

"Secure boot", where end users can choose the CA they trust, is a really good idea that improves security against boot-time rootkits.

"Secure boot", where the hardware manufacturer chooses to only trust the Microsoft CA, and users can't add other CAs, is a really bad idea that locks in a Microsoft monopoly.

The thing to worry about is "who chooses which CAs to trust", not secure boot itself. And since this particular project is open-source, I don't think that's going to be a problem.

Boffins blow hot and cold over li-ion battery that can cut leccy car recharging to '10 mins'

Jon 37

Re: Charge or just swap the batteries?

Calor gas cylinders are standardised shapes. Car batteries can be made into weird shapes to fit perfectly in the space the car designer has available, but that makes them different for each car.

A standardised, changeable battery is certainly possible, but would require compromises from the car manufacturers.

And robot battery-changers are certainly possible, Tesla has a video of a carefully stage-managed demo of one, changing the battery in a modified version of one of their cars. The video is probably on YouTube somewhere. You can see the weird battery shape in the video. While an interesting demo, AFAIK Tesla haven't announced any plans to take the idea any further.

We're late and we're unreliable but we won't invalidate your warranty: We're engineers!

Jon 37

Re: Steps for working with electricity in the home

No, that's dangerous. The right approach is:

Step 0: Turn on the light or plug a lamp into the socket you're changing, and check it comes on.

Step 0.5: Check your electrician's screwdriver works (light comes on when you touch it to something live).

Step 1: Turn off the power to that circuit.

Step 2: Check that the light actually went off.

Step 2.5: When you open a case, check with your electrician's screwdriver that nothing's live.

Step 3: As far as possible, treat the bloody wires as if they're live anyway as you're working

That way, problems such as "the neutral is missing" or "the bulb blew" get spotted at step 0, so you know there's no way to reliably check if power is off. And problems where "the breakers are labelled wrong" get spotted by step 2. If you have a combination of those errors, and you skipped step 0, you won't realise the power is still on.

Cisco sues lawyers on its own side – for bigger slice of capacitor price-fixing settlement pie

Jon 37

If you win in court, you will often be able to get the opposition to pay your attorney fees and costs. However, you have to submit their bill to the court, who will check it's reasonable. The other side can challenge it and maybe get a reduction.

In the case of an out-of-court settlement, neither side wants the hassle or risk of arguing about the bill in court. So they just agree an amount as part of the settlement - e.g. "I'll pay $10m to you and $1m to your lawyers". When the case gets reported in the news, those numbers are usually lumped together, e.g. "XYZ Corp pays $11m to settle lawsuit". And similarly, XYZ Corp's accounts will just record it as an $11m settlement.

Thanks-thanks to TalkTalk teen hacker: UK cops' first auction of ill-gotten Bitcoin nets £240k

Jon 37

Re: Auction ? Why not just convert to £ ?

1) Converting a large amount of currency at once on the open market could depress the price massively, if there are temporarily more sellers than buyers. Better to sell it privately and then allow the buyer to sell it on the open market at a slow steady rate. The buyer can take the risk of any price changes.

(Disclaimer: I'm not sure what volumes of Bitcoin are being traded each day, so I'm not sure if this counts as a "large amount").

2) The rules for disposing of seized property probably say it has to be an open auction. And that's mostly a good thing, it prevents defrauding the taxpayer by selling it cheap to a mate, and it protects the police against allegations that they've sold it cheap to a mate.

Class-action lawsuit claims DXC 'selectively timed' job cuts to inflate short-term profit target

Jon 37

Re: "Being made redundant"

It's part of UK law. It's hard to fire someone in the UK, unless:

* The role is redundant, i.e. you don't need someone to do that job any more

* Gross misconduct, e.g. stealing from the company

* Documented poor performance over a period of time, with warnings given

* You pay compensation for false dismissal of 1 year's pay.

You better get a wiggle on then: BT said to be mulling switching off UK's copper internets by 2027

Jon 37

Re: How many connections is that?

They're also planning on stopping offering analogue telephone lines. Everyone will have a data service to their home (whether that be FTTP, G.Fast, FTTC, or ADSL) and then people who have an old-fashioned phone will have a converter box to convert their old-fashioned phones into VOIP.

This saves BT money because it doesn't have to have all the head-end equipment for analog phone lines, and also simplifies things for them.

Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up

Jon 37

Contradictory document

The rules of engagement document says all pen testing had to be performed between 6AM to 6PM, in a way that suggests that Coalfire would want extra pay for working out of hours, and that would require a Change Order.

The same document, in the physical pen testing section, says that work will be performed in "afternoons or evenings". That's contradictory: 5:59pm isn't really "evening", it's more "afternoon".

I think the most reasonable way to read that document is that physical pen testing can be performed in afternoons and evenings, but Coalfire won't get extra money for working out of hours unless there's a Change Order. So I believe the pen testing was in scope.

However, it's clear that this isn't really a dispute between Coalfire and the state organization that hired them. It's a dispute between the state organization that authorized the break-in and the county organization that owns the building and arrested them.

What should really happen is the county should release the pen-testers since there was no intent to break the law - they genuinely believed they had permission. Then they county could try to arrest the state people who signed the contract for conspiracy to break-and-enter since they authorised the break-in (although we all know that won't happen).

Congratulations! You finally have the 10Mbps you're legally entitled to. Too bad that's obsolete

Jon 37

Re: Fibre

No.

What we should be doing is a gradual rollout of FTTP to all the rural places that can't get 40Mbit FTTC, and retiring all the rural copper (& other metal) phone wires. In cities and major towns, most people can get FTTC which is "good enough" right now. And whatever we do in the rural areas is going to be expensive, we should go straight to FTTP so we don't have to go back later with more expensive upgrades.

And if we have to pay BT for that, then we need to prevent them cherry-picking sites, perhaps by requiring 100% coverage of a county before each payment. (County boundaries are fairly arbitrary, but we know they weren't cherry-picked by BT).

We should also be requiring FTTP for all new housing estates.

Then in future, as 40Mbit becomes too slow, we can roll out FTTP more widely, ending with full FTTP coverage.

UK.gov's smart meter cost-benefit analysis for 2019 goes big on cost, easy on the benefits

Jon 37

Re: If "smart meters" are so good

In the long term, a smart meter will help you save energy by automatically turning off the power when there's not enough generation capacity available, and/or by allowing the electricity company to massively raise prices during peak times, which will cause you to turn everything off.

Because a lot of the UK's generation capacity is reaching end of life, and it's not being replaced with reliable capacity. So if the wind doesn't blow on a winter evening at peak times, expect blackouts.

Smart meters have a remote controlled switch that lets the blackouts be targeted at poor and middle-class people, without affecting the rich people.

Cu in Hell: Thousands internetless after copper thieves pinch 500m of cable in Cambridgeshire

Jon 37

Re: A simple (but costly) answer

That makes them much more expensive. They'd have to pay for expensive steel armour (OK, perhaps not expensive in short lengths, but we're talking ridiculously long total lengths here) and the extra weight would also increase the cost of transporting and installing the cable - you need bigger, more powerful equipment for a big roll of thick heavy cable, you can't fit as many in a van or lorry, and installation would take longer.

It's significantly cheaper to just fix the occasional break when it happens.

Besides, normal cable armour may protect against an accidental spade but isn't going to do much against the real accident risk - a JCB (or other digger). And someone who's deliberately trying to steal the cable will get bolt cutters if necessary to cut it.

If you're willing to pay extra for reliability, the right solution is to install two or more cables with diverse paths, so a break only takes out one of them. (Clearly Armenia wasn't prepared to pay for that).

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020