Posts by drtune

I have the US service

It works really well, given the constraints of hopping between Sprint and TMobile (not the leading carriers for coverage). It's very cheap and 'reasonable' deal by comparison with incumbents; plus 'free' international roaming is really a terrific deal. We pay $55 for two phones, very happy. Plus, Google phones actually get regular (and long-term) OS updates unlike yer average carrier Android device. Like.

Insane comment from Cisco

AWS ... go bust? Errr. right. Even if AWS wasn't backed by Amazon's e-commerce money machine it's still in its own right a very sophisticated, feature-rich, aggressively priced and extremely popular cloud environment - it's head and shoulders above the competition (and what is the competition anyway.. Azure, Google... err.. Rackspace? It drops off real quick after the first few). From where I sit Amazon practically own the cloud computing game already, and for some concrete reasons.

Cisco are just pissed because the major server farm players don't buy much of their stuff any more.

Don't understand how this is news

Surely VZW has been doing exactly this for many, many years? Even pre-Android they'd preload crap on there, and they surely charged the developer for it. No question the pre-installed non-deletable junk on VZW Android phones was put there because the developers paid Verizon to do it...

Remote code execution in Wifi driver!?

Oh man that's a tasty one...

It's absurd, I have no doubt that FB would dearly love to hire more women and black people simply to stop this criticism (although I'm sure it has tons of brown people - Indian workers), but they're not going to hire unqualified people just for that.

I don't think I've ever met anyone in tech who hired on the basis of gender or skin color - it's ENTIRELY about skills and "will they fit in and work hard".

It's hard enough to find good developers as it is, companies I know would never turn anyone good down even if they had three heads and purple skin. FWIW, I've been a hardcore developer my whole life and I'm entirely self taught; left school at 16 to program computer games, it's not about money on education and it's not like there's a huge barrier to entry to learn coding; you've just got to really love the job, that's all there is to it. It's not for everyone.

Damn this is huuuuge

Practically every server in the world uses Imagemagick to process images uploaded by the public - and it's wiiiide open... LOLZ!

I've certainly set up more than one server that's vuln to this... patchin' time!

What the hell does anyone want x86 embedded for?

What a truly insane thing to produce - take a widely reviled instruction set (x86) which is only still around because of the desire for binary backwards compatibility on very large fast chips (which go to great lengths to dynamically recompile it in hardware into something that doesn't suck) and then put it on an embedded CPU where nobody has the slightest interest in binary compatibility (..not that it even is!) and in a field where there are several very long established and highly efficient alternatives (ARM, AVR, etc) that work better in every way. IN-FRICKIN-SANE. This thing is already deader than a dead dodo & absurd to the level of finger-pointing mockery.

What could possibly go wrong?

As a firmware developer/hacker kinda guy, this is a "spit your coffee over the keyboard" quality idea.

I did go and RTFA (well, spec) and they pay a lot of lip-service to CORS/security/etc it's still a pretty out-there idea.

There are actually few things in this world _less_ robust and securely programmed than your average USB peripheral - not only that but by definition a lot of them are in control of real physical things. USB peripheral firmware is totally the wild west... Ask any Linux developer trying to support something with Windows-only drivers - the first step is to basically run it under windows and reverse-engineer the device protocol to figure out how the hell the vendor set it up - but there is literally no telling what the device actually supports without reading and disassembling its firmware. USB devices are the blackest of black boxes, and there's millions of them, all with different firmware..

BRICKING ISSUE

Primarily, most USB devices are _exceedingly_ brickable; because most peripherals are flash-based MCUs, and most of them have some sort of firmware update procedure, and only very rarely does anyone even use the USB "DFU" standard; rather often, firmware updates are via what would (in any other system) be called hidden backdoors; e.g. HID command endpoints, hidden command messages, etc. Bulk endpoints with a "manufacturer specific" USB descriptor..

..There's very rarely a oh-shit-you-loaded-bad-firmware recovery mechanism either.

Even current USB devices that don't nominally require drivers (e.g. CDC, HID, Mass storage, etc) VERY often have these sorts of hidden backdoor things going on (for reflashing, debug, diagnostics, etc) because that's the way things have evolved for the last 20 years or so...

I think it's an interesting idea and (as a long time firmware developer including many USB peripherals) I mean that in an "oh wow the possibilities for shit going very badly are.. really interesting". I can think of a huge number of ways to turn previously useful peripherals into doorstops, and that's barely scratching the service of the issue. Yes.. but... WOAH THERE NELLY!

Letting the browser talk raw USB packets would be kinda like having an unpatched Windows 95 machine with every service turned on and all ports exposed to the internet.

Still sucks for i/o performance

Yeah it's the same story; hang everything off a single USB host port. This was a disaster for the stuff I was doing. Having tried many of the boards on the market personally I now have a deep and abiding love for the Banana Pi (M1 - first revision) which for $35 has THREE separate real USB host ports (i.e. not on a hub) that all run in parallel at full speed AND real gigabit ethernet AND SATA; all properly implemented and independent. (and a real time clock and many more little joys) - it depends what you want it for but if you want any kind of useful i/o performance the RPis have always been a joke

Graphs show that a shitty solution to an long-solved problem is still shitty

Right, so you run a protocol that has poor performance on high latency links due to ACKing, and say "look! It's poor!".

Oh - the 1970's called and they want their due credit for adaptive TCP window scaling...

Ironically the FTDI clones actually work better than the originals

The FTDI clones (clone FT232R for example) work better than the FTDI chips - not only do they work just fine as USB-UARTS (which is not rocket science) but the clone "bit bang" and SPI modes work BETTER; on official FTDI chips the timing is pretty horribly broken.

I refer the learned viewer to the posts and scope captures by "Marcan" (who has an excellent pedigree in the low-level hacking world)

http://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/450/

Another post pointing out bit-bang mode is hopelessly broken

http://blog.bitheap.net/2012/03/ft232r-bitbang-mode-is-broken.html

And FTDI bury the admission in an errata (3.1.2 "BitBang Mode variable Pulse Width")

http://www.ftdichip.com/Support/Documents/TechnicalNotes/TN_120_FT232R%20Errata%20Technical%20Note.pdf

You'd assume because they mention it in RevA silicon that it's fixed in later version but apparently not.

fat chance

So... all the companies who invest a ton of money building embedded device firmware are going to open up their source code, making them easy to rip off?

Errr.... no. There's a reason microcontrollers have code-protection fuses... I'm not saying they're 100% effective but (as an embedded systems guy myself) I'm certain there's absolutely zero frickin' chance of this ever happening.

Wow that's a stunningly long list of epic fails from Trend Micro there - a shower of utter fuckwits.

Theirs may be the least effective security product since the tinfoil hat.

$54 a _month_? That's pretty ballsy pricing

My comcast is great

My Comcast in San Francisco - 164Mbit/s down, 13MBit/sec up.

From my experience I have no idea what people are whining about with Comcast - it's not very cheap but it's fast and very reliable.

I work from home as a software/firmware guy and I find >150Mbit/sec downstream is ample (assuming the folks on the other end have their server shit together; I'm looking at you STMicroelectroncs)

In passing I was at a friend's wedding earlier this year and spent a most enjoyable time geeking out with the bride's father, who was (back in the day) one of the chief modem designers at US Robotics in the era of going from 9600 -> 56kbps..

Eh, kids nowadays. :-p

Got my Project FI invitation, ordered a 5X - can't WAIT to kick Verizon to the kerb; their service is utter robbery. Like many people I spend the great majority of my time within range of a friendly wifi network, this will more than halve my bill.

FCC is a fucking joke

I get dozens of robocalls on my cell, it's on the DNC list and everything; they just don't give a fuck. The FCC is completely toothless and useless.

Ah memories

I was working at Codemasters during this era; takes me right back. Andrew Graham (softly spoken scottish guy, now at Kwalee ) was the main man behind the Micro Machines games; he did the NES (and later PSX) version; my mate Charlie Skilbeck did it on the Megadrive; I built the dev systems and did some other stuff.. lots of fun. Actually myself and Nick Pavis worked for a while on a Sega Saturn version but that thing never went anywhere...

...Oh and we went to quite a lot of raves as well. Ah the 90's :-)

Can't imagine why anyone would bother

I'm still on Win7 and I don't use most of its 'features'; it's very stable, supports all peripherals including some obscure embedded systems tools, and it doesn't annoy me. That, nowadays, is all I ask from my primary OS.

All my real work is done in a variety of linux images hosted on on VMWare.. All windows really ever does for me is run VMWare, Sublime Text and Chrome.

I call total bullshit. Will Neil Young grace us by performing a properly administered blind A/B test between a decent-bitrate AAC stream and a (losslessly) ripped CD - even of one of his own albums? Will he fuck.

This is news?

Newsflash: n00b hacker fucks about with web form written by intern. More news at 11

The Visual Studio python debugger extension mentioned in the article - which is rather good - works fine with a Pi running stock linux.

While on the subject of Visual Studio, the (commercial) WinGDB plugin is really excellent; supports cross-compile and remote debug of lots of embedded CPUs, Android apps, Linux apps, etc.

I moved to San Francisco from the UK in 2000 and it's fucking awesome, albeit very expensive. Not as glamorous as Bermuda but a really fun city full of interesting characters, also it's Geek Mecca of course :-).

Super overpriced

It's hacker friendly... with special "I'm a hacker" pricetag.

I'm sure there's a market for it, but openwrt runs on an lot of cheaper boxes;

Since you didn't ask I'm tending to use Buffalo routers nowadays, have several Buffalo WZR-HP-AG300H's in action and they're splendid; separate 2.4 + 5.8G radios (lovely performance on 5.8), tons of flash+ram, usb for gadget-making, gig-e for speed, fast cpu, run openwrt or dd-wrt depending on yr needs, under a hundred bucks, reliable, end of story. Old news but a fine piece of cheap hardware. Hell I may order another one for hacking on - the Atheros chipset has a spectrum analyzer mode I need to tinker with

How high up the toilet wall

can they piss their remaining money? It's pure comedy at this point.