* Posts by Ken Hagan

8137 publicly visible posts • joined 14 Jun 2007

Windows' authentication 'flaw' exposed in detail

Ken Hagan Gold badge

Re: Ahh, Modern Education

Nowadays, it is a Harry Potter reference. Do keep up.

Ken Hagan Gold badge

Re: Never say never

"the decision to allow NTLM to survive beyond 1996"

NTLM has been deprecated since pretty much that time. If you are complaining about support for it, may I be the first to point out that samba also supports it and therefore any system that can run samba (which I think includes all the BSDs as well as Penguins) is necessarily a piece of shit.

Or have I mis-understoof your logic.

Ken Hagan Gold badge

Re: Well, Ain't that dandy!

"in the same vein that setting the localtime into the hardware clock"

The connection here is completely lost on me, unless you felt that case sensitivity was a little too debatable for your rhetorical needs and so you needed to hitch your argument onto a more blatant straw man.

Microsoft extends Internet Explorer 8 desktop lifeline to upgrade laggards

Ken Hagan Gold badge

Assuming it isn't a typo, it proves that IE isn't tied to the OS, which will please Microsoft's lawyers, even if the chimera is unlikely to please anyone else.

But ... er ... gosh ... are they doing it for a bet, or something?

Mozilla backs away from mobile OS as Android looks invincible

Ken Hagan Gold badge

Re: Too many 'apps'

"Why would I want to clog up my phone with an app I might use once a every couple of months to order dinner?"

Wrong question. *They* would want that because their app won't let you order from the competition instead.

"The worlds gone ape app-shit crazy."

Yes, but once the hoi polloi learn that apps are only a censored version of something that is freely available on the internet, apps will go the way of AOL's restricted view of the internet.

Typo in case-sensitive variable name cooked Google's cloud

Ken Hagan Gold badge

@Adam 1

An OR with #40 would not have worked even 50 years ago unless you have already also tested that the character is in the range a-z.

Ken Hagan Gold badge

I think you are perfectly aware of the answer. Over half a century ago, when character sets finally became large enough to include two cases of letters, a native English speaker decided that centuries of common practice should be swept aside and case should be considered significant, because a case-sensitive search is just comparing bytes whereas a case-insensitive search requires more effort.

Time has demonstrated that this was short-sighted. Computer scientists had no trouble adapting to the new rules and occasionally bent them into a feature. However, as soon as computers were picked up by the general public, problems started, and for those who need the assistance of a screen reader case-sensitivity is the work of the devil.

Sorry to say it, but not very sorry, but BASIC and DOS got it right.

Still running IE10? Not for long, says Microsoft

Ken Hagan Gold badge

Edge is hardly an alternative

MS made it quite clear when it was announced, and the almost exact parallel in patching schedules since then has demonstrated, that Edge is just IE11 with the back-compat cruft taken out. It is touch and go whether we'll actually see something branded as IE12, but you can think of Edge as IE12 and you won't be far wrong.

Apple finally publishes El Capitan Darwin source

Ken Hagan Gold badge

Re: Job's the marconi of his day!!

"The GPL is a closed source license in all reality."

This must be some new meaning of the word "reality" of which I was not previously aware.

Is ATM security threatened by Windows XP support cutoff? Well, yes, but …

Ken Hagan Gold badge

Maybe if all the banks clubbed together they could afford this sort of bespoke development. :)

As an extra benefit, if all banks were using a common ATM design, there would be less to harmonise when the next merger happened. (That might be sooner than they'd like if some of them are relying on XP to keep their cash safe.)

Donald Trump wants Bill Gates to 'close the Internet', Jeff Bezos to pay tax

Ken Hagan Gold badge

At last, the perfect response...

...to the old canard "If you're so smart, why aren't you rich?"

Mr Trump is the indisputable proof that there is no such correlation and therefore no case for we poor, smart folk to answer.

Russia's blanket phone spying busted Europe's human rights laws

Ken Hagan Gold badge

Re: How will it be enforced?

Upvoted for the Orwellian whataboutery.

Per-core licences coming to Windows Server and System Center 2016

Ken Hagan Gold badge

Define "core"

AMD are currently facing a (spurious) lawsuit over exactly this. The number of cores in your chip is largely down to the preferences of the architect and may vary from one CPU generation to another. Quite how MS are going to cope as more and more work is rolled out onto the on-chip GPGPU I have no idea, because these beasts have hundreds of "cores", each of which is too feeble to justify the price that MS want to charge for a licence.

Charging per chip makes much more sense because the number of chips is much more closely aligned with both "total grunt" and "whether it's a big machine" and those are things that customers will understand and not feel totally ripped off when asked to pay for.

And I echo the above poster's comments about VMs. Charging twice just because the customer uses VM software is soo last decade.

Google to end updates, security bug fixes for Chrome on 32-bit Linux

Ken Hagan Gold badge

Re: Don't people ever write portable code?

The bugs that people are going to care about in a browser are going to be logical errors and algorithm-level foul-ups. These will show up on nearly every build target. There may be 32-bit-specific bugs to do with data formats and sign-extension or truncation.

However ... if you are testing the 64-bit build and you are continuing to support 32-bit builds for things like ARM (all those Chromebooks, remember?) then testing the x86 build is really just a test of the code generator back-end for your compiler (probably pretty reliable by now, eh?) and any platform-specific layer (which is as thin as it can be, right?).

Windows 10 lags 7, 8 … and even Vista in the channel race

Ken Hagan Gold badge

I think you are all wrong

The question is not "Why is no-one buying Win10?". The question is "Why is no-one selling it?".

The answer is straight-forward. You, as a vendor, have fifty billion OEM licences for earlier copies of Windows. You've already paid for them. There is no incentive for you to buy an OEM Win10 licence and there is precious little incentive for your customer to ask for one (because of the free upgrade). (On the contrary, if they buy one of your older licences, they have a choice.)

So channel sales are irrelevant. What matters is how many people take the upgrade when they get the machine home. Only Microsoft know that and they aren't telling.

Google snoops on kids via Chromebooks, claims EFF in FTC filing

Ken Hagan Gold badge

It's a Chromebook. That's how they work.

If you have several dozen Chromebooks and you don't want to have to track which 7-year-old used which machine last time around, the only way to be sure that they can work on something two lessons in a row is for the software to store the documents somewhere other than the local machine. The default sync point cannot be "my school's server" because Google haven't a clue who you are.

There probably isn't an option to enable the use of a local server. My experience of Chromebooks (and I'm typing on one) is that the Googly version of Linux doesn't even have SMB support in the kernel. It just isn't their target use-model. (There are work-arounds, but it is easier just to bung a real Linux on the machine instead and if you know as much about Linux as most teachers then that's quite enough to dissuade you!)

Assuming there isn't such an option, the EFF might have a legitimate point if that's what they are complaining about. However, it doesn't sound like that *is* what they are complaining about.

Mozilla: Five... Four... Three... Two... One... Thunderbirds are – gone

Ken Hagan Gold badge

Re: Escape from Lemming Mode

"Even though Thunderbird has been ignored for at least the last three years, it remains one of the better email clients around (which is a very sad commentary on the state of email readers these days)."

This isn't at all surprising. The relevant RFCs have hardly changed in years, so Thunderbird is still good enough even though it has been abandoned since (at least) 2012, except for pointless tweaks to the shiny bits. It's also free and runs on everything, which means you have a *real* barrier to entry for any new rivals.

Much the same was true of web browsers for most of the period 2000-2010. Two things broke the log-jam. Firstly, Firefox finally made enough progress on standards that even normal people could see the benefits. That "revealed" the changes that had accumulated in the relevant standards. Secondly, Google decided that they'd like all our browser data. Their huge cash pile meant not only that the cost of development was unimportant but also that they could pay to have it bundled with loads of unrelated third-party products, so they were able to buy an installed base fairly quickly.

This won't happen for email. There is no evidence of new standards getting ordinary punters excited and no megacorp with loads of money wants to promote an offline email client.

Ken Hagan Gold badge

"most business users use Exchange"

Well, if you've paid for an enterprise-wide licence for everything Microsoft do, then probably. However, I'd be surprised if most SMEs weren't using just Outlook or Thunderbird with an email server running on a Linux box. There are plenty of howtos for setting that up and for some companies (or, equally, their customers) there may be a legal requirement to avoid routing all your private correspondence through the US.

Report: VW execs 'knew' about fuel economy issues last year

Ken Hagan Gold badge

18% - is that all?

I'm surprised that such a small discrepency between the measured efficiency on the road and the claimed efficiency on the spec sheet is considered evidence of cheating. They *all* do that.

Hyper-V sets VM created date to 1601, in the reign of Good Queen Bess

Ken Hagan Gold badge

Re: Of Course 1601

"A better choice would have been using Julian Date, which goes far back enough to allow for most needs."

Actually the FILETIME type is signed and has several dozen millenia on either side of the 1601. I assume 1601 was chosen because it falls on a 400-year boundary. However, 2001 would have worked fine and had the additional advantage of placing the epoch firmly within the era of atomic clocks. I assume the historic date was chosen because programmers have inherited an irrational fear of negative dates and times from society as a whole. They should have consulted an astronomer (in which case they'd have ended up measuring from 2000.0).

Who owns space? Looking at the US asteroid-mining act

Ken Hagan Gold badge

Re: Martian microbes

It is believed by those who have studied it that the two planets have been exchanging meteorites for the past few billion years, so it would be rather surprising if there weren't microbes on Mars or if they were significantly different from the more hardy of terrestrial varieties.

That said, the emptiness of space increases with the square of the distance from the sun, so it is quite possible that the moons of the outer planets might be different. It would be sad if we never found out because some jerk on Kickstarter had watched too many episodes of Red Dwarf.

Ken Hagan Gold badge

Re: Really? Harmful contamination? Really?

I'm bemused that anyone could seriously believe that space mining would be done by sending people plus a full life support system. Anyone with the technical know-how to get there (and bring the stuff back, for less than a terrestrial mine (and Tim has written a whole book on how implausible *that* is)) will certainly be able to automate the actual mining.

I'm slightly surprised that we still use them for mining on Earth, but I suppose in some places life is cheap enough to make that pay.

Android on Windows is disruptive because neither Microsoft nor Google can stop it

Ken Hagan Gold badge

Re: An OS is 'just' SW...

Yes, VmWare *have*, and yet articles like this suggest that it is still surprising to some, so the OP has a point. I think the average punter is so used to walled gardens and "the computer says no" that it is refreshing to meet with something like this, even if it is just an obvious consequence of the kinds of software freedom that Stallman et al have been advocating for years.

Likewise, you are presumably aware that QEMU and such like are able to runs VMs even when the guest was written for a different CPU family, so this approach is potentially even more disruptive and I expect *that* will (eventually) be a surprise to the average Joe as well. (A more interesting question is whether it will also surprise the masters of the universe who hold fruity shares in such high regard.)

Finding security bugs on the road to creating a verifiably secure TLS lib

Ken Hagan Gold badge

"What purpose does this serve?"

According to the article, the process revealed three new vulnerabilities in the spec. That's what usually happens when you sit down to test something rigorously or prove its correctness formally. LibreSSL is (or soon will be) better because of this work.

Whether or not you ever use the resulting implementation is irrelevant. Like the old saying about battle plans: the value lies in the act of making it, not in having it once the bullets are flying.

128GB DDR4 DIMMs have landed so double your RAM cram plan

Ken Hagan Gold badge

Re: How Hot?

"64-bit chips can do 64EiB"

Not actually true as far as I know. For example, see https://en.wikipedia.org/wiki/X86-64#Physical_address_space_details for an assertion that it was limited to 48-bits back in 2010. The preceeding paragraphs (on the virtual address space) also assert that the 48-bit limit is baked into the AMD64 spec. 48 bits is 256TB, so we are now within two orders of magnitude of being able to put a moby in an x64 machine.

Ken Hagan Gold badge

Re: Just to be pedantic...

@Stoneshop: I suspect the original AC is in violent agreement with you, but that wasn't his point. His point was that *however* you measure the size, it's never 12.2 of anything.

Plusnet ignores GCHQ, spits out plaintext passwords to customers

Ken Hagan Gold badge

Re: Google IT

"Its quite a standard practice in systems that you cannot re-use passwords over a certain period or number of changes"

As is the quite standard user response of using the same basic password and simply incrementing a suffix (or appending the current date) to generate an endless series of different passwords that, in your mind, never change.

New Wireshark, Nmap releases bring pre-Xmas cheer to infosec types

Ken Hagan Gold badge

Re: Cue bleating politicians....

A politician who knows what nmap and wireshark are? Pull the other one...

Yahoo! Mail! is! still! a! thing!, tries! blocking! Adblock! users!

Ken Hagan Gold badge

Re: Are you so desperate for ad revenue, Marissa?

There's the interesting thing. On the face of it, Yahoo have been irrelevant and bereft of income for a decade or more and yet they are still going. How? No-one is really sure. Why do I care? Well, using Yahoo as a model and extrapolating, Microsoft's cash pile is large enough that they should still be pushing some "operating system as a service" type of product well into the next century. (By then, of course, people will have their personal computing as a body implant running off biological power, which gives a whole new and disturbing meaning to the phrase "Intel Inside".)

Ken Hagan Gold badge

Re: Yahoo! Can! Pound! Sand!

"Of course, cell phone numbers are just as discardable and anonymous as email addresses"

That would be "not at all", then. (There's a reason why telephone companies offer number migration and why postal services offer re-direction when you move house.)

Who's running dozens of top-secret unpatched databases? The Dept of Homeland Security

Ken Hagan Gold badge

...a line management view that "IT is not our primary mission."

Actually that's arguably the most actionable point to come out of this. Someone has classified these databases as secret. Either that's not true and their whole classification system is broken, in which case heads should roll, or it is true in which case the response to "IT is not our primary mission" is simply to point out that "security is" and sack the idiots who disagree.

Formally arguing that the most security-sensitive systems (by your definition) should be excluded from your security audit is a clear indication that you are too stupid to do the job.

Ken Hagan Gold badge

Perhaps they need more money?

Or perhaps Congress should seriously consider the proposition that keeping the department in existence in this state is actually worse for US security that shutting it down. With pen-tests recently showing that they only stop 5% of forbidden items getting onto planes they clearly aren't achieving anything there and with all their security-related info sitting on insecure databases the risk of future disasters is obvious.

Ofcom asks: Do kids believe anything they read on the internet?

Ken Hagan Gold badge
Flame

Web-sites are like survey results

Sometimes they are true and sometimes they are false.

When they are true, it is either because someone did their research very carefully (rare) or luck (more common). When they are false, it is sometimes because someone was unlucky and sometimes because they intended it to be wrong in that way.

If <insert education minister here> really wanted to improve standards, the compulsory subjects would be "How to write lies nicely" (formerly English), "How to lie with statistics" (formerly maths) and "How to rig the problem so that some other mug ends up lying on your behalf" (formerly science: experimental design).

I've arranged them in order of difficulty. The last is rather subtle but the first is (sadly) as far as you need to go before entering politics.

Hillary Clinton: Stop helping terrorists, Silicon Valley – weaken your encryption

Ken Hagan Gold badge

Pity the Americans...

...who presumably have to vote for one of these idiots next year.

To be honest, the tech giants *ought* to be supporting weaker encryption. By "weaker", we presumably mean something that you can crack with a government's IT budget but that is resistant to the budget of common criminals. Provide that and you have basically *obliged* your (willing) government to spend a freaking fortune on new hardware. If you are a tech giant, what's not to like?

More seriously, someone should tell Hillary that the tech giants are not the *providers* of strong encryption. Anyone with a computer can download encryption code for free, set the key length to whatever length they need/like, and chat away in private. So what she is really asking for is that the average intelligence of US citizens should be lowered to such an appalling degree that there's no-one left who can do that. (What could possibly go wrong?)

How NSA continued to spy on American citizens' email traffic – from overseas

Ken Hagan Gold badge

Re: Haven't a clue

Actually, we'll never know that for sure. The point, surely, is that the politicians authorising the payments and the spooks trousering the money for their pet projects will never know that either.

The problem is not proving that email trawling occasionally turns up results. That's probably not hard to prove. One or two examples would do it and (sure enough) that's what gets trotted out every time someone complains. The problem is proving that the money spent trawling (which is measured in the billions if some reports are to be believed) would not turn up more results if it were spent differently. Sadly, in a world with finite resources, that's what you need to prove to justify the costs.

Ken Hagan Gold badge

I call bollocks

If all you know is that I sent a message to Dan Geer, you do *not* know me. Although I almost certainly said "You are a naive fuckwit who is only championing traffic analysis because you can't actually *do* the deep inspection.", it remains possible that I actually said "Quite right. You *are* clever. Would you like lots of money?".

Love your IoT gadget but could you keep the noise down?

Ken Hagan Gold badge

Re: That Friday feeling!

"Worstall's services are no longer needed by El Reg."

You mean "being paid for", not "needed", or am I missing an economics joke here?

Why Microsoft's .NET Core is the future of its development platform

Ken Hagan Gold badge

.NET Native?

If you have a "thing" that converts C# into native code, then that "thing" is called a "compiler" and you haven't got .NET anymore, you've got a language with a compiler.

Can we cut the marketing guff, now?

Criminal are mostly hacking-by-numbers with exploit kits

Ken Hagan Gold badge

Re: $80K for a $5K investment ? Per month ?

I think it is more the case that there are so many *insecure* systems that the crims can charge $85k for access. Your secure system isn't interesting.

Apropos the article, whilst it is nice to have figures I don't think it is news that canned exploits dominate the scene. The term "script kiddie" dates from sometime in the last millennium.

GPS, you've gone too far this time

Ken Hagan Gold badge

Re: It isn't that

It's quite shocking news to those of us who thought GPS was (only) a positioning system. Taking a (numerical) derivative and (numerically) integrating it to arrive at a more accurate measurement than the original data would be quite bizarre.

Presumably the explanation lies in the Doppler measurements. These are an additional source of raw data and so it is much less surprising to be told that they can be used to improve the accuracy of the positional ones. Is that it?

Aircraft laser strikes hit new record with 20 incidents in one night

Ken Hagan Gold badge

"Going forward, ensure that all manufacturers agree that commercial pointers etc. use almost the same frequencies to minimise the variance."

Nice idea, but I think at least part of the problem is that some overseas vendors are selling class 3 devices over the internet branded as "professional" laser pointers. Since they don't comply with your laws, or with plain common sense, they aren't likely to comply with a well-intentioned suggestion.

California cops pull over Google car for driving too SLOWLY

Ken Hagan Gold badge

I think that is generally true. I know more than one person who has been pulled over for driving at the speed limit late a night on an empty road. They get breathalysed, enjoy the joke, and go on their way.

Ken Hagan Gold badge

Re: that's a good one

I think you ask the human occupants to push the "pull over" button.

Hypervisor headaches: Hosts hosed by x86 exception bugs

Ken Hagan Gold badge

Re: I'd expect more of The Register...

In fairness, the two CVEs are both content-free and MS have not publicly disclosed the bugs yet. The Xen bug report suggests that the problems lie with the delivery of exceptions to 32-bit guests and so perhaps the host bitness wouldn't matter. The MS report states that the problem is with the chipset, not the CPU, but is otherwise (as you note) not exactly informative.

A "more suitable article" probably can't be written right now unless you are willing to reverse engineer the patches.

Your taxes at work: Three hours driving to turn on politician's PC

Ken Hagan Gold badge

Re: Really - there wasn't a cleaner or anyone else in the building...

"the millennia-old "doors open *INTO* the place you're going *INTO*" paradigm"

That'a a paradigm? Hmm, well for the buildings that I can accurately remember right now, I'd say it works nearly every time for houses and no more than 50% (possibly quite less) for other buildings.

Shadow state? Scotland's IT independence creeps forth

Ken Hagan Gold badge

Re: CCTV -- quality of the images

The poor quality of CCTV systems amazes me. We all carry around mobile phones that can do far better and a few minutes of web research will confirm that the actual sensors are cheap as chips. It must therefore be obvious that the high cost of a CCTV system is the physical deployment and wiring, possibly the optics, and definitely not the sensor.

So how the hell to CCTV salesdroids get away with the fuzzy, SD, monochrome imagery that we see in crime reports?

Ken Hagan Gold badge

Re: What is driving this?

"I don't have a problem with ID cards per se although I have a problem with an obligation to (a) carry one at all times or (b) show it to any little petty official who asks."

I already have a passport that satisfies all of those requirements. An ID card system is duplication. A requirement to *have* a passport, so that you appear on the database, is (as you say) scope creep.

Pause Patch Tuesday downloads, buggy code can kill Outlook

Ken Hagan Gold badge
Joke

Re: 100% CPU

"It isn't rocket science MS bit I suspect there would be huge turf wars inside Redmons if major changes were made to the update system."

Well I know Linux has /several/ splendid package management systems they could copy, but they only need to copy /one/ of them, so there's no need for rival factions and turf wars.

US Congress grants leftpondians the right to own asteroid booty

Ken Hagan Gold badge

Rather more to the point is, if they *did* ever acquire sovereignty then what is wrong with existing laws that US citizens could not already buy and sell stuff "up there" with the same legal framework as applies "down here".

Or perhaps Congress reckons there's nothing left to perfect in Reality and has decided out of sheer boredom to start perfecting the Hypothetical.

Most developers have never seen a successful project

Ken Hagan Gold badge

Re: Success is whatever you define it to be

"Which in turn isn't what they eventually discover they needed."

But don't fret, because by the time they've worked this out, they need something else and they don't know that (yet) either. Rinse and repeat.