Re: EMA - puzzling
communication in Hawaii has the distinct risk of not working
Actually, Hawaii is an elecronic communications pioneer.
3354 publicly visible posts • joined 6 Sep 2013
So you can't use SiFive's open-sourced designs based on RISC-V?
There are a number of preliminary implementations of RISC-V (and really only the user-mode instruction set is fully settled at this stage), but you have to read what they mean by "open source" very carefully. RISC-V is being touted as a common instruction set that can be targetted by open source software with the aspiration that this leads to a diversity of chip suppliers, freed of the licensing constraints for the ISA. That doesn't say anything about licensing of the hardware design, though. It also says nothing about the large number of patents on processor design that might constrain any particular implementation seeking to be entirely open.
I've not loooked into it in detail, but I'm aware of only one significant project aiming to produce truly "open" hardware based on RISC-V. Although SiFive say they're "changing the way people buy IP", their hardware is not, as far as I can tell, "open source" - there's still a licence agreement and a fee, as there would be, say, with ARM, although the process overhead is said to be much lower.
you end up downloading the same jQuery/Angular/Whatever todays framework is javascript file for every site you visit rather than downloading it once from a CDN
Good. I can then hold the publisher of the site responsible for any nasties in their code and not have to rely on the probity and security of some entirely unconnected third party.
But that would slow things down, you cry? Well, perhaps that might persuade the site authors only to include the code they actually need and can test and verify.
And of course if all responses had to go to the single origin too, then the publisher would be responsible for all the data they hand over to dubious analytics and tracking organisations, which might make them think twice. Sounds like a win all round.
But if you stick to static visible images, how are you going to make your paid-for advertisement stand out over the paid-for content? And in the case of YouTube rather a lot of it seems to consist of "influencers" persuading their gormless peers to buy products they themselves were given free. I don't think you can expect any form of voluntary commercial moral restraint to survive in that environment.
It's a pity that HTML doesn't have a single-origin model where all content on a page has to come from the same source - it wouldn't eliminate abuse, but it would at least make the content-providers responsible for the advertising that appears on their sites and the costs of serving them.
as tax on petrol and diesel goes down the tax on charging goes up
Fuel duty alone brings in around £28bn at present, almost 4% of the government's income, and there's VAT on top of that. Of course that income will have to be replaced (or public services cut) if there is a significant drop in the consumption of conventional fuels.
Petrol duty is potentially quite an effective form of taxation since it is roughly correlated with mileage and road damage and there's nothing much else petrol is routinely used for. Trying to tax "transport electricity" differently to other forms of electricity sounds like taking the "red diesel" problem and scaling it up by many orders of magnitude, so I suspect distance-based taxation is going to be the preferred option.
So you think if we trade with China, the US or anywhere else in the world they should make laws to govern our country and how we do business even if it is only domestic?
Have you even any idea what a trade treaty consists of? They are legally binding, take precedence over national laws and of course they govern "how we do business even if it is only domestic" because they prohibit us from doing things that would prevent trade partners from other countries being disadvantaged in the supply of goods and services to the domestic market. That includes things like standards for safety and animal welfare and financial support to domestic industry.
And if you're really concerned about "supranational governments", I suggest you read up on Investor-state dispute settlement.
All trade agreements result in a loss of sovereignty over domestic policy. Some are better/worse than others in that respect (depending on whether you believe in free trade or protectionism) but none offers "having your cake and eating it".
the rest of us wont be bound by them
I don't think it's a leap forward to move from a position in which our trade with the EU is governed by EU rules and our trade with non-EU countries is governed by their rules to one in which our trade with the EU is governed by EU rules, our trade with non-EU countries is governed by their rules and we have different rules for doing business inside Britain.
There is no such thing as "free" trade as will be underlined once more when the citizens of the countries whose leaders have agreed the revised TPP are finally allowed to know what trade rules they have been signed up to without their consent. I'm afraid that's how it works: there is no great shining upland of democratic accountability out there.
the performance penalty inherent to context switching
One thing we've learned over the last week is that speeding things up at the cost of security is not a great idea. And it's a bit of a circular argument in any case - the faster mode switch, SYSCALL, only provides a kernel mode switch as the other modes weren't actually being used. We really need to look at what we need in terms of security, not constantly optimise and compromise for benchmarks.
And we need to do it right. As I've been delving into this a bit deeper, I notice that AMD's encrypted memory does notseem to extend past the memory bus - information in the cache (and CPU) is in the clear. That means similar side-channel techniques could potentially be used to bypass memory encryption. It's going to take some time to get our collective heads around this.
are we to see RISC on the desktop?
RISC simply refers to the instruction set, not they way the instruction set is implemented - there's increasingly less correlation between the two.
The other thing is that compiled programs tend to be larger for RISC machines as you need more "reduced" instructions than you would "complex" instructions. This didn't matter when processors ran at or close to the memory access speed, but now they run much faster you're in greater danger of stalling the pipeline because you have to drag so much more stuff out of memory to execute your code so you would typically need more in the way of cache and other optimisations.
Also, an instruction decoder can often turn a complex instruction (such as an ADD instruction that takes two memory based source operands and a memory-based destination operand) into a series of simpler processor operations (such as two loads to temporary registers, a register addition and a register store operation), achieving a RISC effect with potentially more compact instructions.
What I hope we are to see on the desktop is something that takes us forward - not revisits where we have already been - and that will have more to do with the less-visible but vital improvements in the protection of memory (and cryptographic secrets in particular) and better segregation of trusted and untrusted code. And in that latter respect, I think we're going to have to get used to there being a little more than just "kernel" and "user" space to worry about.
Well, it's a strategy that worked pretty well for Microsoft before phones - it just depends on how good you are at beating/buying the competition because "me too" isn't the outcome you're looking for, it's "just me".
The difference between Google and Amazon it would appear to me (and I have worked for neither) is that Google puts its tech staff in fancy offices, feeds them fancy food and gives them time to work on their pet projects in the hope that they might happen upon a lucrative product. Amazon, on the other hand, knows what it's trying to achieve and just expects the staff to get on with their work.
Former Amazon people seem to be a lot less vocal - which should tell us something.
"It has the most Nobel prizes precisely because most of the people who have won them have immigrated from other countries to be there."
In the 2018 Bloomberg Innovaton Index I can't see any obvious correlation between list position and levels of immigration - though that's not to say the UK's ranking (17th...) might not be even worse without overseas academics, but clearly other factors are at play.
Having said that, I really don't see the frenzy - and it's not restricted to the US: Australia and the UK are pretty keen on it too - to deport people who are otherwise legal residents but who have committed crimes. We don't deport our own citizens - we regard their sentence as being the punishment for the crime; I'm not sure that returning people to places to which they've had no connection for decades can be regarded as anything other than xenophobic vindictiveness.
The thing I keep pointing out is that an awful lot of people aren't able to bring their vehicles into close proximity to their electricity supply - they park their cars on the street. Even (UK) people with garages typically can't get their cars in because as houses get smaller, the garage gets increasingly full of the stuff that won't fit indoors.
For a lot of people, quick charging in a shared location will be a necessity - and that brings a different set of infrastructure challenges.
It might be worth thinking again
The up-front cost of these devices is eventually irrelevant, it's the revenue from ongoing subscriptions that's significant. Of particular note is that all of those Alexa "skills" (and their equivalents) have to run in the cloud somewhere and someone has to pay for that. Amazon is currently swallowing the cost of the basic built-in capabilities, but the only logical long-term economic model would require you to pay a monthly subscription for the benefit of being able to turn your lights on and off and another one to view your doorbell and another one to use your security camera and another one...
Amazon and Google obviously decided they needed to sell devices cheaply to overcome consumer resistance - Apple cracked that problem years ago.
what would be happening if AMD's chips weren't affected
In one of the many posts there have been on various forums, I saw a suggestion that the only reason that AMD is not vulnerable to Meltdown is that Intel patents prevented AMD from using those particular techniques. I don't know how accurate that is, but I'd be surprised if AMD's apparent prescience is simply a matter of great foresight.
why is there no mention...
Presumably because the secretary for defence thinks there's a chance he can still save what's left of the army but has already written off the navy as a lost cause (which, given its mission is presently to pay for a seemingly unrelated assortment of factory preservation projects, it probably is).
The NHS risk document identifies the following Government Security Classifications, intended to identify different levels of information sensitivity across government departments and their suppliers:
They then identify all of the various levels of sensistivity of patient information (from aggregated statistics through to clinical information and contact information for people at threat). Apart from publicly-disseminated information (such as numbers of people suffering from 'flu), everything maps to Official-Sensitive - even the key material encrypting the data because:
Whilst we need such data to be treated to the highest standards, they do not fit into the government policy criteria for SECRET or TOP-SECRET.
So the government, in 2014, adopted a system of security classification that is entirely inapplicable to the health data in its possession. And no doubt equally inapplicable to sensitive information about child protection, vulnerable adults, taxation and who knows what else. And is then pushing its departments to push that data out into the public cloud.
A dispassionate observer might conclude they were concerned only with the preservation of their own secrets.
conventional malware
Unfortunately, given that you can potentially exploit these bugs from JavaScript on a web page, you're at risk from a far greater range of potential malware than one might at first imagine. And if you provide a public cloud service, you have to be robust against even unconventional malware.
That said, the meltdown issue wouldn't be a problem (necessarily) if the kernel memory were encrypted - though you'd have to be reasonably convinced that the encryption key wasn't exposed and that, having downloaded the contents of encrypted memory, an attacker then having the time and resources couldn't brute-force the key by some means (and it is quite likely that there will be known data patterns at various kernel addresses).
Spectre is more of a problem, but it could potentially be dealt with by having "sandboxed" code (such as JavaScript...) run in an address space separate from that of the host process and the latter also having its memory encrypted - the same caveats applying.
It might be OK to ignore the problem on your own particular desktop computer, but if the cloud providers want to stay in business these issues have to be fixed.
Perhaps you just get Google and Facebook to build the system to hold and disseminate the court records - it's pretty close to their core business and it can't be worse than earlier attempts at applying IT to the justice system.
And then you find a way of taxing their core business effectively for everyone's positive benefit, not as some sort of punishment for having a profitable business model or giving voice to the wrong sort of people.
they are repayments to investors for their money
Only very tenuously. The only people who actually "invest" in companies are people who buy freshly-issued stock. The company receives no money from people who buy those shares subsequently: they don't "invest" in the company at all, they simply speculate on its ability to generate future returns.
The resale of shares is the way the original investors can get a return on their investment, but that's a very small amount of the market by volume of share trades. It's principally the present speculators who would be disadvantaged by a rule prioritising pension funding over dividends - future speculators would factor that into their speculation by marking down the share price.
Unfortunately, of course, your & my pension fund may well be one of those present speculators that would be disadvantaged.
Agreed, there's a significant risk of passing off and it seems petulent to complain about it as no-one in the NHS acutally asked them to do this stuff as far as I can tell.
If they want to piss off their only potential customer in a legally-acceptable way, they could just change the name to UbHUNTu.
If you want to renounce your US citizenship, you will have to pay a fee and possibly an exit tax - which may be applicable even if you simply had a green card.
And UK banks (amongst many others) are obliged to assist the US treasury in enforcing their taxation rules.
The growth in car ownership led to all sorts of grandiose post-war plans to "modernise" cities for the age of personal transportation. These included the London Ringways, the similar Manchester plan and the Newcastle Central Motorway(s). None of these plans was ever fully completed owing to the ever-growing protests about the destruction of both buildings and environment that resulted. The roads that were built are now little better than car parks at peak travel times.
In the unlikely event that autonomous vehicles ever become realistic and in the absence of any other change, most of them are going to be sitting in the same traffic jams. You can't fix that with more roads, only by changing lifestyles so there are fewer vehicles.
The point is that the usual suspects don't actually have the huge numbers of staff sitting around on the off chance that they'll win the contract for which they've bid - they build teams and consortia when they know the money is secure and not before.
And as we've seen with Carillion, their role as gatekeeper to major projects means that a ruthless primary contractor can pass all the "fronting" risk down to their subcontractors (accept our crap terms for late payment or get no work) and use the up-front payments from the government to prop up the dividends and bonuses.
What you're actually buying from the mega company may be very little more than its database of desperate suppliers and some contracted project managers.
I suppose if you compare QUIC with (TLS + TCP) you're looking at a similar level of complexity overall.
Setting aside the cryptographic stuff, QUIC does fix a number of inherent security problems with TCP and finally deals with its window size limitations, though it curiously does not incorporate any message boundary delineation. I have a suspicion that the complexity of the stream multiplexing and the individual acknowledgment of small chunks of data in each stream is a bear trap - that in practice a lost packet will stall more streams and result in more data being held pending retransmission than if the streams were sent individually.
That might not matter if the main application is retrieving web pages - the improvement in connection overhead is likely to be more than adequate compensation, but it would be interesting to see data from other types of application.
The only performance figures I've seen compare QUIC and HTTP (which I presume means they're not using the cryptographic features) and in those circumstances QUIC doesn't seem to be a clear winner and no more robust in the face of packet loss than HTTP over TCP.
While the router shouldn't totally lock up under these conditions and ought eventually to recover, receiving a large number of short packets back to back will inevitably seriously impact the throughput for other devices on the network and could result in network devices being dropped temporarily, simply because the radio space is being hogged by the amount of traffic from one source.
Domestic access points are typically not equipped with particularly fast processors and so there is a depdency on the underlying network hardware to be able to discard or ignore data that's arriving too quickly - it's possible in this case that because the packets are multicast they're being passed up the stack to the CPU but there's no limit on the number of buffers that can be allocated for that purpose, the CPU is getting behind and hence memory is being exhausted. A better thing to do might be to stop receiving altogether, but the AP would then effectively go deaf until it had caught up with the multicast traffic. However, unless you have a device that can process all potential traffic at the speed of the physical medium you're going to have problems of some sort - and that device wouldn't be competitive in a domestic market.
Even if it were, shared-media systems (like wired and wireless ethernet) depend to some extent on the connected devices behaving: if you have a device that jabbers constantly, there's not much you can do.
In short, it's OK to expect better, but you're not going to get perfect.
EDF, Veolia, Keolis and French hospitals don't seem to be on a list over here.
You don't even need to do the highlight trick on the PDF.
If you google "comug correspondence ofcom", the PDF file seen by The Register appears at or near the top of the search listings. If you click on the down arrow adjacent to the link and select "cached", Google will helpfully give you the entire text of the document, e-mail addresses included.
I hope the PR people have spent as much time hounding Ofcom...
There are plenty of applications that need high-precision timers: media synchronisation, in-process threading, etc. Taking them away from applications isn't really an option - though if you did, you'd also have to "fuzz" the lower-resolution timers because otherwise an application can simply execute, say, increment instructions to pad out the longer period and use the resulting number to work out how long the rest of the operation took.
The point of the processor is to run non-privileged, end-user applications. The operating system is just there to get multiple processes to play nicely together - it's not a repository for application code that processor bugs make unsafe to run.
Does this account for any potential partnership with the US or China
The point is that there's nothing stopping us having partnerships with the US or China right now - the EU doesn't have exclusivity over our research programmes. Our research partnerships with countries like Canada fall largely within their participation in EU programmes.
The EU has always made research funding a priority, partly because it sees the technical dominance of the US (in particular) as a threat not only to European industry, but also to European social policy. I would be very surprised if the UK had the same interest in continuing to fund research - it's been at best a grudging concession from the Treasury in the past - or to provide the freedom of movement for international scientists that has underpinned our research collaborations within Europe.
The WannaCry debacle suggests the opposite to me.
If the various outpatients clinics and operating theatres had printouts of their schedules for the next few days, most of them would - in conjunction with their paper medical records - have been able to continue to function, at least until the inability to make fresh appointments deprived them of work - probably about 3 months at the current rate of referrals...
Most of the work of the NHS is extremely mundane. There are cases of complex diseases or difficult-to-intepret diagnostics where AI may be of some benefit, but they're the exception rather than the rule.
The reason that isn't equivalent to wealth is that you're not "entitled" to it in any way under your control. There is no fund of equivalent value in which you have a share, all you have is a promise that a future government will require future taxpayers to pay you that sum out of their earnings.
If there's noone to tax (because the winners are offshore and the losers are impoverished), it will quickly become apparent that "wealth" is of very little value.