* Posts by Mo

137 publicly visible posts • joined 18 Jul 2007


ISPs frosty on Jacqui's comms surveillance plan


My draft response to the proposals

(to be submitted this week, hopefully)


Google accused of selling free clicks


Er, hold on

The problem here is that a piece of dubious AdWare is able to serve Google Ads.

And, er, that's it.

The fact that an Ad for RCN shows up - as a result of the adware - when the user is on the RCN site is down to the adware, rather than Google or RCN directly.

Last I checked, Google didn't promote or endorse Adware (quite the opposite, in fact). Did Ben Edelman contact Google to alert them of this issue? What response did he get? -That- would be the story. Instead, this is just another "Google is not not evil" piece of puffery with little substance.

Unsafe at any speed: Memcpy() banished in Redmond


@sed gawk

Er, I think you want sizeof(*dest).

Unless you're only planning on copying the same number of bytes as make up a pointer to FOO.

Apple bars 2.0 code from App Store


@Adam T

It means you should build it with the 2.x SDK, but Apple's policy is (now) that you should test with both 3.0 beta and 2.x

Sphinx - text search The Pirate Bay way


There are plenty of alternatives

In my experience, searching TPB for anything has given awful results without some serious massaging of the query.

I've not looked at Sphinx itself, but Xapian, on the other hand, is absolutely fantastic (and is used by all manner of sites out there).

Ready or not, IPv6 is coming


Running it here

My home network has a /48 allocated to it. When I hit Google, I do so over IPv6, because my upstream DNS resolver is registered in Google's v6 programme as one of the resolvers it should always return AAAA records for (as opposed to normal, where they only return them if you look up ipv6.google.com to avoid breakage):

[mo@pip ~]$ host www.google.com

www.google.com is an alias for www.l.google.com.

www.l.google.com has address

www.l.google.com has address

www.l.google.com has address

www.l.google.com has address

www.l.google.com has IPv6 address 2001:4860:a003::68

Excepting my iPod touch (see iPhone comments from Jez above - and rdar 6747399) and PSP, I think every device on this network has a public, routeable […and firewalled] v6 address. I'd be reading this via IPv6 now if El Reg had v6 transit to its servers. Even The Pirate Bay has an IPv6 tracker.

Indeed, that's the problem: hosting providers aren't willing to support v6. I asked ours and they told us they had no plans at all. MInd you, the more people who ask, the more providers will start to think about it. Same with ISPs (though it's arguably easier to get a tunnel into your network that's suitable for browsing as compared to one for hosting critical stuff).

I think the point of Google's statements isn't that 2009 will be the year of IPv6, but that it'll be the year that IPv6 gets talked about a lot more, and will probably see a lot more growth than it has previously. Lots of people *are* taking an interest, and a lot of the hassles in getting set up from years gone by just don't exist anymore. Getting a tunnel is easy, if you know how.

Apple cracks down on rogue app stores


I'm usually the first to defend Apple...

...but this smells anti-competitive to me. You'd have to go some way to convince me that this clause is legally-enforceable.

Multi-site bug exposes cloud computing's dark lining



"Since Google have no clear support route"

If you use paid-for Google Apps, you get dedicated e-mail and telephone support.


Um, what?

This is the most inane "critical" article I've read on cloud computing in a while.

Traditional software running on web servers:

1. customers all install a piece of software.

2. vulnerability is discovered

3. vulnerability is exploited, with the help of Google

4. over the course of the next year or so, customers patch the vulnerability


1. customers sign up to service

2. vulnerability is discovered

3. vulnerability is exploited

4. SaaS vendor patches vulnerability and _all_ of the customers are instantly patched

I'm failing to see how SaaS is somehow worse than the traditional route, except in the very narrow scenario where you've got the in-house technical resources to roll out your own security patches before your vendor does (good luck if it's not open source, eh?)

Kaminsky calls for DNSSEC deployment


Forget the root

The DoC has operated the root zone forever, and the only alternative is worse (IANA itself), so bitch about it *now* isn't likely to achieve much unless a viable alternative is mooted.

But, that has little to do with DNSSEC, other than cementing authority that's already pretty firmly held.

The solution is to distribute the public keys of the TLDs alongside the root NS hints. That _file_ can be signed (e.g., by PGP), which the OS/DNS resolver vendors (who are the ones who pick up the root hints file and distribute it to their users) can verify that it was generated and signed by somebody that they—on behalf of their users—deem trustworthy.

The benefit of this over simply signing the root zone is that it's not any more complicated than the key-distribution mechanism that'll be required for the root zone signing key anyway, and it makes the signature of the root zone irrelevant for most purposes: because the TLD signatures can be verified without referencing the root, it can be signed by the US, or IANA, or nobody at all, and it doesn't make one bit of difference. If the world has a falling-out with the DoC (or IANA), it's a matter for the world's Internet users (via the resolver distributors) to decide who the new trustworthy source of TLD keys is. They could even form a web of trust whereby each vendor picks a TLD, verifies its key in person, and distributes it to the others; no single-point root key distribution required.

Of course, the danger with this is that it would demonstrate how irrelevant IANA really is.

Ruling: Gov reports into ID scheme must be disclosed


The real question is…

WHY doesn't this set a precedent, and—more importantly—why wasn't this enshrined in law from the outset?

What's the point in feasibility studies if the Government are free to ignore them?

Norway mobilizes against IE 6


Now all we need…

…is for Google to join the campaign, and we can all watch IE6’s browser-share drop to the 3% of people out there who neither use Google nor an alternative browser.

Hacker pokes new hole in secure sockets layer


Moral of the story

a) Don't price EV certificates out of the market. Most clients I know won't bother because the cost/benefit ratio is all wrong

b) Encrypt everything.

I can't see either happening in the near term, to be honest.

Brit, French nuke subs collide - fail to 'see' each other



given that Sarkozy is due to reverse de Gaulle's decision and push the French military back into NATO's command full-time, I suspect it's only a matter of time before France is sharing said joint manoeuvre C&C systems.

Kids online: Parents need to regulate, says Ofcom



""Was there a single reason they could advance as to why all new PCs should not come with optional porn filters on as default?""


a) You'd have to have a selection and certification process for said filters, which would be incredibly costly and inefficient

b) Not all PCs are created equal

c) The vast majority of PCs sold go nowhere near children and are wiped/imaged on receipt anyway (thus making the cost incurred a complete waste of money to British business)

d) Not all PCs are sold with an operating system in the first place

e) What happens when the OS installed on the PC doesn't have a filter available for it?

f) How do you classify "sold" and "PC" anyway? Tricky, you see. What about a dedicated server?

g) Are resellers and manufacturers legally liable if the filter doesn't work? Does that not mean parents would, by default, abdicate all responsibility because "the computer does it"?

h) Porn isn't illegal [generally] in the first place. Why filter it?

i) When I was a kid, I saw plenty of porn, without the aid of the Internet. I bet the generation before me did, too. (It never did me any harm…)

j) Would there be clear instructions on how to turn said filters off? Do you think the same people who can't manage to operate a virus scanner would be able to i) switch it off when required, or ii) prevent children from doing the same?

Sun angles cloud-on-credit-card play


This is new?

I run applications on a cloud computing platform running OpenSolaris. My apps live in zones. Storage is a combination of ZFS, and ZFS-via-NFS to a Thumper. I pay for it monthly by credit card. Just to complete the circle, I do, from time to time, run MySQL on those servers (though the only bit of Java is a JavaScript minifier). The cloud provider I use isn't exactly a nobody, either.

So, er, what's so newsworthy?

Yahoo! lobs! Briefcase! into! rubbish! bin!


Might it be perhaps because…

…nobody had ever heard of it?

Seriously, it really hacks me off when companies do this: the only time you hear about a potentially good service is when they announce they've canned it through lack of interest, yet no attempt was made to market the service to anybody of any note.

Steve Jobs takes medical leave from Apple to focus on health

Jobs Halo

Funny how…

…nobody seems to care what effect this might have on Pixar, eh?

Anyway, he's done what he said he'd do: told the board, and everyone else, that he's unable to continue running Apple—on a temporary basis, at least. Let's hope, purely for his sake, that he gets better; and let's hope that Apple continues to do what Apple does and demonstrates that the ringmaster isn't the be-all and end-all of the circus.

Create high-resolution displays for OS X



It's PDF rather than SVG because Mac OS X's underlying graphics engine—Quartz—natively renders graphics in terms of PDF-like streams (it's not actually PDF itself, but an internal representation of the primitives, but it means that displaying a PDF is an utterly trivial operation).

Rendering SVG, on the other hand, is fine in a web browser but horrible for basic UI elements given the architecture.

Android goes Skype, iPhone to follow soon


Proper Skype client?

The iPhone/iPod touch is certainly capable of running a full-blown client. It'd be a shame if all we got was the 'Lite' version (which would only work on the iPhone—not the iPod touch).

The biggest thing I use Skype for is SMS from the desktop, to be honest. I'd pay a couple of squids to have that as an iPod touch app.

UK.gov to push Obama for tougher rules online


So what happens when a new protocol comes along?

Even if you figure out a way to reliably, without destroying e-commerce in the process, 'rate' websites in a way which doesn't get broken as soon as the content changes, what happens to IRC channels, newsgroups, P2P networks, e-mail lists, SNMP connections, LDAP lookups, and every other application which uses the Internet? What happens when we don't use HTTP and HTML any more, and we don't have 'web sites'?

It's not that the creators of the Internet talked about something Governments can't touch (mainly because they were, er, government contractors), it's that they deliberately designed it to be open-ended and massively flexible. It's not that Governments can't touch it, it's that the only way they can control it in the manner that they'd like to is by destroying it, and that would do more harm to the economy than Woolies, Zavvi and Adams closing ever will.

Browsers fail password protection tests


Is that Safari on the Mac, or on Windows?

’cos on the Mac, passwords are stored on the Keychain, and if you don't unlock your Keychain in the first place, Safari can't decrypt squat.

The default configuration is for your Keychain to be unlocked when you log in, but you can change that easily enough, and set it to to auto-lock under various circumstances, which means you'll be prompted for your Keychain password whenever Safari wants to auto-fill a login form. Hit Cancel and it won't auto-fill a thing.

If memory serves, other auto-fill data is stored in the same way.

Interflora sues M&S over Google keywords



It's thorny for two reasons, though one far moreso than the other:

1. Trademarks are granted in specific categories (McDonald’s restaurants and McDonald’s Shoe Emporium are two different kinds of business who might hold a trademark on the same thing)

2. The companies aren't actually *displaying* the trademark, the user is just searching for it. To the letter of the law, they've actually not done anything wrong (unless the ad text contains the mark in question).

Users know that sponsored links are just that, which reduces the risk of “likely confusion”, and so are likely to be aware that the sponsored links may include competitors (which could well be to the consumer's advantage, after all).

If the advertisers aren't actually claiming to _be_ the company associated with the trademark, I say let them bid.

Competition watchdog bounces BBC, ITV and C4's web TV plan



One route would be to simply offer programmes as free rentals on iTunes UK for 7 days. BBC WW and Channel 4 (and Sky, and many others) already *sell* the programmes on iTunes, and we know the iTunes Store supports rentals now. I suspect some hefty negotiating regarding the logistics of it would have to be done, but that's a business, not a technological issue.

It's not the ideal, universal solution for several reasons, but if they want a unified platform which isn't tied to any of the channels.

MySQL creator kicks MySQL 5.1 team in the teeth



I'm not entirely sure how complaining that it's broke is inflicting a view on users, really?

Copyright-bothering web TV outfit rises from the grave


Sounds a bit like Zattoo

…except as a web site instead of a (rather good) standalone app.

Google Analytics — Yes, it is a security risk


Or, you could just…

…serve up a local copy of urchin.js, neatly avoiding the whole problem.

Adobe CTO calls for JavaScript coordination


next version of AIR to use Squirrelfish?

So if the next version of AIR is going to use Squirrelfish, does that mean Adobe will contribute ActionScript language features (packages, classes, method/property visibility, etc.) to it?

By the sounds of it, ECMA's going to end up irrelevant—even though they rejected ECMAscript 4 as proposed by Adobe, all of the runtimes will likely end up with support for all of the proposed ES4 features *anyway*. Possible exception of Microsoft's, but Adobe could possibly pull a clever trick in bundling a WSH engine along with the Flash player to render this moot.

Safari 3.2 update leaves Mac fanboys' balls in a spin


Disable third-party extensions for upgrading

I thought everybody knew this?

Disable PithHelmet, specifically. Inquisitor possibly.

Third-party add-ons which work through the Input Manager mechanism won't have been tested/updated for the new release.

3.2 is absolutely rock-solid for me, running without third-party add-ons.

Apple bans iPhone app for changing version number


I think you'll find…

Apple just missed a trick when they approved this initially, that's all, and have belatedly pulled it when they should have to begin with.

No conspiracy, really.

Visa trials PIN payment card to fight online fraud

Black Helicopters

So basically...

See my comment on http://www.theregister.co.uk/2008/08/07/verified_by_visa_compulsion/comments/

(Search for “by Mo”).

Should I expect the black helicopters?

Motorola legal tie to pull pricey Aura phone off eBay


In the US…

…this is illegal (First Sale Doctrine).

Don't know about Blighty or the rest of the EU; I suspect similar measures exist, though.

Microsoft faces second 'black screen' lawsuit



Let me get this straight… a lawsuit over an anti-piracy system introduced by an OPTIONAL update that does nothing except reset your wallpaper once an hour?

I thought the USians were lawsuit-happy. Jeezo.

Govt ponders proof-of-ID law for future phone purchases


Presumably then…

…you'll be required to provide your passport number when making a call from a payphone?

Or will they all just have CCTV and facial recognition?

Hoon: Not building überdatabase would be terrorist licence to kill


So, what's next?

Terrorism is the current hot potato killer issue.

What's next?

How ridiculous does it get before people start to say “actually, hold on… this is entirely disproportionate?” I know it IS disproportionate now, but it's still an (admittedly vocal) minority actually saying as much. Perhaps everybody should be monitored to ensure that errant pedestrians can't stray onto a busy road and get themselves knocked down? Perhaps police officers should be stationed at the doors to every local pub to ensure that drink driving doesn't occur? Perhaps all kitchen knives should be licensed to qualified “home chefs” to ensure that knife crime is kept to a minimum?

Sorry, Mr Hoon; you were an idiot in defence, and you're still an idiot now. The biggest civil liberty of all is to live without repression, either from terrorists OR from the Government. At the end of the day, if you can't have that, it doesn't matter who's doing the repressing, as many other governments of dubious repute across the world have demonstrated.

Google says sorry as Gmail plummets out of the cloud



Cheap application of some kind doesn't have five-nines uptime.

If you don't want the trouble of installing, configuring, patching, feeding, watering, developing and otherwise maintaining your own global e-mail infrastructure, you either pay for it or get it for free. Either way, you get what you pay for.

Last I looked, Google Apps was quite explicit about exactly what guarantees you get for your money (free or premier). The fact is, the occasional glitches pale into insignificance as compared to the cost of running the infrastructure yourself for many people. You don't get something for nothing, though.

Nokia's Trolltech preps embedded app breakthrough



Defacement, disgruntled columnist, or PEBCAK?

Son of state lawmaker charged with Palin email hack


Uh, so…

So if he's been indicted, does that mean the accounts DID belong to Palin?

iPhone squares up to Android


Define 'background'?

My iPod touch receives push notifications of e-mail when I've got other things running (it 'pings' at me at exactly the same moment my Mac does, give or take half a second, when new mail arrives)

Are you perhaps confusing push e-mail notification with the generic push notifications SDK which was removed during the 2.1 beta timeframe, and is expected to make a return once Apple is damned sure it's got the infrastructure right for running it?

Spy chiefs plot £12bn IT spree for comms überdatabase


Not being funny

But I'm not sure we've got £12bn to spare, let alone what it'll *actually* cost.

Apple condemns FileVaulters to seventh circle of Safari hell

Paris Hilton

First thing's first

Tell us what the Apple Bug Reporter problem ID is so that anybody who also suffers from it can dup it in Radar.

Second, have you checked the permissions on ~/Library/Preferences/com.apple.LaunchServices.plist and checked that it contains what it's supposed to?

Something LaunchServices-related is evidently kicking off before FileVault has decrypted the home directory, and so it's hanging on to the default values instead of the customisations. It might well be an interaction between FileVault and a third-party app.

Hawaiian anti-LHC lawsuit thrown out


I'll chuckle

If it turns out they were right and a black hole does accidentally get created which ends up destroying the whole planet.

Germans give peeking Google one in the eye


I can only assume…

…that none of the people complaining have ever *used* StreetView.

The backlash appears to be what I'd expect for some technology out of a Tony Scott movie, and StreetView ain't anywhere near that good, as neat as it is.

Royal Society: Schools should show creationism 'respect'


I see the point

I think creationism is bunkum (lots of natural things don't demonstrate a huge amount of intelligence in their design, unless you can also attribute malice)

However, being able to explain why creationism isn't science and evolution is is entirely sensible, and that sort of analysis is a skill that children should be taught (logical, rational, reasoning applies to a whole bunch of things, after all).

The money quote is:

“teachers need to be in a position to be able to discuss science theories and explain why evolution is a sound scientific theory and why creationism isn’t”.

This is entirely spot on. Teachers AND children need to be able to do this.

BlackBerry redoubles iPhone challenge


Re: myspace - on a BB screen?

It probably does it the same way MySpace for the iPhone (launched months ago, incidentally) does it: by not rendering any of the actual pages, and instead presenting the information from them within a useable native UI.

Indeed, the MySpace iPhone app is quite nice… at least, compared to actually having to use the MySpace site, at any rate.

Glasgow tube gets phone coverage


What's the point?

I mean, seriously. Why?

It's lovely that Seoul and Stockholm have mobile coverage underground, but the reason we haven't done this is that no bugger actually *wants* everybody to have mobile coverage underground.

It's a PR exercise and a source of irritation.

UK punters scowl at webmail ad targeting



It's pretty simple, really…

With e-mail providers, you have many many choices. You are under no obligation to pick the one which is free and serves targeted ads. Personally, I do… for some things. For others, I have a server (which I own) in a rack (which I rent) which handles things instead.

If you want free e-mail, there's going to be a trade-off. There has been for as long as free e-mail has existed. If you don't like it, pick another option.

Wi-Fi: You old new smoothie?


No uptake?

Let's see, the serviced offices I'm in? Free wifi for all tenants and visitors (there's a Café on the middle floor), with encrypted/authenticated VPN access to the tenant’s VLANs if required.

If I go into the city centre, I can't move for useable networks. My iPod touch has Wifi most places, thanks to a £3.99/month subscription to The Cloud (the only exceptions seem to be places where BT OpenZone or T-Mobile have muscled in first, with their exceptionally expensive Wifi-only packages). If I really have to, I can fall back to my 3G phone, but in all honesty it's rare most places I go.

Femtocells are currently even more bluesky than metropolitan WLAN. It's probably more likely to happen (although very likely restricted to the enterprise space), but it's hardly the case that people are dropping Wifi for cellular all over the shop.

Microsoft breaks IE8 interoperability promise



The icon is retarded.

However, defaulting to compatibility view JUST for intranet-mode sites is entirely sensible. it completely avoids the problem that Microsoft has had in the past—that enterprise customers and the entire rest of the world had differing requirements.

Let intranets be viewed in compatibility mode. None of us web developers will actually care, because all of the stuff WE deal with will be standards-compliant.

Meanwhile, enterprise developers who are stuck with a horrific godawful legacy mess won't have to scramble to fix them.

The fact that IE has "security zones" is something that was completely forgotten about in the debate over the IE8 meta tag, and making use of them is a rather elegant sidestep of the whole problem.

Ofcom considers termination charges



PAYG customers:—

a) Pay more for calls than contract customers, text messages and data services

b) Pay outright for the handset (versus "free" [subsidised] for contract customers)

c) Find the handsets are locked to the network

d) Aren't able to make use of certain services available to contract customers (i.e., they're simply not available)

e) Often can't get the same handsets as contract customers

Far from “contract customers propping up the networks”, PAYG customers make the networks an absolute mint, because they end up charging an absolute fortune for any real-world level of usage. History has shown that the number of mobile users is only going to go up over time for the next foreseeable future, and unless one network is absolutely head-and-shoulders better or worse than the others, there's no point in treating PAYG customers like dirt to work around the lack of contractual lock-in, because (where customer numbers are concerned), what comes around, goes around—you'll have customers leave, and others join you, but ultimately you'll probably have the same share of PAYG customers you did a year ago, unless you're really good or really bad.

If Ofcom is at a loss to figure out what to do with PAYG customers, allow me to suggest… given that the handset is paid-for upfront (which covers the cost of an 18-month contract with no optional extras), decree that everything else must be comparable in terms of cost: same bundles, same call rates, same features. The only exceptions permitted will be those on technical or logistic grounds (i.e., you have to do everything out of prepaid credit, you can't start things on the next billing cycle, or have the cost of things spread over x months into the future).

Far from losing customers, the networks would soon discover that although many people use PAYG phones and have every intention of doing so (the numbers are not to be sniffed at), the basic ability to switch networks at the drop of a hat is far outweighed by the fact that most people don't actually want to all that often.