* Posts by gnasher729

1945 publicly visible posts • joined 13 Oct 2014

Epic cut: Fortnite games maker culls 16% of staff

gnasher729 Silver badge

Would Apple have to allow epic on its store?

Apple and epic are surely not best friends, so if all the court cases are over, and Apple has no interest to let epic on its stores (very understandable), could anyone force them to do business with epic?

iPhone 12 deemed too hot to handle for France's radiation standards

gnasher729 Silver badge

Do you hold your laptop to your ear usually?

Apple races to patch the latest zero-day iPhone exploit

gnasher729 Silver badge

Re: The intentionally incompatible iMessage yet again?

Many, many years ago there was NVIR. Which infected Mac apps running on an infected computer. Being nice, we added a bit of code that detected if our app was infected and showed an alert.

Our boss demonstrated the app at a major bank. It got infected instantly and showed an alert.

I'll see your data loss and raise you a security policy violation

gnasher729 Silver badge

Re: Happens more often than you think...

Just saying: On MacOS X if I remember correctly the “temp” folder is excluded from time machine backups, and files inside can be deleted by the os if storage is needed. On the other hand, it’s a bit hard to access by the average user.

gnasher729 Silver badge

Re: It can get worse...

What about a request to the OS makers: Just besides the “Trash” icon, put another icon “Later”. Just as unremovable. So stuff that people want to do later goes in the “later” folder and not the “Trash” folder.

Even better: Add a “Sooner” and a “Later” icon for everything you need to do sooner or later.

Apple security boss faces iPads-for-gun-permits bribery charge... again

gnasher729 Silver badge

Except a conspiracy requires that you do _something_ to further the goal of the conspiracy. Did he ask anyone at Apple how to get 200 iPads? I mean even at Apple headquarters, I assume that they don't just have palettes loaded with iPads sitting around for self service. So telling the ex-police officer "Ok, I'll get you 200 iPads" is NOT a conspiracy yet.

In addition, it is doubtful that a crime that requires two people by its very nature, like bribery, would be a conspiracy.

gnasher729 Silver badge

It seems the guy wanted some “concealed carry” licenses, with a legitimate reason. The sheriff said “no problem but you’ll have to pay me”, and he’s in jail now because that wasn’t the first time.

The guy was willing to pay by handing over 200 iPads but changed his mind at the last second when he heard the sheriff was in trouble.

So he was kind of forced to offer a bribe, he promised a bribe, but never actually bribed him. Because he changed his mind when he knew this would be found out. So did he commit a crime? Don’t know.

Apple's defense against apps vandalizing other apps still broken, developer claims

gnasher729 Silver badge

Re: File Permissions?

"Shouldn’t this be addressed with proper file permissions?"

That shouldn't be necessary; there is supposed to be a global permission "an app cannot modify other apps", with some exceptions, like any two Microsoft apps could do things to each other that a Microsoft and an Adobe app wouldn't be allowed to do. The problem is that TextEdit does exactly what it is supposed to do, it edits text files, including configuration files. If you are the user of the app and want to edit its configuration, that is exactly what you would do.

On iOS there is much stronger protection. That's why x% of users love iOS and 100-x percent hate it. The first say "wonderful, it's a walled garden, exactly what I want" and the others say "godawful, it's a walled garden, I can't do what I want. "

There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack

gnasher729 Silver badge

Re: Network routing working as intended

If I use a VPN, and someone can observe my network traffic, then they can easily identify that all my traffic gets sent to the VPN, and all my traffic is received from the VPN. So the fact that everything uses the same IP address, and everything is encrypted, gives the VPN's IP address away.

Judge denies HP's plea to throw out all-in-one printer lockdown lawsuit

gnasher729 Silver badge

Re: I ditched HP printers

Bloody Amazon door camera. Insisted on sending my door pictures to Amazon. I have WiFi and hundred of gigabytes of free storage at home. Why should I pay Amazon gor that?

Say hello to Downfall, another data-leaking security hole in several years of Intel chips

gnasher729 Silver badge

Re: Planned Obsolescence

The problem is not out of order execution at all. The problem is branch prediction and speculative execution. During speculative execution the old contents of registers that get modified must be stored _and protected against overwriting_ so that speculative execution can be undone. And that’s what both AMD with Zenbleed and now zingelt got wrong.

Lock-in to legacy code is a thing. Being locked in by legacy code is another thing entirely

gnasher729 Silver badge

A harmless variation

I worked in one office where you needed a card to enter through doors, but no card to exit through doors.

The building had a trap: One little part that you could enter through two doors but not leave. So if you forgot your card and entered there you were stuck. I managed it once and had to wait five minutes for someone to open a door. If you were the last person to leave the office , forgot your card, and took the wrong route, you were stuck.

Cops cuff pregnant woman for carjacking after facial recog gets it wrong, again

gnasher729 Silver badge

An experiment

Take 100 random people, let them walk past a CCTV camera, and let your “facial recognition” software recognise them. Then show us the results. For extra points, add two photos of Joe Biden and Donald Trump and see if they are recognised.

Scientists strangely unable to follow recipe for holy grail room-temp superconductor

gnasher729 Silver badge

It might if you think of new applications. Say transmitting power over very long distances which is impossible now and not done because of huge losses, say 90% over a few thousand miles changing to 10%. Or transmitting energy from A to B back to A which might be useful but a huge waste today.

AMD Zenbleed chip bug leaks secrets fast and easy

gnasher729 Silver badge

Re: Dumb Questions

There are two points of view: It is both a bug and an exploit.

In “bug” mode, a vzeroupper in your code shouldn’t be executed, but is actually executed by branch misprediction. When this misprediction is fixed, data from any process that happened to write to an xmm register may have overwritten your register. That’s obviously a bug. But it seems this is rare: I have the impression another process must write to a rename register just between the CPU mispredicting a branch around a vzeroupper instruction and fixing the misprediction, so only a handful of cycles.

In “exploit” mode the malware does exactly the same, but intentionally, and actually hopes that it’s data gets overwritten- because it knows some other process had written that data.

The reason why this doesn’t happen with ordinary registers is that they are protected from being written to while a predicted branch is running, and for some reason this doesn’t happen for vzeroupper.

gnasher729 Silver badge

Re: Parsing the data

Finding the length of a string in code points is slightly more difficult with utf8 (you need to find a zero byte and not count bytes of the form 10xx xxxx). Finding the length in characters is difficult. But most of the time you just want the number of bytes.

Bad news: Another data-leaking CPU flaw. Good news: It's utterly impractical

gnasher729 Silver badge

It sounds like the CPU itself can provide information about power usage, so you don’t need to be in control of the physical computer.

Fed-up Torvalds suggests disabling AMD’s 'stupid' performance-killing fTPM RNG

gnasher729 Silver badge

Re: If Torvalds says so

“ "If Linus Torvalds told you to jump of a cliff would you?" (imagine this in your mum's voice)”

I would listen to him. If there was a fire behind me and a five meter drop into water in front, I’d jump off the cliff.

gnasher729 Silver badge

“and all subject to bias output, not true rng.”

All you need is entropy. Once you have n bits of entropy, you can turn it into an unbiased n bit random number. Throw a dice and write down whether each throw showed a six or not. Less than one bit of entropy per throw (I think) but easy to turn into an unbiased random number.

gnasher729 Silver badge

This doesn’t make sense.

You want one entropy source that is entirely physically unpredictable. That’s what this thing should provide. And that kind of thing is known to be expensive.

Once you got that you want a cryptographically secure generator that creates a sequence of random numbers, that are unpredictable _based on your initial entropy source_. That’s mathematics. It is well-known mathematics. It’s not cheap, but not very expensive either. There is no reason at all to use the entropy source again. All you need to do is to keep the state of that random number generator secret, so nobody can copy the state and produce the same random numbers.

(And on top there are many situations where you want random numbers very fast without any requirement for cryptographic security).

So what they are doing only makes sense if they can’t keep the state of their cryptographic random number generator safe and have to destroy/recreate it repeatedly.

Nobody would ever work on the live server, right? Not intentionally, anyway

gnasher729 Silver badge

Live server has fault - switches to backup server - backup server is turned off - an obvious problem.

But if the order was backup server turned off - live server has fault - cannot switch to backup server. Wouldn’t that have the same effect?

Apple demands app makers explain use of sensitive APIs

gnasher729 Silver badge

Re: Well, at least the app developers...

There’s a thing called “contracts”. If they catch you actively lying they can close your developer account.

gnasher729 Silver badge

Re: The Uber-permission (on Android); Equivalent on iOS?

There’s the “Settings” application which can obviously change all settings, so that must have some special permission that others don’t have.

In the past, I have _wanted_ to turn WiFi on for users; in the past an ios app could open the “Settings” app and go straight to WiFi settings, I think nowadays you can only open the “Settings” app.

So if you have a situation that justifies it, you would show an alert saying “to do xyz, change abc in the settings app”, with two buttons “cancel” and “settings”.

Apple patches exploited bugs in iPhones plus other holes

gnasher729 Silver badge

Re: Its also the not-early adopters

There’s always the possibility that a bug in ios13-15 doesn’t actually exist or doesn’t work on ios12. Or that an exploit is not trivial and must be handcrafted for each target to be attacked, and no attack for ios12 was written.

Someone just blew over $190k on a 4GB first-gen iPhone

gnasher729 Silver badge

I remember buying a used iPhone to be used as a cheap iPod, and I couldn’t activate it until I took a card from another phone. Just for activation, after that it wasn’t needed.

On the record: Apple bags patent for iDevice to play LPs

gnasher729 Silver badge

Since ideas are cheap

... ideas are cheap and implementations are not: I remember people built contactless LP players using a laser to scan the LP and get alll the music out of it. Would a good phone camera be good enough to do that? So you hold your camera close to the LP, make sure you get a sharp image, move camera or record until the complete surface is covered, and then you can play the music, without any additional hardware?

The choice: Pay BT megabucks, or do something a bit illegal. OK, that’s no choice

gnasher729 Silver badge

Re: QWERTZ/QWERTY.

On my first ever day working on a programming job in the UK I entered a statement

if (i >+ 0)

Instead of >=. The same finger movements that enter >= on a German keyboard produce >+ on a British one. The worst thing was that it actually compiled and that it was almost but not quite correct.

What does Twitter's new logo really represent?

gnasher729 Silver badge

About 27bn of the purchase price is his money. Either directy his money, or a loan with his Tesla shares as security.

Post-Brexit tariffs on cross EU-UK electrical vehicle imports still going ahead

gnasher729 Silver badge

Re: Fuck business

There was the fishery industry, where the guy supposed to represent British interests participated in two of 33 meetings. His name was Nigel Farage.

Turning a computer off, then on again, never goes wrong. Right?

gnasher729 Silver badge

At two or three companies I managed to get a process for installing a development environment for new developers.

It started with a printed sheet of paper. The paper said “follow the instructions on this paper. If they don’t work, then ask for help, and change the instructions so they work”. That was needed because what’s on a brand new machine would change over time.

And one part of the instructions was where to find the instructions as an editable document so the new guy could update them.

Boss such a tyrant you need a job quitting agent? It works in Japan

gnasher729 Silver badge

And clearly you are not Japanese.

Quirky QWERTY killed a password in Paris

gnasher729 Silver badge

Re: All your QWERTY belong to us...

Excel has a setting to format numbers as “currency”. Before the euro I know a Dutch company that lost money because their documents with cost estimates showed Dutch guilders and their German customers read Deutsche Mark.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

The niche case happened to me because I wanted a keyboard in front of every monitor, so I bought a ten pound keyboard in the supermarket. Yes, I can set up different languages per keyboard (say one French, one Italian) but the control key swap is global.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

How is it hard to sort? Unless you are a numpty, you convert it to a date, and compare the dates.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

Lots of downvotes but I think people missed the critical word “servers”. On my PC or laptop I decide which keyboard. And in your PC you decide. Servers are many machines handled by the same person, so they should all have the same settings. And preferably the same setting that the manufacturer uses. Of course I expect that the server can handle all kinds of client machines.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

Slightly inconvenient, or very inconvenient, but not unusable.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

As it should be, since most things are about your culture, but keyboard layout is about the physical keyboard that you have.

Complaint about MacOS: it can swap control/command if you have a pc keyboard, but it cannot handle one Mac and one pc keyboard simultaneously.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

If you sort dates without any intelligence and by ascii order that’s just stupid.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

The correct way is 30/Jun/2023, which is very hard to misinterpret.

gnasher729 Silver badge

Re: All your QWERTY belong to us...

German has two sorting orders: Dictionary and phone book and they are different. In the phone book, Ä is sorted like AE. In the dictionary it depends on whether the Ä has been created by a plural or not, so Arzt and Ärzte are sorted together in the dictionary.

gnasher729 Silver badge

Re: On Screen Keyboard

On screen keyboard wouldn’t have helped. This program needed you to press the actual physical keys. I’ve never heard anyone doing this. But there you go.

Microsoft, OpenAI sued for $3B after allegedly trampling privacy with ChatGPT

gnasher729 Silver badge

Re: know-it-alls that collate well but add nothing new and deplete resources

On the other hand, the last time I googled for some maths problem, Google linked to a “helpful” answer by chatgpt on quora which was absolutely freakin’ nonsense.

Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law

gnasher729 Silver badge

Here’s a possible outcome if the lawmakers don’t watch out: Apple monitors everything and tells Ofcom “we found 13,279 cases of violations”. Ofcom: So who are these 13,279 animals? Apple: Sorry but your law didn’t tell us to record that. All we know is 13,279 cases. “

Apple has to report how many phone ids they handed to the police in every country. At some point they reported over 10,000 numbers to police in Brazil, absurdly high compared to all other countries. Turned out a truck with 10,000 iPhones had been stolen :-(

Mark Zuckerberg would kick Elon Musk's ass, experts say

gnasher729 Silver badge

Re: More on Twitter

Obviously Zuckerberg cannot buy Twitter unless Musk is willing to sell.

Yaccarino takes wheel at Twitter early as advertising woes become public

gnasher729 Silver badge

Re: Wolves at the door

Hypothetically Apple and Google could throw some money together, buy it out, and create something useful. How much? 6 billions would keep the banks happy, losing only half their money, and the rest - just bad luck.

How Apple's M1 uses high-bandwidth memory to run like the clappers

gnasher729 Silver badge

Re: Great Block Diagram

The L1 caches are per core, so the M1 Pro has eight of them. L2 cache is per group of four cores, so M1 Pro with 2x4 cores has twice as much.

Plus there is a cache between RAM and processor shared by CPUs and GPUs.

M2 Ultra chip lands in 'cheese grater' Mac Pro to displace Apple's last Intel holdout

gnasher729 Silver badge

Re: Falling

I'm quite sure I've heard that before - "once everyone has bought an iPhone 3 they won't sell any more" and so on.

India official fined after draining reservoir to recover phone

gnasher729 Silver badge

Re: fine

Google tells me that southwestwater (whoever that is) had a variable charge of just under £2.00 per 1000 liters, so that would be about 8,000 pound.

Since when did my SSD need water cooling?

gnasher729 Silver badge

i tried to find out through Google how exactly QLC cell SSD drives work. My impression was that the same cells can be used as either fast single bit or slow quad bit cells. So if I get this right, then there is no fixed "fast" memory. If 1.96TB of your 2TB drive are full, then you have 40GB QLC cells remaining which can be used as 10GB fast single bit cells. If 1TB is full, then you have 1000GB QLC cells left that can be used as fast 250GB single bit cells. (The documentation that I found says that the amount of fast memory goes down as your drive fills, which doesn't make sense if it is fixed size).

Interestingly, everyone tells you an "up to" speed but nobody tells you how much data you can write at that speed. So I have no idea if that "up to 3,100 MB/sec" drive slows down to 60MB, and when.

gnasher729 Silver badge

Re: SSHDs aka hybrid drives

Apple used two separate drives. So the logic needed is part of the OS, uses the full power of your computer, instead of being run on a tiny hard drive controller. I think that makes a difference.

Same reason that I wouldn’t trust full disk encryption on a drive, much better to leave all the logic, handling keys etc. to a proper computer.