* Posts by bombastic bob

10507 publicly visible posts • joined 1 May 2015

FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'

bombastic bob Silver badge
Devil

Re: Money Talks...

"if enough campaign contributors want a backdoor the US politicians will give the FBI a backdoor."

Then open source developers from outside the USA [and perhaps a bunch from WITHIN, using anonymizing networks] would write their own encryption stuff that prevents back-dooring, and now you have "dark net" encryption being used WITHOUT a back door, but only by those with the tech savvy to do so.

In addition, the banking industry and privacy advocates would form an unholy alliance to put a stop to it via a continuous stream of lawsuits.

Consider the history of the DeCSS library for DVD players. That's a good, recent example of what would happen with encryption technology. There will be PLENTY of script-kiddie-friendly utilities available on the dark web. And NONE for the rest of us.

I know politicians are complete idiots but even THEY could realize the obvious in this situation. Just compare it to Marijuana and half of them would "get it".

bombastic bob Silver badge
Childcatcher

"The holy trinity of excuses to take peoples privacy"

it's always like that. see icon. (you're welcome, AC, you couldn't assign the proper icon)

bombastic bob Silver badge
FAIL

Re: get stuffed FBI

"And when criminals also figure out the back door"

that's always the only SANE conclusion anyone can come up with.

Not only that, but THE CRIMINALS will ALWAYS have their:

a) illegal encryption

b) illegal servers

c) illegal weapons

d) illegal whatever

because they, by definition, do NOT obey the laws that regular people are forced to live under.

Back door effect on fightingcrime: ***Z E R O ***

Back door effect on personal security: *** H U G E ***

say buh-bye to intarweb commerce if a back door evar becomes mandatory. That's like a universal skeleton key to every lock.

Devs see red after not seeing Big Red on Stack Overflow database poll

bombastic bob Silver badge
Joke

Re: This will go off-topic, sorry...

To whom it may concern.

I am most certainly fed up with the people being fed up with others being fed up with being fed up, and I am seriously concerned about this line of commentary.

Signed: B F Problems, Major (U.S. Army, retired)

[need 'Python' icon]

bombastic bob Silver badge
Devil

Re: Well there are also missing dBase and Paradox

and Clipper. can't forget Clipper!

and I once saw this pile of garbage called "nutshell" back in the diskette+IBM XT days - it was SO slow, I think a C64 attempting to run Oracle in a VM would be faster...

bombastic bob Silver badge
Coffee/keyboard

" Pretty much everyone uses MS SQL in enterprise greenfield sites these days"

*choke* - what? my keyboard! (dammit, grab paper towel and start wiping)

You didn't read in the article where MySQL was #1, did you? (or the linked-to page with "last year's results")

I would normally expect PGSQL to do better than Micro-shaft SQL Server [which I refuse to call "sequel" because it's not a sequel to anything] in that survey from last year, but there seemed to be a dis-representative number of "C-pound" and Java SCRIPT "programmers" that took the survey (see the 'languages' part). And having a dis-representative sample gives you skewed results.

Compare this to the TIOBE index, where C-pound reportedly gets ~2/3 of what C++ gets (3.75% vs 5.60% in the latest) and C leads Java SCRIPT by 11.3% to 3.5%, you can see that they have an INaccurate representation of programmers in general on their survey.

Being that I'd expect SQL Server users to use C-pound and Java SCRIPT more than C, C++, and "regular Java", I think SQL Server's "favorable" position compared to PG and SQLite (and maybe even Oracle) is suspect at best, grossly inaccurate at worst.

Still it's a nice survey of "people willing to take a survey that also read slashdot"

And it _IS_ significant that they left 'Oracle' off of the list on this year's survey.

Hold on to your aaSes: Yup, Windows 10 'as a service' is incoming

bombastic bob Silver badge
WTF?

'completely do away with the old-style Control Panel'

how about "completely do away with the 'the Metro' settings" instead?

bombastic bob Silver badge
Big Brother

Re: Timeline...

too late to edit, I just realized I didn't express myself very well...

They're obviously tracking what you do ON YOUR COMPUTER with an ONLINE DATABASE, otherwise it wouldn't be "across devices". In other words, it's integrated spyware, with YOUR ACTIVITY HISTORY being stored someplace that YOU do not have control over, so that "who knows" can go rifling through it looking for 'whatever' that might hurt you or be used against you at some point, even if it's merely for ADVERTISING to you (I don't care, might as well be Mueller fishing for whatever he can find).

That's what I meant to say. yeah, black helicopters for the spying, and also big brother for the new icon choice.

bombastic bob Silver badge
Thumb Up

"I have a crafty way for Microsoft to increase W10's market share by at least 10% in under a month - Include the option of a classic Start menu"

actually, if they ALSO included the option for a 3D skeuomorphic interface, turning off the forced updates, and turning off the ads and tracking, *THAT* would *WORK*!!!

no joke!

bombastic bob Silver badge
Megaphone

"And also because the market is shrinking as people move of desktop for good"

NO. WRONG. NO, NO, NO! People are *NOT* "moving off of the desktop". People are simply *NOT* *UPGRADING* *THEIR* *DESKTOP* *AND* *NOTEBOOK* *COMPUTERS* in significant enough volume as compared to 10 years ago. This is due to SO many factors, with an end to 'Moore's Law" driving 30% improvements every year. In other words, your 10 year old machine running Windows 7 or Vista is "Good enough" so with a new hard drive or some extra RAM, you're doing just fine with the old box, and EVEN BETTER in many ways because it is _NOT_ Win-10-nic!!!

Market measurements ONLY look at NEW SALES. They don't look at EXISTING INSTALLS.

When people buy slabs and phones, they do NOT replace their DESKTOP machines with them. This was the BIGGEST MARKETING BLUNDER that Micro-shaft made when they went with Windows "Ape" and that major cluster-blank "the Metro" interface, and THEN went with their "one windows" strategy and Win-10-nic [even worse than before].

Micro-shaft is WRONG about the market. Plain and simple. And that's why Win-10-nic is FAILING. When Win "Ape" and WIndows 7 machines were next to one another on the display shelf, guess which one was selling? You got it, Windows 7. Micro-shaft doesn't LIKE us rejecting their "shove it up our rectum" operating system, and so they SHUT DOWN ALL OTHER ALTERNATIVES. Now it's "take Win-10-nic or we shove it up your ass" for a new computer. Nobody likes having computers and operating systems shoved up their ass. A lot of people just tolerate it, or don't care enough. Maybe they like it who knows. Whatever tips their trigger.

At any rate, if Win-10-nic were so popular, then WHY! MUST! MICRO-SHAFT! ADVERTISE! IT! ???

bombastic bob Silver badge
Unhappy

"The main reason that it is gaining ground is that you can't buy a new consumer computer without the win10 crap on it."

and the 2nd reason is that it's getting difficult to locate a version of Win 7 that is legal to use...

/me wonders if a Meltdown/Spectre fix for Win 7 will _EVER_ be released... thus forcing everyone into Win-10-nic

bombastic bob Silver badge
Unhappy

Re: It's an OS not an Ecosystem

if it's an "ecosystem", then my privacy has become an ENDANGERED SPECIES

bombastic bob Silver badge
Thumb Up

Re: "sending activity history to Microsoft's servers"

42th upvote. you're welcome

bombastic bob Silver badge

Re: Fluff

"Stop trying failing so hard, Microsoft."

fixed it for ya. you're welcome.

bombastic bob Silver badge
Black Helicopters

Re: Timeline...

obviously they're tracking what you do ONLINE, otherwise it wouldn't be "across devices"

bombastic bob Silver badge
Devil

Re: Who didn't see this coming?

"For only $99/year we can keep your PC uptodate."

Linspire tried that, and it failed. but it was nice, for a while, being able to purchase inexpensive PCs with Linspire pre-loaded. [then I would put Debian on them]

bombastic bob Silver badge
Unhappy

Re: Who didn't see this coming?

"I wonder how long it'll be before there's a monthly subscription charge"

'Not Soon Enough' as far as Micro-shaft is concerned

Memo man Damore is back – with lawyers: Now Google sued for 'punishing' white men

bombastic bob Silver badge
Coat

Re: and not based on their individual merits?

You'd think he'd be able to find a job based on his "merits"

well, not having seen the guy's resume, who knows. I'd suggest that he leave silly valley and go to Texas. Silly Valley has probably labeled him "troublemaker", and there's no casting couch big/wide enough for him to get his 'favor' back. OK that last part was kinda, bad. coat, please.

bombastic bob Silver badge
Devil

Re: I am confused

well, NO discrimination is the best idea, but if you do THAT, and the hiring environment is basically what Damore said it is [mostly white men applying], then you're gonna get sued, regardless, because, lawyers and insane people who can't simply ACCEPT that they don't discriminate [until they HAVE to discriminate, because,REVERSE discrimination, which is PROBABLY true in this case, out of self preservation].

That being said...

If employees could be discriminated against for their POLITICS, they should just shut the hell up about it when at work. After all, business is business, and politics is politics. Happy customers/employers keep you employed and are more likely to give you raises.

And then as long as "the workplace" doesn't use what you say on line ON YOUR OWN TIME [assuming it disagrees with them\ and you're not violating any laws or revealing trade secrets, if they were to discriminate against you BECAUSE of your 'after work' politics, they'd be "sue-able" I'm pretty certain. And the lawsuit would be completely justified.

Anyway, my $.10 . It's not so bad being a techno-whore. If the guy with the money that hires me is a total lefty, I'll just say "yes, sir" and shut the hell up if he says something "left-ish". He's paying the bills, after all.

So - did Damore possibly INVITE the discrimination from past behavior? Just curious...

Who's that at Ring's door? Why, it's Skybell with a begging cup, er, patent rip-off lawsuit

bombastic bob Silver badge
Coat

Re: They have a case?

'This is sort of like the dotcom era patents that were basically "X, but on the web" and more recently "X, but on a phone".'

Next might be "X but IN! SPACE!!!"

getting coat, now...

WD My Cloud NAS devices have hard-wired backdoor

bombastic bob Silver badge
Unhappy

Re: WD firmware version

'Goodbye "cloud" I'm done with you.'

Sadly that may be the only alternative...

Still, it would seem to me that *maybe* an 'Open NAS' or equivalent might work on those drives...

(has anyone tried to load it?)

If another OS _can_ be loaded on those devices, maybe THAT is the fix?

bombastic bob Silver badge
FAIL

it's the 21st century and they're still...

and they're STILL hard-coding back doors into their stuff, EVEN THOUGH it has been proven time, and time, and time, and time, and time ... again that DOING! THAT! IS! BONEHEADED! STUPID!!!

Anybody got a CLUEBAT for these idiots?

There may have once been a reason for this, for vertical market systems NOT on the internet, so you could go to a customer site and un-brick "whatever they did to it". Since the 90's, that has become *INCREDIBLY* *STUPID* to do. A physical reset button with a 'password reset' command of some kind would be a better idea, but NOOooo they had to do a BACK DOOR with a HARD CODED USER/PASS combo.

Nice. Job. Not!!!

Elon Musk lowers his mighty erection for test firing: Falcon Heavy preps for maiden voyage

bombastic bob Silver badge
Devil

putting a fueling station into orbit

something that a "super-heavy" might be really good for...

if travelling to Mars or the moon becomes more common, it's a fair bet that ships (yes ships) would want to refuel in low earth orbit, and how do you get the fuel "up there"? With super-heavy boosters!

Also components for building a REAL space station, like the one we see in the 2001 movie, would requier "super heavy" boosters.

Note I'm suggesting a Falcon Super-Heavy here because 70 tons is kinda small when it comes to things like fuel and water+supplies for space hotels and interplanetary travel.

Q: how many additional boosters can you strap onto a Falcon Heavy before it can't handle the load?

A: let's find out! [but first, get the Heavy off of the ground, and launch something more useful than a car]

Supremes asked to mull legality of Silicon Valley privacy 'slush funds'

bombastic bob Silver badge
Unhappy

EFF appearance of impropriety

Considering what the article said about the EFF, I have to wonder if the appearance of impropriety, i.e. taking money from Google (and maybe Facebook), and then declaring that there are no privacy violations with either of these [both known to hoover up our information and track us], even though it's always "opt out" and never "opt in". And in some cases I suspect there _IS_ no 'opt out'. Youtube is apparently NOT complying with privacy settings when you select "do not track", as one example, so when I look at embedded youtube on a web page, I often see a 'privacy settings' warning [I didn't want autoplay videos anyway, so it's just as well].

The message I typically see looks like this (in lieu of the embedded video):

"This embedded content is from a site (www.youtube.com, flickr.com, etc) that does not comply with the Do Not Track (DNT) setting now enabled on your browser." And there is a button to view the embedded content.

(this was on a site that apparently serves up that particular warning if it detects you selected "do not track" options in the browser)

OK, so _HOW_ can Google (owner of youtube) get any kind of FAVORABLE acclaim from EFF regarding privacy, when they (allegedly) do NOT comply with the 'do not track' policy you select in the browser???

Or, the site that serves up that particular warning ought to stop misleading people... assuming they're NOT correct (and I suspect they _ARE_ correct).

Methinks there is a foul smell in the air, and it's not a good one for privacy for the individual.

I like a lot of what the EFF does and stands for. Some of it irritates me. If sending them money could sway their position on a few things, then I might consider it, if I _HAD_ that kind of money, at any rate...

You GNOME it: Windows and Apple devs get a compelling reason to turn to Linux

bombastic bob Silver badge
Happy

Re: "They also tend to swallow Micro-shaft's coolaid, i.e. ".Not" "C-pound" and "UWP"."

"Actually, they don't - some small shop do, but big ones don't - and that's always been a thorn in MS side."

I would *REALLY* *LIKE* to see more evidence of that (what YOU said), because it's what I _WANT_ to hear, but I have been hearing nothing but the MS coolaid mantra for so long that maybe my perception of this situation is off... because the perception Micro-shaft wants people to have is that it "everyone" is doing it Micro-shaft's way [whatever that might be this month] and as such, if you're not on the SAME bandwagon, you're an old, stick-in-the-mud, obstructionist dinosaur that should have gone extinct already.

bombastic bob Silver badge
Devil

Re: lack of good tools for GUI development

"The Visual Studio debugger is light years ahead of GDB in every way possible. And has been for decades."

not really. gdb was intended to have a wrapper around it, as I understand. It's a lot like the old codeview application, but simpler. Also similar to the way kernel debugging works, for those of us who've done that.

DevStudio's debugging interface isn't any better than 'ddd' as far as I am concerned. In fact, I think it's HARDER to use DevStudio nowadays (compared to '98 which was probably the BEST version for people who like to type and not mousie-clickie every damn thing), with the way the hotkeys and toolbars and displayed source files have been screwed all to hell (as far as I can tell, anyway). It was MUCH easier (and saner) in "the old days".

If you've ever used 'ddd' (a GUI wrapper around gdb) you'll see an example of GUI integration around gdb, which is as good as anything else as far as I'm concerned.

Where 'ddd' falls apart is when you set a breakpoint during event handling from X11 from within the SAME desktop as the process being debugged. Basically there's a lock on the X server so everything freezes up due to the 'deadlock'.

So, there are 2 basic solutions to that: a) use a separate desktop (which I already do) for the debugging session, and b) fix the interface (i.e. re-write your own gdb wrapper) so that it unlocks the X server across debug breakpoints. Managing the 2nd option may require some clever hacking. But I intend to give it a good try anyway.

The X11 library has a locking mechanism for multiple threads accessing the X server, mainly XLockDisplay() and XUnlockDisplay() (if you initialize it for threaded behavior; I keep the events in the main thread to avoid problems). Additionally, you can lock/unlock the server itself via XLockServer and XUnlockServer (you sometimes need to do this with certain operations, like mouse-dragging). These may be implicit with certain kinds of X11 library calls and event handling itself. So if I spend some time digging through the X11 library I bet I'll find something _like_ this being used during event processing, locking the X server (or the library) for concurrency reasons. I would then intercept that when I hit a breakpoint, shut it off while in the debugger GUI, and re-do the state prior to returning to the program.

So yeah once that's solved, everything's good again, you can debug in X11 and Micro-shaft can keep their bloatware developer studio and any incarnations they attempt to make runnable on Linux.

[and I doubt Wayland would "fix" anything, either - it would probably make things WORSE]

bombastic bob Silver badge
Flame

Re: Drinking the Koolaid?

"when those behind it take weird decisions, such as removing menu icons and mnemonics"

Ack. I concluded that the gnome 3 dev team is a closed "in a bubble world" set of millenial-minded "developers" that fall into the following traps:

a) they like the 2D FLATSO because THEY *FEEL* it is "cool" or something...

b) they "feel" they know better than YOU do how to use YOUR computer

c) they are 4-inchers - i.e. they do MOST things on a 4" screen

d) they lack the experience that resulted in the original 'WIMP' solution (like using DOS systems for years).

e) they INSIST on FORCING people to use THEIR way [i.e. they're ARROGANT ELITISTS]

only a very young person would even DARE to use 'soft color on white' for a user interface, because "pretty much" everyone over 35 needs glasses to even SEE that, let alone the low contrast color-only distinction. Keep in mind that rods are more common than cones in the retina, but rods respond to luminocity, and cones to color, so people over 35 generally need some pretty THICK glasses to read text that is light blue on white... and only a CHILDISH IDIOT would _INSIST_ on that in the FIRST place! Right 'Australis' inventors? Right, Chrome "developers"? Right, Micro-shaft?

Gnome 3's devs are WAY too much like the arrogant idiots (that horked up Win-10-nic) over at Micro-shaft, for this very reason. WAY too many similarities.

It's why Mate forked, why Devuan exists, and why there is so much OUTRAGE every time you mention gnome 3, systemd, or wayland.

Linus on gnome 3

bombastic bob Silver badge
Devil

Re: Adobe Creative Suite on Linux...

"QT as the GUI framework then?"

works for me! then, it would be totally cross-platform. and commercially supported.

bombastic bob Silver badge
Unhappy

"It's because they don't know any better?"

more like, commercial software vendors don't know any better [and do not produce Linux versions]. They also tend to swallow Micro-shaft's coolaid, i.e. ".Not" "C-pound" and "UWP"...

collective wisdom in the decision-making positions seems to be lacking, yeah.

bombastic bob Silver badge
Devil

lack of good tools for GUI development

I've been working (for years) on a decent tool for GUI development with X11. If I could get paid for it I'd have it done by end of 2018...

(the intent is to have a Win32 layer so the same code builds/runs on both windows AND with native X11 libs).

My main motivation for NOT using GTK is the way it handles dialog boxes and edit windows. I don't like it. Instead I'm doing something that uses native X11 calls. The edit window is about half-working, the clipboard works properly, most of the dialog box features work, but it lacks completion of the edit window [including a working undo buffer], some dialog box features, a dialog box graphical layout editor, property sheets for configuring the application, a refactor tool, integrated gdb debugging, something to work around X11 server lockup if you break in the middle of an X11 call, and the "wizards".

yeah a lot left to do, but I could STILL do a basic dialog box application with it right now...

the intent is to make it work like devstudio, without the crappy/irritating interface - more focused on typists and power users instead of VB "programmers".

bombastic bob Silver badge
Mushroom

Re: Example in today's news: Unimpressed by Gnome

"won't-work-on-Wayland"

THAT explains it! @#$$%(*#@$&* WAYLAND!!! (that thing needs to *DIE* by being *MURDERED* *TO* *DEATH* and *BURNED* *WITH* *FIRE*)

Wayland: NUKE IT 'TILL IT GLOWS, then SHOOT! IT! IN! THE! DARK!!! (and buried under tons of concrete in a grave next to systemd)

bombastic bob Silver badge
Mushroom

Re: Unimpressed by Gnome

ACK on the influence by Gnome 3 "developers" on Mate. I have trouble running certain mate applications (like pluma, for one) when I do the following:

su - differentuser

export DISPLAY=localhost:0.0

pluma &

it gripes like hell at me and won't load the settings properly. same with Atril.

Additionally, if I'm running a fluxbox desktop via tiger VNC (so I can user vncviewer and debug X11 applications from within a GUI without the server hanging) and I run 'mate-terminal' I can't save the settings, nor can I run it without the "--disable-factory" paremeter [or it crashes]. this is on FreeBSD by the way, and this USED to work PERFECTLY a couple of years ago with gnome 2 and so I have to ask, W.T.F.? dd the Mate devs _DO_ to make *THIS* a problem, now? I suggest they followed _SOMETHING_ _CRAPPY_ that the Gnome 3 "developers" did, probably with gsettings or systemd or both.

bombastic bob Silver badge
Alert

Re: Example in today's news: Unimpressed by Gnome

"GNOME 3.28 Removes Option to Put Icons on the Desktop"

Then *WHY* *HAVE* *A* *DESKTOP* if you can't put icons on it? What ARE you going to put on it, *ADS*???

bombastic bob Silver badge
Meh

Re: So, 2018 will be the year of the Linux desktop because of Gnome?

"Android? Seriously?"

ACK - the button-icon-menu (think 'Unity' yeah) interface that 'droid is famous for works very well on phones and devices (like slabs) without keyboards. Once you have a mouse and keyboard, it *STINKS*.

Apple has OS/X _and_ iOS with different interfaces that make sense for the use case. "Everybody Else" (Especially Micro-shaft) needs to STOP IT with the "one interface" crap.

If 'droid had a MATE-LIKE interface on the desktop, though, I'd be VERY happy with it! That assumes it's not 2D FLATSO. 2D FLATSO is a _major_ DEAL BREAKER with me. But Google has a history of that with Chrome. So I doubt their internal culture of arrogance would excrete ANYTHING ELSE...

bombastic bob Silver badge
Trollface

Unity would be a "poor win 8.0 clone"

(or maybe the other way around? I think Unity came first...)

bombastic bob Silver badge
Unhappy

Re: Discuss

"This piece sound like a panegyric to Gnome"

right, and I was thinking about Mate (and why I use Mate instead of Gnome 3) while reading it...

Cinnamon seems to have the best "windows-like" appearance, and Mate the best overall [my $.10 worth]. Gnome 3 is what the millenial "shove it up your rectum" types *FEEL* we should have. Same *kinds* of people seem to drive Firef*x Australis and Chrome's UI.

nevermind "the rest of us" particularly power users...

US Senators force vote on Ctrl-Z'ing America's net neutrality death

bombastic bob Silver badge
Devil

"The floor of the Senate"

"The floor of the Senate" (and/or the House of Representatives) is where all of this should have been decided in the FIRST place.

Having an executive branch LEGISLATE is JUST WRONG. That's effectively what 'net neutrality' was when Obaka's administration's FCC people tried it.

Bureaucracies are supposed to IMPLEMENT and ENFORCE, not legislate.

If the Senate and H.R. pass net neutrality, and Trump signs it, it will become law.

If they do not pass it, it SHOULD NOT BE IMPLEMENTED by the F.C.C. or any OTHER agency (thus circumventing the legislature).

That's how "separation of powers" are SUPPOSED to work. it's why I'm glad Pai SCRAPPED it.

It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

bombastic bob Silver badge
Trollface

windows forced-update blues

to the tune of "I Dream of Jeannie"

Blue Screen

Here comes another... Blue Screen

Looks like another... Blue Screen

Windows forced-update blues!

Nice! Job! There! Micro-shaft!

bombastic bob Silver badge
Devil

athlon

a quick google search shows that there are 3.5Ghz 64-bit quad core Athlons out there... not exactly 90's tech.

Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

bombastic bob Silver badge
Devil

Re: Data breeches

(voice of Samuel L. Jackson) "Honey? WHERE is my CYBER SUIT?"

bombastic bob Silver badge
Thumb Down

Re: We have only ourselves to blame

blame the victims. nice. job.

bombastic bob Silver badge
Devil

Re: OK, I'll bite

"Get security at the cost of performance by properly flushing the pipelines between task switches."

I would think this should be done within the silicon whenever you switch 'rings'. If not the OS should most definitely do this. Does the instruction pipeline (within the silicon) stop executing properly when you switch rings, like when servicing an ISR? If not, it may be part of the Meltdown problem as well, that is the CPU generating an interrupt, which is serviced AFTER part of the pipeline executes. So reading memory generates a trigger for an ISR, but other instructions execute 'out of order' before actually servicing the ISR...

I guess these are the kinds of architecture questions that need to be asked by Intel (and others), what the safest way is to do a state change within the silicon, and how to preserve (or re-start) that state without impacting anything more than re-executing a few instructions...

So I'm guessing that this would need to happen:

a) pipeline has 'tentative' register values being stored/used by out-of-order instructions, branch predictions, etc.

b) interrupt happens, including software interrupts (executing software interrupts should happen 'in order' in my opinion, but I don't know what the silicon actually does)

c) ring switch from ISR flushes all of the 'tentative' register values, as if those instructions never executed

If that's already happening, and the spectre vulnerabilities can STILL leverage reading memory across process and kernel boundaries, then I'm confused as to how it could be mitigated at ALL...

the whole idea of instruction pipelining and branch prediction was to make it such that the software "shouldn't care" whether it exists or not. THAT also removes blame from the OS, really. But that also doesn't mean that the OS devs should sit by and let it happen [so a re-architecture is in order].

But I wouldn't blame the OS makers at all. What we were told, early on, is that this would speed up the processors WITHOUT having to re-write software. THAT was "the promise" that was broken.

bombastic bob Silver badge
Devil

Re: OK, I'll bite

"OS developers decided to begin with that it was worth the risk to gain extra performance by not flushing the pipeline."

read: they used CPU features as-documented to avoid unnecessary bottlenecks

The problem is NOT the OS. It's the CPU not functioning as documented, i.e. NOT accessing memory in which the page table says "do not access it", even if it does so only briefly. The fact that a side-channel method of detecting this successful access exists does not preclude the somewhat lazy method in which Intel's code checks the access flags when out-of-order execution is happening. Security checks should never have been done after the fact, and yet they were.

(my point focuses mostly on meltdown; branch prediction is another animal entirely)

In short, Intel's benchmarks could have been *slightly* faster (compared to AMD, which apparently doesn't have THAT bug) because they delayed the effect of security checking just a *little* bit too long...

fixing that in microcode may not even be possible without the CPU itself slowing down. If AMD's solution was to have more silicon involved with caching page tables so that the out-of-order pipeline's memory access would throw an exception at the proper time, then Intel may have to do some major re-design.

So you could argue that NOT doing these security checks "at the proper time" within the out-of-order execution pipeline may have given Intel a competitive advantage by making their CPUs just 'faster' enough to allow the benchmarks to show them as "faster than AMD".

And it's NOT the fault of OS makers, not even a little. They were proceding on the basis that the documentation represented what the silicon was really doing. And I bet that only a FEW people at Intel knew that the security checks on memory access were being 'delayed' a bit (to speed things up?).

It's sort of like only a FEW people at VW knew that their 'clean diesel' tech relied on fudging the smog checks by detecting that the car was hooked up to a machine and running a smog check, and thus alter the engine performance accordingly so it would pass. THAT gave VW competitive advantage over other car makers. Same basic idea, as I see it.

Security hole in AMD CPUs' hidden secure processor code revealed ahead of patches

bombastic bob Silver badge
Devil

Re: BIOS updates? What BIOS updates?

"What happened to BIOS initializing enough hardware to load the boot block and then handing everything else off to the OS"

Micro-shaft and DMCA and gummints - OH MY!

I'm happy to see things like "secure boot" and "management engines" and whatnot blowing up in the faces of the designers. Maybe it will *FORCE* them to adopt "the simple solution" instead...

GIMPS crack whip on plucky processor to find largest prime number

bombastic bob Silver badge
Devil

"Known as the Sieve of Eratosthenes."

thanks, I obviously hadn't heard of that one.

bombastic bob Silver badge
Devil

"Whenever we had to find prime numbers at school the ones I 'found' were usually divisible by 3."

yeah too much busywork, doing all of those divisions. Imagine doing it WITHOUT an electronic calculator. That would be when _I_ was in school... through Jr. High anyway.

thinking of high school, I had a friend who came up with a really interesting way of calculating prime numbers. He proposed prime numbers "by addition", basically a set of 'for' loops that marked an array (you could use a bit array) for every value divisible by 'n' and then you just examine the array afterwards and print out anything with a zero in it. It would be significantly faster than dividing by every odd integer <= sqrt(number), but maybe not faster than dividing by "discovered prime numbers" <= sqrt(number). Anyway, for a value of this magnitude (re: article's number), I think you'd run out of RAM...

(then again it's only 2 ^ 77 million, so perhaps not?)

Whizzes' lithium-iron-oxide battery 'octuples' capacity on the cheap

bombastic bob Silver badge
Pint

Smells of proper scientific research to me

agreed. You sir, deserve a beer, AND upvote number 42!

bombastic bob Silver badge
Devil

Re: Oh look, another one.

"only gets accepted for publication or considered by journalists after a working prototype is available"

that wouldn't be scientific, that would be like "flat earth" thinking. Publishing 'unproven' ideas for peer review, PARTICULARLY before having a working prototype, is ALWAYS a good idea. It also helps you to establish ownership [they should get a provisional patent, too].

I can think of many things that have fallen into the 'unproven' category (at least at one point in time), like Evolution, the Big Bang, nuclear power, Einstein's theories, black holes, and television. In fact, I understand that someone had constructed a model of a color picture tube using sugar cubes, and used THAT to obtain a patent, which RCA allegedly had to license before they could produce color TV picture tubes with multiple electron guns... so yeah, theory shouldn't be restricted from publication until "after a working prototype is available". That's just ridiculous.

It's also a good strategy to publish FIRST (before you have a working prototype). In this case (as an example), battery makers should NOW 'want in' on their 'iron oxide' design. Some smart battery maker will likely invest some time+money into building prototypes, licensing the design with an really good contract, and maybe even having exclusive rights (for a little while, at least).

bombastic bob Silver badge
Happy

Re: Dear Mr Musk....

not just Elon's money, but EVERY! LAPTOP! COMPUTER! MAKER! and EVERY! PHONE! MAKER!

This is the best news in battery tech since the announcement of Aluminum in lieu of Lithium a couple of years ago [I remember reading about it on El Reg].

But if the batter is MORE STABLE (particularly with respect to gassing, a problem I've had to deal with in hardware I've been working on), then it's even MORE awesome!

yeah, nothing good happens when your aging LiPo batteries look like pillows...

[the other day I accidentally shorted one and it swelled up like a balloon in about 5 seconds, got hot enough to melt plastic - I put it under running water and it shrank down flat almost as quickly, but couldn't hold a charge any more]

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

bombastic bob Silver badge
Devil

Re: Error?

"The mitigation would be to only allow it access to low precision timing."

They should all truncate it to millisecond resolution then. Why does javascript need microsecond-level performance timers?

/me points out that I've profiled code effectively with millisecond-level resolution, MANY times. I'd explain why it works, but would probably get a dozen or so off-topic replies, half of which would contain pejoratives and whining about me using CAPITALIZATION for emphasis. I tried to explain it once on a Microshaft forum when I was profiling early insider versions of Win-10-nic that way, and I don't think they liked what I found, so I got "the flack about my methods" instead of a REAL discussion.