* Posts by Steven Knox

860 publicly visible posts • joined 13 Feb 2007


NOTW hack-hackage: Inside the personal data press mess

Steven Knox

Not Not

The sentence is simply a mess. Intended reading (I presume) is:

Lord Phillips (para 127 and 128 of Naomi Campbell*) has made an interpretation of section 32 which effectively ignores this agreement (which said the exemption only applied prior to publication), to one that continues after the time of publication.

Of course, this means that "to one" references a noun which is in an aside ("the exemption"), which is messy if not wrong, and there is no verb for "to" to modify.


Lord Phillips (para 127 and 128 of Naomi Campbell*) has made an interpretation of section 32 which holds that the exemption continues after the time of publication, effectively ignoring the aforementioned agreement .

Simpler, shorter, and uses "aforementioned": a word which is definitely not used enough nowadays.

Flashy Intel flash specs leak

Steven Knox

If it's in PowerPoint....

It's way past the sensitive stage, and was probably intended to be "leaked".

Oh, and Simbu, a 2-million-hour MTBF does not mean the drive is not likely to fail before then. In fact it has a 50% chance to fail before then.

NetApp patents Hybrid Aggregates, sneers at PCIe

Steven Knox

Apple Tarts and Blueberry Pie

Aggregates are not LUNS. Aggregates are storage pools. They may contain many volumes, each of which may or may not be a LUN.

Having said that, I agree that this feature is already available from all vendors I'm aware of.

Canada buys Obama's reject Brit choppers for spare parts

Steven Knox

Yeah, but

In the 1990s, $500millon CDN was only about $49.24 US.

Back to gaslight, coal and steam power - it's the future

Steven Knox

You're making the false assumption that current processes are 100% efficient.

"So you can turn coal into electricity at about 50% efficiency releasing CO2,"

Yes, but remember that 50% is comparable to 33% efficiency for current processes. So you're already getting 1.5x the energy out of the coal to start with.

Now let's assume that all of the _extra_ electricity is used to convert the waste CO2 into fuel.

That would mean that , at the end of this proposed process, you will have obtained:

A. the same amount of energy you would have obtained with the current processes, and

B. fuel to burn for more energy.

This, as opposed to the current processes, which gives you A and waste.

Which would you prefer?

This is not to mention the following quote from the article:

--If hybridised with coal-gas burning turbines this could climb to 80 per cent.--

which would mean that you'd get about 2.4x the energy out of the same amount of coal than the current processes gives.

Apple dealers hit with Lion bar

Steven Knox

True, but of couse...



It's called business.

Google bypasses admin controls with latest Chrome IE

Steven Knox

In Good Company

'Last month, Russell briefly touched on Google's technical workaround – which involves the use [of] Browser Helper Objects (BHOs) – but he provided little detail.

"A very small portion of Chrome Frame lives inside the process space of IE," he said. "This is how BHOs – which are these little processes that IE decides to launch at startup time – work. We need some way to get Chrome Frame loaded. We figured out a way to do that. So once that's done, everything else can work as normal. We just have to be inside the process space." Google can do so even if the user doesn't have admin privileges.'

This is also how many of the malware exploits (esp. spyware) for IE work. Surely code that circumvents the security measures of a piece of software would be reported by the discoverer to the developer, and the developer would patch the hole? Or is the BHO mechanism intended to allow users to run anything regardless of administrative policy?

I'll leave it up to you to decide if this reflects badly on Microsoft or Google or both.

Refusal to unveil scuppers French refusal-to-unveil trial

Steven Knox

In this case, yes.

European Convention on Human Rights, Article 9, Para. 2:

"2. Freedom to manifest one's religion or beliefs shall be subject only to such limitations as are prescribed by law and are necessary in a democratic society in the interests of public safety, for the protection of public order, health or morals, or for the protection of the rights and freedoms of others."

Note the "and" between "prescribed by law" and "necessary in a democratic society...." That means that France can't just pass a law that restricts a religion, they have to prove that said law is necessary for one of the reasons listed thereafter. Given that many democratic societies flourish without a ridiculous law like the French one, I doubt they'll be able to prevail.

Apple iOS 5 gets web 3D...for ads only

Steven Knox

Or more obviously: Money

By only allowing it in iAds, Apple provides a differentiator that they can use to get more advertisers to buy into their platform.

As for a malicious app that would lock a mobile device and pemanently drain the battery, that's nonsense. Any sane user, upon having their device lock up, would simply hold down the standard, internationally recognized power button... oh, wait, iPhone doesn't have one of those. Well, then you could just remove the battery... oh, wait, can't do that on an iPhone. You could, of course keep these directions handy: http://www.wikihow.com/Hard-Reset-an-iPhone. But I suppose that's too technical for fanbois. So we'd better keep the technology out of their hands until it can be fully sanitized.

Or maybe like I said before, Apple is just trying to drum up iAd sales.

At any rate, I'm more interested in how Apple makes it available through iAds and not elsewhere. Is there a verification server, a cached whitelist, or is it something as simple as sniffing an element or attribute?

My guess is it's something that can be fudged, and someone will do so within a day or two of release.

Nintendo: no DVD, BD playback for Wii U

Steven Knox


A video stream is, well, a stream. All you need is a specific level of bandwidth with relatively low latency. You don't need the 3rd minute of the movie until 3 minutes in.

A modern video game, on the other hand, is a combination of video, audio, graphics, models, and physics and gameplay logic which has a very different load profile. You usually start by loading an intro video, which hides the fact that behind the scenes, you're loading a huge chunk of logic and assets. It's this initial load which requires bandwidth beyond what even excellent internet connections can handle -- yet.

That's why games still need a local format. For now.

Nissan car secretly shares driver data with websites

Steven Knox

@Ian Michael Gumby

"But you do realize the irony is that while you're saying "Meh... no big deal..." you do realize that if this were the US or Brit government doing this... you and 100 other commentards would be screaming bloody murder."

On the contrary, I would LOVE it if the government only collected about a dozen relatively unimportant pieces of information about me, and did so only when I accessed a completely optional feature of a non-critical add-on to a device I would use only sparingly to begin with.

I agree with your assessment of the real problem. I said "no big deal" about the effects, not about the cause. Sorry if that didn't come across.

I also want to acknowledge that Gettin Sadda is correct in that the feature I mentioned that is at the heart of this is not an emergency feature, but an informational one.

Finally, I'd like to mention that Nissan DOES tell customers that they are capturing the car's telemetry and provide an opt-out. They even go so far as making it happen every time on startup. See http://seattlewireless.net/~casey/?p=97&cpage=1#comment-7956 for reference. They don't tell customers that they're sharing that with every site (as I said before, probably because they didn't intend to), though, which is where the problem mentioned here comes up.

Steven Knox

Okay, tinfoil hats off for a second here...

"Each time the driver accesses a given RSS feed, the car's precise geographic coordinates, speed, and direction are sent in clear text. The data will also include the driver's destination if it's programmed in to the Leaf's navigation system, as well as data available from the car's climate control settings."

1. None of these are particularly sensitive pieces of information to begin with, unless you're REALLY paranoid. The worst one I can see is programmed destination, and then only if you're doing something really embarrassing.

2. This is likely a programming oversight (i.e, dev 1 wrote a function to send HTTP requests for the emergency function, dev 2 (or even 1 again) re-used it without thinking about the additional data being sent.) While this is not a good thing, Nissan should be able to (and just should) provide a means for users to get a firmware update that fixes this.

3. Bear in mind that this data is only sent to sites you've subscribed to, WHEN YOU REQUEST THEM. So it doesn't provide real-time tracking, only datapoints telling providers when and where you're looking at their data. So only add feeds you trust, and only check your RSS feeds when you're sitting stil at an innocuous location, and don't have your mistresses' locations programmed into your GPS, and you're fine. If you're really worried, just don't use the CarWings feature at all.

4. I certainly hope SPEED is 0 while you're fiddling with the RSS feeds. If not, kindly hit the nearest obstacle that won't cause any harm to the rest of us and shuffle off, won't you? There's a good chap.

Cue the downvotes and FAIL icons from people who haven't read and comprehended the article and/or the original blog post and don't get how easy it is to avoid this info being sent to begin with.

Cambridge startup launches world's first white space radio

Steven Knox


"... use to fill the empty spaces. "

Now I'll have Pink Floyd in my head for the rest of the day.

IATA: this iPad could BRING DOWN A PLANE

Steven Knox


I'm guessing none of that equipment is over 10 years old (with the possible exception of the guitar amplifier, esp. if you're a tube purist).

In contrast, commercial aircraft can remain in service for over 50 years, so we still have some planes out there that were built before I was. Even for aircraft replaced ever 20 years or so, new craft are still often built based on older designs.

I'm barely new enough to handle interference from modern electronic devices, so those older planes/designs haven't a chance.

(and BTW, your devices do interfere with each other -- your cell phones will induce signals in speakers, for example. You've probably just tuned it out.)

Steven Knox

A Title

At least this part appears to be proper science:

'Dave Carson, a Boeing advisor, reckons portable devices radiate signals that can disrupt electronic sensors hidden in a plane's passenger area, ABC News reports.

Engineers demonstrated how hidden signals from electronic devices were far above those which Boeing considers acceptable for aircraft use. The worst offender for those signals was an iPad, although Blackberrys and iPhones also sit well over the limit, it's claimed.

Newer planes with correct sheathing shouldn't be affected, but older models could remain a problem. In those cases, according to Carson, mobile phones are a genuine safety hazard.'

So unless you have a certificate in determining the age of the plane you're in by glancing quickly at the cabin while stowing your carry-on, just turn the damned toy off unless they say you can use it.

Twitter goes after born-again typosquatter

Steven Knox
Thumb Down

Buy the typos?

"If you have a name you want, then buy the typos. If you didn't then silly you !":

If your trademark is just 5 characters long, and we limit the scenario to typos to possibly accidentally hitting an adjacent key on a standard QWERTY keyboard instead of the correct one, there are up to 59,049 combinations (depending on the specific letters).

Most of the existing laws are old enough that they don't adequately address concerns with electronic information in general, let alone domain names, and there's always the question of jurisdiction. The UDRP simplifies the process while leaving both parties with the right to sue if they aren't happy with the results.

It's too bad you're not trolling. I'd call your post half-passable if you were. You did a somewhat funny thing with the title, there, for example..

Time to say goodbye to Risc / Itanium Unix?

Steven Knox

Missed the point.

"Sometimes, throughput is all that matters, irrespective of investment, because customers (hear banks, trading floors, etc) need to run their workload during a fixed time window which is incompressible. e.g. They have to run their jobs within a 4h hour window and saving $1M on an x86 system that runs in 5h is simpy not an option."

NO. You missed the point. It's not that throughput doesn't matter. It's that you have to get the throughput you need in _the_most_cost-effective_manner. In the scenario above, I wouldn't recommend getting a slower system, I'd recommend getting the most cost-effective system that performed the task needed. Let me give you two example cost scenarios that fit that scenario:

1. Say the x86 system mentioned costs $500,000 while the RISC system costs $1,500,000. If you bought two x86 systems and ran them in parallel, assuming a 10% overhead for synchronization, you could have the jobs run in under 3 hours and still save $500,000.

2. On the other hand, if the x86 system costs $4 million while the RISC system costs $5 million then it doesn't matter how many of each system you get because they're on the same price/performance curve. So you get the biggest that fits your budget, which would probably be the RISC system.

All of this is before factoring in the cost of actually running and maintaining the systems, which could very well be the difference as well. This is also not to mention that you won't have 1 x86 system to pick vs 1 RISC system. You'll have multiple vendors, with multiple solution points per vendor.

So even in the scenario you mentioned, throughput is only part of the equation -- and the the other major part, cost, can still be important enough to change the answer.

Steven Knox

Not quite

"The application software was setup identically on the three configs."

Then it was not optimized for two (if not all three) of the configs.

Now if you want me to take your analysis seriously, please fill in the blanks on these equations:

36,000 x 31,557,600*/(cost of Power7 hardware annualized over depreciation + annual power/cooling costs + initial cost of AIX annualized + annual support cost of AIX)

26,500 x 31,557,600*/(cost of Power7 hardware annualized over depreciation + annual power/cooling costs + + initial cost of Linux** annualized + annual support cost of Linux)

14,240 x 31,557,600*/(cost of Intel hardware + annual power/cooling costs + initial cost of Linux** annualized + annual support cost of Linux)

That'll give you performance per unit of time per unit of currency. THAT will tell you which platform is better, because throughput is not key. Throughput for investment is key.

The Power7/AIX system is just under 253% the performance of the Intel/Linux system -- which means that if it costs 253% of the cost of the Intel/Linux system, it's not as cost-effective overall. (Theoretically, of course -- in real life, you do have some overhead managing workloads across multiple servers which would have to be factored in.)

* (= seconds/year)

**(I hope that one was damned near zero -- otherwise you got ripped off ; )

Red Faction: Armageddon

Steven Knox

Don't ask if you don't want to know...

"Who could say no to a gun that generates a black hole[?]"

An LHC protester?

Unique imagery of Shuttle docked to ISS released

Steven Knox

Re-read the article

It tells you who, what, how, when, where, and (sort-of) why. Reporters love that stuff.

Apple pilfers rips off student's rejected iPhone app

Steven Knox


"On the other hand, I not sure iOS developers have anything to do with the approvals process - so they probably didn't even see it."

From the article:

“They did say that the iPhone engineering team had looked at it and were impressed,” Hughes told El Reg. “They asked for my CV as well.”

Please read next time.

1000 day wait for Sarah Palin emails nearly over

Steven Knox


do you feel you need to see all of these things? Have you required similar documentation from all other politicians?

At least the information requested of Palin is relevant to her service as a public official, and not part of some giant FUD-trawling campaign.

(Oh, and #1, which should be sufficient for those truly interested in Obama's eligibility, HAS been released.)

Android app brings cookie stealing to unwashed masses

Steven Knox

Always-on SSL

It's been time for always-on SSL since about 2005.

But SOME companies still refuse to move to it.

Cellphones as carcinogenic as coffee

Steven Knox

Third option

(3) People *REALLY WANT* mobile phones to be bad for _other_ people.

HTC Sensation dual core Android smartphone

Steven Knox


Clever design would eliminate any landscape/portrait restriction.

The bottom-right corner of the device in portrait mode would be the bottom-left corner of the device in landscape mode (assuming clockwise rotation -- otherwise switch "left" and "right" in the preceding.)

So that would be the logical position to place a power/input connection.

Apple strikes back with update blocking new scareware

Steven Knox
IT Angle


"I run Windows 7 with zero graphical features,"

Really? CMD or PowerShell?

Brit rubbish-dump worms in space station science triumph

Steven Knox

I, for one...

...welcome our new old and infirm musclebound overlords.

"The findings are also expected to prove useful in fighting muscle loss due to old age and illness."

Here comes the zettabyte, says Cisco

Steven Knox


"by 2015, there will be more than two Internet-connected devices for every person on Earth."

Well, there's already significantly more than two for me, so no surprise in my Christmas stocking I guess. How do they plan to force the devices on those that don't want any at all?

Oh... you mean there will be more than twice as many. Well, the only surprise there is that there aren't already more than twice as many internet-connected devices on this planet than there are people. Are they sure they haven't miscounted somewhere?

Biodegradable products are often worse for the planet

Steven Knox
Thumb Down


I use a travel mug. I don't chuck trash out of my car. When I have to use disposable materials, I look for recyclable options and recycle them.

And I still contribute to the problem. Because there are some things I need and some things I want which aren't available in recyclable packaging. And many of those things are themselves not recyclable. I'm quite sure you're the same way -- if for no other reason than the fact that you've used an electronic device to post on this site at least twice. Do a little research on the power requirements, resource requirements, and actual recyclability of your toys (including your share of El Reg's server requirements, natch), then reconsider your words.

So stop pissing on people who are, when taken in perspective, only marginally less responsible than you. Congratulations on your efforts to be ecologically responsible. Now maybe you can work on that shit "holier-than-thou" attitude.

Ten... Core i5 laptops

Steven Knox

I'm pretty sure...

you can get the MBP without Windows.

Apple nemesis sues iOS, Mac, and Android devs

Steven Knox

Hmmm...Putting Your Money Where Your Mouth Is

<-- [aside: Is this supposed to be Project Satan from Futurama?]

Lodsys: "While it is true that Apple and Lodsys have an obvious dispute about the scope of Apple’s license to the Lodsys Patents, we are willing to put our money where our mouth is and pay you something if we are wrong,"

That actually sounds sensible*. Steve Jobs, I know you read this site and all its comments religiously. Will you put your money where your mouth is? Take that 30% commission you're requiring for in-app payments on the iPhone/iPad and put it towards a legal defense fund, perhaps? Yes? No?

* for a patent troll, that is.

Wake up, Linux hippies: No one 'morally obligated' to give back

Steven Knox


and make sure you comprehend it before posting next time, please.

(Here's a hint: the ENTIRE POINT of the article is that the quantity and quality of, and rationale for, OSS contribution is an individual, amoral*, decision. So claiming that Google is somehow right or wrong for their OSS contributions or lack thereof is, in the context of the article, akin to claiming that purple is 5.)

* That's amoral in the literal, correct meaning of the term, not "immoral".

Filesharers spread Allied Telesis networking 'backdoor' info

Steven Knox


"...making security-related documents that are meant to be restricted openly available is seldom a good idea. "


"...making security-related documents that are meant to be restricted is seldom a good idea. "

If your security system isn't good enough to be open to scrutiny, it's not good enough.

Daleks given a well-earned break

Steven Knox


some new creepies.

IMNSHO, the best Who episodes of any series were the ones who introduced new life and new civilizations.

Maybe they should focus on seeking those out. You know, kind of going where no-one has ever been, kind of thing.

Okay, this post has degenerated from an honest appeal for creativity into a really, REALLY bad joke. I'm leaving before it gets even worse.

BenQ W1200 HD DLP projector

Steven Knox


Under Resolution, you listed the supported resolutions, but not the native resolution. I mention this because the company I work for has had more than a few projectors that "support" HD resolutions but are actually 800x600 projectors -- and their downsampling is really crappy.

Fortunately, that's not the case here. From BenQ's product site:

Native Resolution 1080p (1920 x 1080)

McKinnon's mum applauds Obama extradition stance

Steven Knox

No Contradiction.

'The comments appeared to contrast with a recent statement from US Attorney General Eric Holder in which he vowed to take all steps necessary to have McKinnon extradited and “held accountable for the crimes that he committed.”'

No, they don't contradict -- if you understand US political shorthand.

Y'all* do know that it's in neither Holder's authority nor our interests to violate your sovereignty over this, don't you? So he couldn't do more than go through the proper channels, and Obama's statement simply confirms this.

On the one had, you have the AG vowing to do everything possible to bring someone to justice, which (a) is his job, and (b) sounds good to all of the knuckle-draggers over here.

On the other hand, you have the President vowing to respect UK sovereignty, which (a) makes a nice diplomatic sound bite, and (b) sounds good to all of the pacifists over here.

So essentially you get Holder looking more the bad guy than Obama (that's part of any appointee's job) either way this falls out, and the administration as a whole able to say "we tried" to whichever side loses out.

Of course with the rise of the Punditocracy over here, both sides will latch onto whichever statement they hate, so only those of us who can actually think will appreciate this move at all.

Fortunately for Obama, that's his target market.

Unfortunately, I'm increasingly of the opinion that it's not large enough to carry him through the next election.

* a lovely little contradiction, invented by our southern members. I don't use it very often, but sometimes it's the best way to set the proper tone.

Microsoft squeezes out Windows Phone Mango details

Steven Knox


Still no internal memory encryption, without which WP7 is pretty much useless for business.

Timing attack threatens private keys on SSL servers

Steven Knox


No this is the result of a ladder function being directly sensitive to the length of the input. Probably done in an effort to make the ladder function as fast as possible, rather than as consistent as possible. (I.e, it's not timing as in when you make the request, but timing as in how long the request takes to process.)

Their fix makes the ladder function consistent. Me, I'd fix it by adding a random delay adjusted for the input length, thereby teasing fuzzers with what initially looks like it might be a timing exploit candidate but leads to garbage. But I'm a jerk.

Apple admits scareware problem, at last

Steven Knox

Sarcasm Detector.


'Sarcasm? In "Bear Features" post? Wow must be a really stealth one as I tend to have a good detector.'

Try this bit again:

'2. I thought it was totally impossible to get anything untoward on a Mac, regardless of user stupidity? The argument has always used random and meaningless words like "Unix".'

If your detector still did not go off, there may be an issue with it. Please follow these steps:

1. Is your detector a brilliant Apple iRony, or a cheap non-Apple knockoff? If it's an iRony, you're obviously using it wrong, as it's flawless. Please return it along with all of the original packaging. No refunds.

2. If it's a knock-off, well, we don't service those. Sorry.


Steven Knox

That's why they're called "opinions"

I personally consider "retro", "minimalist" and "storyless" positive aspects of a game. You obviously do not. To each his own.

Falun Gong lawsuit skewers Cisco's 'little red' sales book

Steven Knox

I say what I mean and mean what I say

Cisco: "Cisco does not operate networks in China or elsewhere, nor does Cisco customize our products in any way that would facilitate censorship or repression.”

Me: Well, that's totally irrelevant to the point of this lawsuit, isn't it? They're not saying you run the network, and you don't have to customize your products to facilitate censorship or repression -- their inherent design does that (what is a firewall, after all, but a device which prohibits information flow based on a predefined set of rules?) You only have to provide, e.g, sales literature promoting the censorship/repression options built into your systems by design.

@Camilla -- I think you may find it harder for the Falun Gong to find a jurisdiction willing and able to hear any complaints they may have against Huawei -- although I personally love the following excerpt from your quote:

"The social problems caused by the chatting and making of friends by young people on the Internet become more and more serious."

That reads to me a lot like "Damn you kids and your technology!"

Office 15 steals OVERLARGE font, design vision from Windows PHO

Steven Knox


I'm going out on a limb here, to suggest that "Moorea" is a portmanteau of "Moore's Law" and "diarrhea".

It embodies that other common law regarding PC performance: No matter how much the hardware guys improve performance, Microsoft's development teams will come up even with more crap to use up your system resources.

How to choose the right screen size

Steven Knox

@Nigel (b)

But since the article states that you're working off a figure from a BBC survey, we KNOW that you're working with made-up numbers!

Intel rewrites 'inadequate' roadmap, 'reinvents' PC

Steven Knox

Two words: laptops and megawatts

What's the word "megawatts" doing in a presentation about laptops?

Seriously, Intel. Go ahead. Make a megawatt laptop. Please.

When is a database not so relational?

Steven Knox


"The second issue is that relational databases are a poor fit for most software development. "

Most real-world data is relational. The class defined by the term "relation" is a defined subset of the class defined by the term "object". Any developer who can't go from there to developing efficient OO-code that works well with relational data needs to find a new career.

MOST efficiency problems fitting OO development to relational data come from developers who only understand OO development, and can't do set-based programming. So they write these massive loops to load rows into an object one at a time, perform a minor operation on that object and then save the object back into the row. Switching to a non-relational database hides, but doesn't help this kind of hack programming. Using a simple UPDATE statement does.

X-Prize offers $10m for working Trek tricorder

Steven Knox

Missed the Point

X-Prizes prize values have always been piddling, compared to the money you can make selling the device/service after the fact. They generally aren't even enough to cover development costs. Look at the Ansari X-Prize as a good example. None of the contenders spent less in development than the prize was worth.

The point of the X-Prizes seems to be to give a small financial incentive along with some good media buzz to help along a goal which should be feasible with modern technology but appears to be foundering due to lack of interest.

It's more about drumming up press than the actual money. This way, the monetary reward only has to be big enough to impress some low-ranking hack -- no offense intended -- rather than the financial titans who actually have the resources to develop said solution.

Having said all that, I know someone who's developed most of what's necessary already using off-the-shelf components. The only thing missing is the diagnosis engine, which he hasn't developed due to legal concerns...

Steven Moffat fumes over Doctor Who plot leak

Steven Knox
Thumb Down

It's heartbreaking..

because you're trying to hear stories, and stories depend on surprise. So to have some twit who set up a press launch give away his own story ahead of time just to get advance publicity for a show which, let's face it, doesn't even need it and then blame someone else for his own leak. It's just sad, that's all.

Whitehats break out of Google Chrome sandbox

Steven Knox

...and here's another ass-colored hat.

Responsible disclosure is not Communism -- and nobody is requiring security researchers to give the info away. The article didn't say that Google would have to pay for the info. It said that Vupen WOULD NOT PROVIDE the info to Google.

Oversimplifying others' arguments is not a sound basis for your own argument. Nobody's advocating Communism, and only a few of us on here believe there's a government out to get us ; )

Selling anything for "offensive" purposes is not an ethical business practice. Just about any other action by Vupen is acceptable, until you throw in the combination of not even offering the info to Google (i.e, violating a standard white-hat principle by not working towards a fix) and specifically offering the exploit for sale for offensive purposes (i.e, violating another standard white-hat principle by actually using or selling the exploit for use.)

Software is complex enough nowadays that blaming a developer for a security flaw in their millions of lines of code is akin to blaming an engineer because one component of a jet didn't perform to specification. It may make you feel better, but it doesn't make the rest of the jets out there any safer.

Judge approves handover of BitTorrent IP addresses

Steven Knox
Thumb Down

Anyone who downloaded that movie illegally....

...has already paid too much for it.

ICO issues half-baked cookies guidance

Steven Knox

Principle vs Implementation

"Why is there a persisting belief that the internet and web pages makes for a, generally, 'better' interface between users and suppliers."

Because, generally, suppliers' customer service reps get snippy at answering the same question every five minutes for eight hours straight. And users get annoyed when they have to sit on hold for half an hour only to have a rep get snippy with them for asking that same question. So making a good web site that allows customers to get answers to their common concerns without pointless delays or mindless repetition is a win.

Yes, there are some horrible implementations out there, but implementation failures do not invalidate the underlying principle.