Slashdot Mirror


User: ledow

ledow's activity in the archive.

Stories
0
Comments
5,597
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,597

  1. Re:I read your reply, only 2 "disagreements" on Kaminsky Offers Injection Antidote · · Score: 1

    "They told me about the "why" of WHY 2 digit years were used (as well as assembly language): Space & Storage in RAM!"

    Granted. It doesn't make them any less pillocks though, and I mean that in an endearing way. Of course they can't be expected to predict that in 40 years time their software would still be necessary, but equally whoever was responsible for that software should have updated it too - 40-year-old bugs should have been fixed approximately 39 years ago. Or failing that 38 years ago. Or failing that...

    The original programmers weren't "wrong" here (damn right that at some points in computing history, every byte/cycle counted... back when computer menus consisted of "press 1 for invoicing, press 2 for stock control" and - dear God - bring back those days! How many people would actually do a BETTER, more efficient, less distracted, more secure job now if they were told to sit in front of one of those for 8 hours a day instead of a general-purpose OS with access to the Internet!), but the team responsible for such software (either the IT team still implementing it without checking, or programming team for failing to spot such things later on) are still pillocks. If it had been a security problem more than a simple capacity problem, that's still no excuse for not fixing it 40 years later when you *DO* have Gigabytes of storage. The blame is on the *current* programmer / maintainer / IT support team, though, not the original author.

    Run-time error checking (e.g. exception handling) is also another world to compile-time, but I was simplifying in order to make my post sound more impressive (*cough*). I think one of my previous posts on here was about checking damn return values (and how return values / exceptions / error flags etc. are all pretty much equivalent operations but done via a slightly different mechanism - sometimes it differs by as little as what register they are put into, if at all), which pretty much should be written on a little illuminated signpost and screwed to every programmer's retina.

    If return values were checked properly, the Google-researcher-discovered Windows XP vulnerability that was posted on here last week ( http://seclists.org/fulldisclosure/2010/Jun/205 ) , that's been in the OS for however-many years would never have happened. It all stemmed from XSS and other problems but the main point of execution was via an unchecked error return value from a minor utility function that converted hex digits to numbers. This is where things like CVS 'blame' should be wired up to some kind of electric-shock device in the programmer's chairs.

  2. Re:Police & courts have a role too on Kaminsky Offers Injection Antidote · · Score: 4, Insightful

    You seem to wander off-point a lot but the basic gist is that everyone should know how a computer works. Hell, *I* don't even know how a computer works, not really... I can spool off books on the technology, structure, electronics, bus interfaces, caching, logic, programming and the like and still not understand why a missing semi-colon caused quite so much trouble. Or how they layer silicon on the chips. Or why probe a certain I/O port hangs the computer.

    And the way to counter that is NOT to expect the average joe on the streets to understand deep-level programming and computing. That's pointless, because they will never get it, and what they do get will never be accurate (read the recent article on Knuth's algorithms only working as advertised on a theoretical machine).

    It's the same in *ALL* sciences (and anyone that doesn't classify computer science and mathematical sciences as "science" doesn't even begin to understand science), and we can't teach everyone everything. There hasn't been a single person in the world who knew "all of known science" since the ancient Greeks and there hasn't been anyone who knows everything about their own particular area for centuries, most probably.

    We already are completely reliant on computers or robots. If you don't think that, then you're crazy. The problem is that we *can't* rely on the programmers and system engineers that put them together. My computer is currently executing billions of logical operations perfectly and flawlessly every single second. It's timing itself to balance these instructions across two major silicon chips (and dozens of minor chips) that were the mainframe-designer's dream of only 10-15 years ago, without fault, on the order of picoseconds - while those chips are shutting themselves down, speeding themselves up and consuming mere watts of electricity. It's integrating with millions of disparate electronic systems and detecting quantum-level errors in itself and correcting them. If there's a problem, I would know about it almost instantaneously (with certain checks on RAM / filesystem use). This computer, and all the ones I work with, has been doing that for several years 24/7 without failure... even through blackouts, brownouts and power-faults. Hell, it's a perfect operating device, like the one that controls my airbag in my car, the ABS, my bank accounts, every control system on a modern aeroplane, the satellite that gives me television / radio, the Internet, etc. They are all operating virtually flawlessly even across BILLIONS of such devices every day, all day. In terms of engineering that's phenomenal. They do *exactly* as they are told, perfectly, for years on end. Hardware faults are so rare as to be a cause for widespread panic in the IT departments when they happen.

    Trouble is, some pillock put Linux or Windows or MacOS or VxWorks on them, or confused feet and metres, or thought 2-digit-years would always be enough. The fault with computers almost ALWAYS lies with the programmer, not the devices. Most of those problems are so damn subtle you could spend years analysing them and still not work out what happened. Hell, we've had computer chips "designed" by genetic algorithms which perform a specified task better, quicker and cheaper than any chip we've ever designed to do it - and although we know "how" it does it, we still don't understand exactly how it works or how to use that knowledge to our advantage (the anecdote I remember is one about a chip that could distinguish two different frequencies of electrical input - someone threw a GA at the problem and the chip design that resulted was smaller and lower-powered than any human design at the time to perform that task). We can understand the hardware, that's faultless (overall) but the software *always* lets us down and no amount of intent study and education can stop that. Hell, it's almost impossible to write more than a few thousand lines of C (which could execute in less than a few hundred CPU cycles even on the slowest of embedded processors

  3. Eh? on Volume Shadow Copy For Linux? · · Score: 5, Informative

    If you have backups, then moving to LVM is obviously the way to go if you desire snapshots. The others options are short-term hackery, LVM was designed from the ground up to do such things. And Ext3 has nothing to do with the price of butter.

    To clarify, let me rephrase your question for the other way around

    "I was asked to manage a number of *Windows* servers at work. I would like to use volume snapshots to improve my backup scripts and keep recent copies of data around for quick restore. I tried Windows Shadow Copy, but most of the servers I manage run MBR partitions with FAT file systems, so Shadow Copy will not work. I found some versioning file systems out there... Those look interesting, but I need something I can use on my existing FAT file systems. I also found --random freeware--, but it does not yet support my older Windows NT 3.5 servers. What are you using to make snapshots on Windows?"

    Except, in that case, it makes more sense because the filesystem is the determining factor, not the volume management. If you have LVM, it doesn't matter what the underlying filesystem is, really. Stop faffing about - if you have a server, with backups, that you need snapshots on, take the hit and wipe the drives to a config that supports that... while you're there upgrade that damn kernel already. If nothing else, it will test that the backups you're making are actually worth the effort. It's like complaining that 95 on FAT16 doesn't support Shadow Copy. If you absolutely *can't* take those servers down, or am unable to restore your backups to another machine for testing such changes (whether because of compatibility, software licensing and/or bad backups), you have bigger problems than some random desire for a feature you don't actually *need* at the moment.

  4. Weird on Google Researcher Issues How-To On Attacking XP · · Score: 3, Interesting

    It's a bit of a crappy and unreliable exploit to say the least.

    For some reason, my up-to-date Opera on XP SP2 just executes VideoLAN to load a (non-existent) JPG instead of the supposed WMP execution -> vulnerability trick that IE is vulnerable to. VLC then just errors out because the hcp:// protocol is obviously nonsense to it. I assume my copy of VLC is somehow associated with opening unknown protocols in Opera.

    And in the IE case, WMP executes and then ZoneAlarm (ancient version) pops up and asks if I want Windows Media Player to access the local network. Twice. If I Deny, nothing happens. If I allow (both times), Windows Help and Support Center opens and then another ZA popup asks me to give permission for that too (and that says "Internet" rather than local, which would be blocked by default). If I allow that too, I get a copy of Windows Help and Support Center with a search for the nonsense page and not much else. "Computer Information for \\eval(unescape('Run("calc.exe")'))" is what's literally written inside it, and calc doesn't execute.

    My IE, WMP, ZA and Windows Updates on this machine are NOT up to date by any means. The only thing that's up-to-date is Opera. Nothing untoward would have happened under normal usage. So it seems of dubious use at best, it's not a particular killer of a vulnerability.

    However, the technical analysis was quite interesting and the problem basically stems from shitty programming at every level - not checking return values that indicate failure, continuing on and then passing arbitrary (and unescaped) strings to other functions, a cross-site scripting error within the Windows Help internals (due to insufficient escaping of data), allowing script execution to happen again on dynamically-generated script code because someone tagged "defer" (a Microsoft-only invention) to a script tag, and finally a way to avoid a security-related prompt on versions of IE, Firefox and Chrome by hiding the very same code inside an iFrame / Object which executes WMP. It's like a catalogue of errors, some of which have been previously reported and well-known for ages. It's just crap all the way down to actual execution of anything you like using wscript. And that's present in XP - a 9-year-old operating system with millions of deployments, Server 2003 and probably a lot of others using non-ancient version of IE, WMP, etc.

    Stop whinging Microsoft, and fix this crap. That's been in the OS that millions of people used for **years**, after all your patching and service packs, and you never even spotted it, even when you were the only people with the code to the damn thing. I'm not saying it's easy or you should find everything, but FFS - the problems there just show crappy programming and patchwork all the way to the OS core. That "defer" thing just REEKS of someone saying "But I need a way to bodge this...". Whether it's responsible disclosure or not - fix it first, whinge about their methods later. Where's my response saying when you'll fix it? Where's the estimated patch release date? Where's the hotfix? When you've put those out, you can whinge about them being irresponsible with security. And then they can say "But we're one of your main competitors!" and laugh at you, the same way you would if one of your researchers found a major bug in Google's websites / OS / browser.

  5. Re:HTTPS -- default on Australian Gov't Seeks To Record Citizens' Web Histories · · Score: 4, Interesting

    That won't help the wider picture - that only helps the web, the principle is the problem, not the practice. Once they start blocking / monitoring websites it's only a matter of time before bypassing that filter becomes an offence and/or they branch out into other traffic.

    You're actually looking for a complete P2P, SSL network to overlay the Internet and provide the security of connection. And as Tor demonstrates - at the moment - that's hard, slow and doesn't protect people's privacy unless they do *everything* right.

    Seriously, it's what's needed... some form of P2P, traffic-sharing, encrypted "darknet". It's the only way to stop government sniffing your traffic, choosing what websites they approve of and/or downloading things you might otherwise not be allowed to. Ideally, someone should build a little matchbox-sized device that just anonymously routes data from peers over secure connections via wifi, Tor-like, mesh-networking, with auto-routing, auto-discovery of wireless networks and internet connections, etc - with some QoS of course so no one peer can flood the others out. It's possible now with some embedded device that just accepts all wifi connections and joins them to a CloudVPN / Tor kind of deal. Spread enough of them around a town and you can bypass the traditional Internet entirely, transporting encrypted data over it when necessary, using any connection to another box of its kind that it can find otherwise. And it only takes one person to join to a physically-foreign network and the whole place will be able to contact the world (albeit slowly in that contrived example).

    A mix of Tor, CloudVPN, mesh-networking, Kismet, P2P software.

    I've said before, it's only a matter of time before "The Internet" becomes nothing more than an infrastructure to carry data for such a network - like back in the old days. The routers won't have any clue what data they are actually routing (always was a breach of layering to have them do that anyway), they just provide the fastest paths to the intended recipient. "The Internet" becomes a backbone network for a kind of global VPN. I'm not talking tomorrow, but give it a few decades and that will end up happening. As it is, we have to encrypt anything sensitive / useful anyway. Before you know it, every protocol running on the Internet will be encrypted (already true for certain things like certain SMTP, chat, web, filesharing, remote shell, etc.), so it's just a matter of lumping them together into a single VPN-style connection. Then "The Internet" returns to its original purpose - providing routes to other places and transmitting data that you don't necessarily know its origin or destination.

    As a nice by-product, eliminates things like protocol-based bandwidth-limiting too.

  6. Re:Eh... on Valve Delays Portal 2, Squashes Duke Nukem Rumors · · Score: 1

    I don't see the point in getting excited about any press release to be honest. When something pops up in my Steam window saying I can "buy game X now" then I can get excited about the prospect of a new game / addon / etc. More likely, unless it's cheap, I'll wait for some other pillock to try it first and then tell me if it's any good. Until the time I can actually play it, it's vapour and I refuse to be coaxed into seeking out information, giving ad views, pre-ordering or any other nonsense. I don't do it for any of my other hobbies / interests, why the hell should I do it for videogames?

    You can't buy / review / play things that haven't been released or aren't available to you. That's the end of it. Trying to "entice" me by telling me that you'll tell me something next week just makes me less interested. I know you're trying to create hype and virtually everything that needs hype to promote it flops. Remember Daikatana, DNF, WinFS etc. etc. Until it's in my hard drive and playable, it doesn't exist and can't be judged on how good it is - there's no point looking forward to a particular game / OS / feature until you know it's available to yourself.
    When companies learn this, we'll start seeing some decent games / movies again.

    There's no point telling me that Blu-Ray is fabulous, or HDTV is wonderful, or your new game will bowl me over. EVERYONE says that, and 99.999% of the time it's just not true. In fact, most of the games that I've really enjoyed have been ones that I'd never heard of until I tried a demo (and for pity's sake PLEASE give out damn demos of games or I won't buy them for years to come - if I can't trial the damn thing, how can I be expected to make an informed purchase of it?).

    Every time you hype a game that I'm actually vaguely interested in, my heart sinks a little. It means you are trying to keep the excitement up in the hopes of some pre-orders or blind-sales and that worries me. If HL3 or Portal 2 was any good, you'd just drop it on us relatively unannounced, without this hyperbole. If the game can't sell itself, I don't want it, and I'd much rather you spent time programming and testing than advertising something that doesn't exist yet.

    I'd have liked word of HL2:E3 but to be honest, if it's a dead horse I won't buy it even with having all the previous episodes. I stop my DVD collections when a series gets shit, I don't buy sequels just because their predecessor was good, and I'm quite happy to not have the complete set. That said, I don't actually like Portal anyway, so if this was supposed to be a Portal announcement I'm even less interested - I really think it's time for HL2:E3 to be released, if I'm honest. Portal's an interesting concept but the game was a bit dull after a while and I completed it in 3.1 hours (and most of that was me pissing about trying to get the 30,000 feet drop achievement by leaving the game running while I had dinner). Maybe that's because I only played it after the hyperbole had all died down and it was on Steam for £10 but it wasn't anything fabulous. Portal 2 won't interest me until there's a demo and the full-price game is about £10.

    But hey, if you want me to listen mention HL2:E3 but to be honest my reaction would be "Oh, that sounds interesting" until I can actually try it / buy it. Until this, I don't pay attention to press releases and I've saved myself a lot of money and disappointment by doing so.

  7. Re:Driving habits on 2 In 3 Misunderstand Gas Mileage; Here's Why · · Score: 1

    Shit, you need a better car.

    My 1997 1.8 Mondeo gets 40-45mpg *without* me doing those sorts of tricks. That's 70mph on motorways (and some inner-city traffic which hits consumption worse) and changing gear when I remember (i.e. car gets sluggish and/or I hear the engine whine). I drive 100 miles a day, I get 500-550 miles from one 60 litre tank. Oh, and it cost me £350 last year and has done about 25,000 miles since then, including 130mph on the Autobahn, so it's hardly a "well-treated" car.

    I thought the point of the newer cars was that they were more fuel efficient? Granted, yours is probably in a cheaper tax class and cheaper to insure, but hell - I'd be disappointed with having to eek out 30-somthing-mpg.

  8. Re:Caffeine on New Google Search Index 50% Fresher With Caffeine · · Score: 1, Offtopic

    Nuke the site from orbit - it's the only way to be sure.

    (And yes, I know I've jumped to a different film - bonus points for anyone who can name the common actor. I play a game where I can link any movie to the one I just quoted using actors / actresses... the worst I ever did was six-degrees-of-seperation).

  9. Re:As an outsider, the "war" seams lost on British Computer Society Is Officially At Civil War · · Score: 1

    Just a condemnation of CS-degrees, really. The last (and main) coursework for the programming course I did for that degree had an exercise that was to "implement the KMP algorithm in Java". For reference, this is the KMP algorithm: http://www-igm.univ-mlv.fr/~lecroq/string/node8.html and that page does it in about 30 lines of C code, most of which is boilerplate, comments and whitespace. Even with the analysis and figuring out the big-O notation of such things, that's *NOT* degree-level stuff, not in my opinion. That's the sort of thing you could get some students of about 13-14 to do quite easily, even without prior technical skills - I work in schools and I've seen better stuff from 15-year-olds. Hell, my classmates in secondary school were doing more interesting and challenging things than that five years previously when they were being taught BASIC. Give any programmer an adult and they could teach them how to complete that (and understand how they did it), the most difficult exercise given on that course, in the space of an afternoon even if they couldn't program at all before.

    The toughest course on my degree was Compilers and Interpreters, which was 90% dealing with parsing trees and the like and which was only "bad" because the lecturer did the old trick of making the first few lectures seem tough in order to get rid of the wastrels. Seriously, there was nothing on the computing side that would tax someone who could already program, or had a decent grasp of what would have been considered "O-Level" logic / mathematics 20 years ago. It was embarrassing. It wasn't that they focused too much on the theory, or not enough on the actual practice, they just dumbed it all down in order to raise pass rates. An MSc project that I helped someone out with in their final year of their MSc was implementing the Minimax algorithm on a game of draughts (again, in Java) - I kid you not. This is the sort of thing that I was reading in Personal Computer World when I was 15, and many, many years before that. I have a set of INPUT magazines from the 80's aimed at teaching children programming on the ZX Spectrum, BBC Micro, etc. and it has more interesting and complex algorithms in it.

    Go have a look at the courses offered for any modern computing degree - I just looked up my old uni and found that you could do a project for the entirety of your last *two* years of your MSci (and pretty much the *ONLY* thing that you do) by choosing to use things like "XML and Structured Information" or "Entrepreneurship in Information Technology". It's all complete bollocks that has nothing to do with computer *SCIENCE*. It's just Yet-Another-IT-Qualification now, nothing to do with degrees, computing skills, picking out the good students, and nothing whatsoever to do with computer science at all - most of the students will never stray from their Windows desktops with Eclipse installed (with the help of the uni IT department) for the entirety of their degree.

    How many of the people on those courses went on to a "real" (i.e. non-management) IT job? Almost zero I should think. I wouldn't trust them to install Windows, let alone program the damn thing or analyse real-life systems and protocols. Degree courses do not demonstrate knowledge/skill in the subject any more (if they ever did), they just demonstrate that you can follow instructions for three/four/more years.

  10. Re:As an outsider, the "war" seams lost on British Computer Society Is Officially At Civil War · · Score: 1, Interesting

    Most uni courses are an absolute waste of time. Anything real/interesting is saved until the MSc / PhD years, at least in the UK. By then, if you *don't* know your stuff, you're dead in the water anyway. Learning is 99.9% to do with user motivation... if someone doesn't want to learn, no course in the world can teach them. Other people, though, will absorb knowledge like it's going out of fashion and be far ahead of the class before they even start.

    I have a CS degree from a good London university. I can honestly remember two courses that were worth my time (in my opinion) and providing me with useful CS knowledge... Graph Theory and Coding Theory - both technically taught by the mathematics department. The Java programming courses? I never even bothered to attend the lectures or classes, I just emailed my coursework in from home - I'd never programmed in Java before, but I'd been programming in one language or another since I was 8. Some of the MSc students didn't know simple things, though, and ended up dropping out. The Windows/Linux dual-boot computers baffled most people and I was the only one who ever used the Linux side for any non-coursework tasks (in fact, I used it almost exclusively). Some of the people on the pure-CS courses had never programmed a single line of code. Some of them couldn't do binary arithmetic. Others were clueless as to how to even operate a computer for everyday purposes.

    That was 10 years ago, when people *didn't* generally have their own machines (or if they did, it probably wasn't a laptop), had to take paper-notes in lectures, etc. - I don't suppose it's got any better since. I used to sit and help final-year and MSc students with their Java projects because I could spot optimisations and problems in their code from a million miles away. To me, it was just something I did for them while I was browsing the web and waiting for a page to load - to them, it was their final-year projects that had taken them all year to get to a compilable / prototype stage.

    The only thing a degree proves is that you had the dedication to learn things you didn't necessarily need to learn. It's a recognition of X number of years of hard work, not a certificate of a particular achievement. When you get into the workplace, even the "relevant" skills crop up only once or twice a year, if that, and aren't anything that you couldn't research online nowadays. My degree got me my first job, every subsequent job, and a well-paying, stable career doing what I want (which isn't the usual rat-race) - without it I wouldn't have been considered. But relevant to real-world computing of any kind? Nope. The people who *KNOW* their subject are in a vastly disjoint set to those who *STUDIED* their subject or even those who *WORK* in their subject for a career.

    If you weren't taking things apart and programming before you left school (in the UK, that means age 16/18), the chances that you *KNOW* your subject are greatly reduced. A good degree proves nothing about capability except dedication and ability to learn.

  11. I work in UK schools on Thumbprints Used To Check Books Out of School Library · · Score: 1

    Welcome to 5-10 years ago. There are already hundreds of schools with this system. Look up "Junior Librarian", for instance, who have a fingerprint reader add-on, and that's for primary schools.

    Never deployed one, always refused, but am constantly being asked about them.

  12. Re:What is the privacy debate about? on UK Home Office Set To Scrap National ID Cards · · Score: 1

    There are many angles - first, from a "necessity" point of view: The government don't need to know who I am any more than they already do. This negates the need for anything else, and all laws in place require me to identify myself when such things are in doubt. There is nobody in the UK that isn't "identified" in some way, even if that's through lack of identification meaning they shouldn't be here (i.e. no valid ID = probable illegal immigrant). No need = no point. I can give Facebook lots of information but my point is that I don't NEED to. That's the difference. However, the government I *need* to give certain information and having that held in insecure electronic formats is no assurance. Millions of peoples data has been "misplaced" by the UK authorities already - including the benefit details of some millions of tax credits claimants. Not a big deal? That's your name, age, address, living arrangements, indication of income, maybe even listings of children you have from other relationships. Your partner might know about them but the rest of the world doesn't need to. Consider if you were on a witness protection program, it might be possible that such PUBLIC leaked information could be severely damaging. The UK *cannot* hold those records securely - they is really zero security on any government IT system which is why the NHS system is constantly being overhauled/scrapped/renewed/ignored too.

    Existing NHS records were sent off to be electronically converted. They came back with something like a 30% error rate, and people who were dying of cancer were confused with people who'd never needed a doctor in their life. The paper systems have been there for 50-60 years without any major large-scale problems of theft / errors / copying - just isolated cases. The electronic systems haven't managed six months without some sort of controversy / mistake / mass information leak.

    The Data Protection Act in the UK recognises this - you can hold almost any personal information on whoever you want, so long as it's not computerised. The instant you build an electronic system of that data, you need to register and abide by the laws because the potential for misuse is extraordinarily increased. About the only "successful" electronic database in the UK is the DVLA, and even then they have leaks and problems all the time. Now the government has decreed that anyone can access that database, on payment of a fee and specification of a purpose, so you have people tracking their ex's and fining people who parked for a second on public property (which isn't actually an offence, and would need to be proved in a court of law before it could ever become any like trespass and the chances of conviction are about 1 in a thousand on trespass charges - it has be to wilfully destructive or intrusive, not pulling over into a field entrance to check your tyres). There is no court system involved - you just subject a registration plate and a fee and you can be given the details of the owner. Misuse is probably rife but nobody can really track it at the moment - trace your ex because she ran off with another man, scratch the car of the person who cut you up in traffic last week, they are all now possible where before you would have needed a court order with an explicit reason to look up such information.

    Then you have the problem of government overstepping its powers. This is common, frequent, and dangerous even today. When the country runs on electronic ID, the government *control* your life, from issuance of credit, to getting a job, to claiming benefit, to even being allowed to stay in the country. It may not be deliberate, but if your life exists only in a computer memory run by a government IT contractor, it's easy to destroy your life too.

    It's easy to just delete an electronic record, or have it corrupted, or cross-linker, so we have to keep the paper records around to prove that you are actually who you say you are. Anyone could create a fake "birth" on an electronic system, it makes it a million

  13. Re:800-Million pound cost on UK Home Office Set To Scrap National ID Cards · · Score: 2, Informative

    Mmm... post got cut off halfway:

    The UK military expenditure currently costs about 2.5% of the £1.8 trillion GDP. That's about £45 billion. Therefore ID cards for every citizen in the country cost, in total over the last ten years, approximately 1.7% of the total military (peacetime) budget for *this* year. Call it 2% to actually finish the scheme and issue the cards for free.

    Depending on how you look at it, that can be read as ridiculous in any number of ways. Or to put it in perspective - £800m is approximately 25% of the EU farming subsidies that we pay each year, or twice the amount we pay in "R&D for Environmental protection" each year, or 1% of the old-age-pensions for this year. Now consider that the £800m is the TOTAL for the whole scheme from start to finish to create a national ID card, and that's not actually that much. It's just because it's stated in big numbers, but you're taking those from HUMONGOUS numbers to jump to conclusions. £800m over ten years is £80m a year, which is about £2.70 per working taxpayer per year, roughly. Now consider that the average working UK citizen probably pays about £4000 per year in income tax alone, from a salary of £24k. In actual fact, having less than 75% of working age in employment means that we lose £40b a year in income tax from those people, not counting the benefits, etc. that are paid to them.

    £800m for a nationwide offical government project is *NOTHING* and people should really worry about other things (like how they are going to survive in their old age if pensions cost already more than ANYTHING else in the UK government budgets). I'm not a supporter of ID cards AT ALL, but stating figures and then going "OOhh, that's a lot" is pointless unless you put them in perspective. The council tax owing to local councils at the moment probably covers the entire 10-year-expenditure on ID cards.

    In perspective, £800m is nothing. Liverpool football club would cost about that to buy, according to this horribly-pop-up'ped page: http://www.goal.com/en-india/news/2171/premier-league/2010/04/18/1883371/liverpool-owner-tom-hicks-wants-800m-for-the-club

    (PS: Got my data from World Bank / ukpublicspending.co.uk / HMRC statistics / other reliable sources).

  14. Re:800-Million pound cost on UK Home Office Set To Scrap National ID Cards · · Score: 4, Informative

    The UK military expenditure currently costs about 2.5% of the £1.8 trillion GDP. That's about £45 billion. Therefore ID cards for every citizen in the country cost, in total over the last ten years, approximately 1.7% of the total military (peacetime) budget for *this* year. Call it 2% to actually finish the scheme and issue the cards for free.

    Depending on how you look at it, that can be read as ridiculous in any number of ways. Or to put it in perspective - £800m is approximately 25% of the EU farming subsidies that we pay each year, or twice the amount we pay in "R&D for Environmental protection" each year, or 1% of the old-age-pensions for this year. Now consider that the £800m is the TOTAL for the whole scheme from start to finish to create a national ID card, and that's not actually that much. It's just because it's stated in big numbers, but you're taking those from HUMONGOUS numbers to jump to conclusions. £800m over ten years is £80m a year, which is about £2.70 per working taxpayer per year, roughly. Now consider that the average working UK citizen probably pays about £4000 per year in income tax alone, from a salary of £24k. In actual fact, having http://www.goal.com/en-india/news/2171/premier-league/2010/04/18/1883371/liverpool-owner-tom-hicks-wants-800m-for-the-club

    (PS: Got my data from World Bank / ukpublicspending.co.uk / HMRC statistics / other reliable sources).

  15. Re:Die? on Flash Destroyer Tests Limit of Solid State Storage · · Score: 2, Informative

    Depends - if the chips are using some sort of error correction, they may well just fail. I have USB-based Flash die all the time and it DIES, as in not even presenting a usable device to the OS despite being "detected". The theory is that they fail nicely but the chances are that any non-premium flash will just die a death. Why bother making the device fail gracefully if it's failed anyway?

    Literally - I've never seen a flash device in such a "read-only" mode, even for a single bit, but I can't even begin to count the number of flash-chips in certain devices (everything from routers to USB sticks) that just die for no reason and never recover.

  16. Re:Mmm on UK Newspaper Websites To Become Nearly Invisible · · Score: 1

    People "compiling" the news into a legible article? I don't really care if they get paid or not. Sorry, not my problem to create jobs. In the same way that, not being a purchaser (or "thief") of music, I don't care if the RIAA make money, or the same way that, not being a sports fanatic, I don't care if the national football team goes bankrupt. And if people *can't* make a living compiling news into articles, then, erm... it's *NOT* a job, and they should be relying on it to pay their mortgage. That's kind of my point. If you can't get people to pay for something, it because its valueless to them. Working to produce valueless content is a waste of time.

    I don't think the Internet is unbiased - I never said that and believe the *EXACT* opposite. But it allows me to compile everything together and then I can find out the truth. This covers everything from the actual source of government statistics, including collection methodologies, (my country happens to publish a large portion of these in raw format that then get twisted *everywhere* they are reported) to getting *everyone's* opinion and seeking the truth in the middle of that noise. The only way to remove bias and hyperbole (which is what I've objected to throughout my post) is to get at the actual data and have a look for yourself. Historically, that's what reporters did, by the way. Now they are paid to spruce the truth into an interesting "fact" for their reader, omitting 99.9% of the vital details.

    Also, "the Internet" covers more than just a Google search of the news-sites, which is what you seem to imply. If I hear about an interesting paper, or statistic, or invention, or court case, I am an order of magnitude more likely to find verified *facts* on that on the Internet, I just have to go to the right places. If someone makes a news story out of some scientific "research", five minutes on the Internet shows me how credible that research actually is, from viewing the original paper and its method, to finding any criticism by upstanding scientists, down to talking to real scientists in the same field if necessary.

    In the days of the Internet, I'm my own "reporter" (in the old-fashioned sense of the word) backed up by a world database full of facts. Most of them are bullshit, but the *verified* ones that have a trustworthy origin are much more interesting than anything that'll make it into a newspaper. Reading *anything* and accepting it as the truth is stupid, online or offline. Verifying that information is all that matters and I've never trusted *anyone* else to do that for me, especially not someone in the employ of a company with known political affiliations that makes money by being sensationalist. I don't claim to find "THE TRUTH", just something a lot more truthful that would be published in any newspaper I've ever picked up.

  17. Mmm on UK Newspaper Websites To Become Nearly Invisible · · Score: 2, Interesting

    Is it just me or am I the only person who *won't* pay for news because it inherently means that someone is being paid to write something that someone else wants them to? "Independent" or not, I don't think I've ever paid for news services, ever, at all - the closest I got was, for a while, paying for a TV licence. I don't buy papers, I don't watch the news, I don't subscribe to any news websites. Never have done.

    However, if I catch wind of an interesting bit of news (which therefore removes any political, celebrity or hyperbole news), I look it up on the Internet and have done ever since I had a connection to it. About the only "news" that I consume readily is the free paper given out on the London Underground (The Metro - you can read it online at www.metro.co.uk as a PDF each morning but I don't know if they restrict non-UK access) and BBC News. The former because it's free, simplified and I don't detect too much bias in it (despite being owned by a biased-company, but again, political news rarely interests me), the latter because, well, the same reasons.

    Paying for news is very old-fashioned, older than my generation really, and likely to only give you the one-sided impression that you want. I want my news to be free, refreshing, fact-based (and therefore sometimes contrary to my opinions), otherwise what's the point in reading it? News is, basically, a form of up-to-date entertainment to me. After decades of free papers, "free" Teletext news (if you owned a working TV), "free" news programmes, free Internet news, free news texted to my phone, etc.etc.etc. who still would ever want to pay for it? You could argue that paying for it gets you "higher-quality" news (whatever that means) but I discover things that are relevant to me, that are reported fairly, and go into enough detail to get me interested in personally researching the actual truth all the time. I don't have time to follow up a lot of the things I would like to. Even the news can't keep up and often have to recycle old Science news that we've all known about for months. And you'd be extraordinarily hard-pressed to make "better quality" news than the BBC or Metro, no matter what you paid for it. Every outlet gets the same news within the same minute, everyone buys the same photos from the same photographers, everyone gets the same quotes from the relevant people. News isn't "new"s any more.

    What I'd give my right-arm for would be a Metro that had a much larger Science section, that wasn't quite so dumbed down. Or a really decent IT section. Even in my areas of interest, 99% of the science / IT / maths stories are just ridiculously obvious, well-known or under-stated. But I'd only like that because it would still be distributed as free PDF's that are emailed to my inbox every morning. If you asked me to pay much more than a token donation, you'd be losing my readership. I pay for the services I choose to consume but with paid-news, I would just choose not to consume. It's really not that important to me, or makes that much difference. Ten minutes research on any subject / incident that I am interested in gets me infinitely more detailed facts than a paper could ever convey, and without the hang-back of reporting restrictions.

    In the end, the "death" of news is nothing new itself. I'm 31 and I've never bought a newspaper for myself, never bought a news website subscription, or paid to view an article, or anything else. I've always wondered how *any* newspaper made money in the last 20 years, if it wasn't by advertising and a low cover-price. Metro has held on for over 10 years with the same business model, so it's obviously doing something right. Interestingly, Murdoch's copy-cat paper "thelondonpaper" (Yes, apparently they don't know about spaces and capital letters) went under trying to survive with the same model.

    News isn't worth paying for - it's a five-minute distraction on the way into work and/or two minutes research saved for anyone that actually WANTS to know the facts about anything. As it

  18. Re:Won't see 1000x for a few years. on Titanium Oxide For High-Density Optical Storage · · Score: 1

    I see your crazy personal anecdote and raise you mine: The first PC I owned had a CDROM had 4Mb RAM and a 40Mb hard disk (we paid nearly the price of the computer again to upgrade from its original 1Mb with 20Mb disk), before we then changed to another PC to upgrade. It was a 1x CD-ROM too. And an ISA Sound-Blaster was cabled into it. Weirdest bit? I still have the CDROM drive and it still works.

  19. Re:the issue is, how proven on Large Irish ISP To Enact "Three Strikes" Rule For Copyright Violation · · Score: 1

    If you agree to those terms and conditions (including the three-strikes, the punishment, the venue, the measuring device, the appeal routine, etc.), then you're stuffed until there is a universal service obligation to provide Internet to every individual. It's just a standard contract, in the same way that if you are found posting libellous material about a third-party onto a company's message boards, they can ban you from that message board. Even if it's just an accusation. You agreed to the terms and conditions, or not.

    The sanction, in this case, is a result of your breach of contract. The *user* is actually at fault, even if not explicitly stated, because almost all Internet connection T&C's include a line about not using the connection to perform illegal acts. Nowhere in your T&C's does it state whether that has to be proven in a court of law, or whether they can just act on their own suspicions. The exact details of that could well go to court if you think you've been cut off unfairly, and it would be messy, but it would be a breach of contract from the ISP if they were unable to prove you were doing something that the contract said you shouldn't. They, however, have absolutely no requirement (at the moment) to set you back up with an Internet connection if you were right. They may compensate you for the breach of contract, but that's the end of the matter - you may even be blacklisted from using any of their subsidiaries ever again.

    However, it might well *eventually* be classed as an unfair contract term. That's unlikely and probably DECADES away from happening because such things are purely interpretation of law and in those particular areas 99% of that interpretation is what the court *thinks* should be in the contract, not any case law or similar. So, it's not "illegal", it's not "bypassing the legal system", it's you agreeing to stupid contract terms without reading the small print. If you can't find an ISP that doesn't have those contract terms, nobody (at the moment) is obliged to provide you with such an ISP. Internet access is still an optional, contract-driven luxury service. If it becomes a "right" then an awful lot of things will be brought in with it to control it (and hence is reason enough not to make it a "right").

    I may not agree with Microsoft being able to basically worm its way out of responsibility in its EULA's but I have choices - challenge those T&C's in a court of law if I feel they are "unfair" or not agree to them at all. Same with ISP's. Nobody is (currently) making you go with an ISP that can throw you off the Internet at even a slight accusation. You may not have ANY choice of ISP at all - some people still can't get broadband whatsoever. But at the moment, you're not *entitled* to it, and if you ever are you will almost certainly have a set-in-stone group of laws to ensure you still can't pirate stuff (and can still get filtered / thrown off if you don't follow that).

    Accusations have always been able to get you disconnected / investigated from even offline activities... you can be banned from working in a school because of a completely unfounded, retracted, historical accusation from a known liar. It's not *illegal* to do so, if the employer wants to use that as their justification. It may be unfair, but it's unlikely to be seen as such in a court of law. You can be removed from a club because the security heard a rumour that you started a fight in a club down the road. You can be thrown out of a shop because one of the assistants thinks they saw you damage something in there. This is not "new" law. It's just people failing to account for their actions and their contract-prescribed results when they sign up to a contract. Don't like it? Don't sign the contract. Can't find a contract for an ISP that you want to sign? Tough. I can't find a contract for a car hire company that will let me race the cars on a rally track, or will insure me if I don't have a license, or will let me use the car as a taxi. Same thing.

  20. Wow on BYO Linux Router To Australia's Fibre Network · · Score: 1

    Amazing. You can use an Ethernet-based device to connect to a domestic broadband network. Wonderful modern technology, isn't it?

    Hint: If posting a story where the *opposite* actually sounds more shocking, you're not posting news. You're posting things people already know. News needs to be "new", true and (usually) unexpected, unusual, shocking, controversial etc.

  21. Re:Javascript is evil on A Playable PAC-MAN On Google Doodle · · Score: 2, Informative

    Newsflash: your laptop probably pulls about 20W no matter what you're doing on it (and most of that is lost to conversion costs) and even running at 100% CPU would probably only have a handful of watts more. However you lose about 30W constantly every time the battery needs to charge. So technically, if you were *THAT* worried about being green, you'd be unplugging your battery whenever you use your laptop and the battery is already fully charged. Desktop systems are more power-hungry too. Hell, your display probably does anywhere from 10 to 30W depending on your brightness setting and how many white pixels are on screen.

    At 100% CPU (incredibly unlikely, but if you have a single rogue Windows service, you're probably pulling more CPU than any Javascript game+ interpreter would ever use) you're probably adding something in the region of 10W, say. The cost of an energy saving lightbulb. Additionally if would take you 10 DAYS of you doing that 24/7 for it to compensate for someone who left their heating / aircon on for an extra hour or so while they went shopping.

    So please, stop talking crap about being green. You saved nothing. The average US house is pulling an average of about 1000KWh every month, over 1KWh every hour. You saved, with the over-exaggerated calculation that I just did, less than 1% of the electricity used in your home at any one time. And if you did it for, say, a 5-minute game of Pacman, that's about 0.003% of a day, so by not playing you decreased your average consumption that day by approximatley 0.00003%. Lowering the temperature on your heating / raising the temperature on your aircon by 1/2th a degree would make something like ten thousand times more difference.

    If you want to be green, stop using artificial heating / cooling, not worrying about your lightbulbs, laptop or painting your house an energy-saving colour. If being green is affecting your life to the extent that you want to say 0.00003% of your consumption for a day, then I assume you've cut out ALL non-essential electrical appliances that contribute more than that to your electricity bill?

    However, I agree with your point in principle (you shouldn't need Javascript to run Pacman) but if you were worried about cycles on that level, you wouldn't be using any modern OS whatsoever.

  22. Re:Hidden Drive on Australia Air Travelers' Laptops To Be Searched For Porn · · Score: 1

    1) That's outright evasion of an immigration security procedure. You'd probably go to jail for longer, and more easily, for doing that - more than anything else you do short of stabbing the customs officer in the head. 99% of people are honest and want to abide by the law... this makes the law-abiding person into a criminal because the only "sensible" choice is to hide the potentially-illicit material. The other choices are "Lie about not having pornography" and/or "Admit to having pornography and be subjected to a search for such". Has your business-supplied laptop ever viewed a pornographic pop-up by accident, by any user, at all, ever, in its entire history? Then, technically, it contains pornography. So *almost* everyone who's brought over a laptop should be ticking "Yes" to that box, or at least querying the definition at the borders. How many people have done that since September when this question was introduced? Exactly - you're *MAKING* otherwise innocent people lie on a customs form because your question is so ridiculous, ill-defined, intrusive and pointless.

    2) Probably. You'd have to either a) admit they are there (or claim ignorance of what they define as pornogrpahy, the history of the machine, etc.), submit to a search and then suffer the consequences if they are deemed "pornographic", b) pretend they are not there and float through customs in the hope they won't notice or c) deliberately hide/obscure them. Australia just turned every right-minded civilian who has such things into a "customs criminal".

    3) Encryption would again be seen as evidence of obfuscation. Additionally you may be forced to give up the keys in a court of law. That might mean compromising information which you've been deemed guardian of, if you're a businessman from an EU state for example.

    Well done, Australia. I've just torn up my (already authorised) visa and I've not even set foot in your country yet.

  23. Yawn on Ballmer Says Microsoft Wasted Time On Vista · · Score: 3, Insightful

    Wake me up when anything useful actually *changes* about any Microsoft OS. Last time was back in 2001 (possibly 2004 if you count XP SP2). The interface changes, the "hidden internals" change (i.e. upgrade your drivers to WDM drivers), but the way you use the damn thing doesn't. And each time it gets slower - slower to run, more demanding on resources AND, somehow, slower to navigate and use in everyday life. It also has useful features ripped out, customisability thrown out of the window, old features limited and junk thrown in.

    (Why can't I make 7 look like 2000 / XP Classic? Hell, I can move EVERY individual button, widget, dropdown and toolbar on my browser, I can change every hotkey and have it load it up in any number of different configurations at a click. I used to be able to have a good level of similar control over XP's basic interface, and even Office's, but now I can't even get rid of that stupid Start Menu at all, or put the Control Panel back how it used to be, or (now) turn off the stupid Ribbon bar? I don't *CARE* if it's faster, more efficient, etc. for some people - it isn't for me, and I'm the one using this particular computer).

    What happened to WinFS, for example? It seemed like a good idea, was the only thing that *really* got people interested in Vista and then failed to make any appearance whatsoever ever since.

    Seriously, give me a call around Service Pack 2 of the "next big OS". The one with features that I feel I could use and which would speed up my use of my computer. In the meantime, I think I'll just "struggle" along being able to boot up really quickly, customise heavily and not need a super-machine to run things that have always run fine. Until then, Microsoft's offerings are completely irrelevant to me and have been since 2001/2004.

  24. Re:PCI compliance and encryption on Australia Air Travelers' Laptops To Be Searched For Porn · · Score: 1

    Incidentally, the US have had something very similar for a long time, albeit related to "terrorism" rather than "porn" - they still reserve the right to examine my laptop, force me to reveal my passwords, copy my harddrive without any legal assurance of what will happen to that data etc. So the situation hasn't changed any, I've just added another country to my blacklist where I won't even take a mobile phone, let alone a laptop, should I ever go visit there. Of course, that prompts me to assign an "inconvenience" factor to all my trips and just means I'll avoid both.

    Seeing as I have a valid Austrlian Working Holiday Visa waiting for me to use still, I think this is just another nail in its coffin (the first was that stupid mandatory Internet filter crap) and that particular piece of paper will never see any use at all. Shame. I wasted quite a bit of money on the application process for that.

  25. Why? on iPhone 4 Beta Shows AT&T Tethering · · Score: 4, Insightful

    If a company has a device that doesn't support tethering, why would you buy their products if you want to tether it? Why hype-up that they've "finally" included the damn thing, when it's been a standard feature on phones since GPRS and Bluetooth were available (my phone does it and that was released in 2003)?

    If a network does not support tethering for your particular device, why would you join them if you one day hoped to tether?

    There are other companies, other devices, other networks that *do* support tethering. Stop hoping for half-arsed solutions, trying to "jailbreak" your phone to do that, etc. Just buy one of the cheaper, easier, simpler devices that supports it out of the box without getting in your way or voiding your warranty. The companies that make those devices obviously know what you want and, crucially, will have been doing it properly, for longer.

    And, besides, phone tethering is old-hat anyway. It costs literally a few pounds / dollars to connect a PC to a 3G always-on connection on a decent tariff in the country of your choice. Most laptops have options to have it built-in, or external devices can be bought for less than a meal-for-two. There are PAYG and contract data tariffs that work out more than cheap enough (providing you don't roam internationally on them, but that's the same for anything). They won't interfere with the use of your phone, won't be tied to your keeping a stupidly-expensive phone, are designed for the job and don't have the security / network-lock / price / etc. issues that tethering to an iPhone would.

    Stop being surprised when years-old features are suddenly "added" to products that should have had them (and technically *could* have had them for absolutely no price difference whatsoever) in the first place.