* Posts by Charlie Clark

4584 posts • joined 16 Apr 2007

Infosec bods rate app languages; find Java 'king', put PHP in bin

Charlie Clark
Silver badge

Re: I have to wonder...

As noted by another poster: it's often both.

As a language PHP contains more than a few design flaws which make code inherently unsafe: not being strongly typed is certainly one of the biggest problems. It's certainly convenient but you can end up paying a lot just for that.

2
0

PHP 7.0 arrives, so go forth and upgrade if you dare

Charlie Clark
Silver badge

Re: Not backwards compatible...

Promises are making callbacks look kludgy and antiquated.

Because that's exactly what they are.

0
0
Charlie Clark
Silver badge

Re: Not backwards compatible can cause a lot of problems

Particularly in 3 which now complains if you've mixed tabs and spaces for your indenting. It is bad practice and should be avoided, but it's not exactly the easiest thing to spot if you've got limited tools to hand at the time.

Why? It removes ambiguity. Which text editors can't be configured to display control characters?

0
0
Charlie Clark
Silver badge

Re: Not backwards compatible can cause a lot of problems

You don't need this to be part of the syntax to incorporate it into coding standards. All other languages are capable of having automatic coding standards checks without this.

It's Pythonic to make it both required and obvious. It means one less line in your own coding standard. This is straight from any good UX book.

Yes, the whitespace pisses off coders coming from other languages which use other block conventions. But they're just moaning about their cheese being moved. From all other perspectives it is literally a no-brainer.

2
2
Charlie Clark
Silver badge

Re: Not backwards compatible can cause a lot of problems

Any language that uses "whitespace" as a core feature is f**ked up by design from the start!!.

It's not a feature of the language, it's part of the syntax. A subtle but important difference because it emphasises readability as a desirable characteristic of source code. But, hey, who needs code review?

5
1
Charlie Clark
Silver badge

Re: Not backwards compatible...

I remember someone telling me that when PHP5 came out he decided to switch to Python because either way he had to learn a new language.

Rewriting your own code is often not the biggest problem for a version change: dependence upon third-party libraries can be a real deal-breaker.

I hate PHP with a passion but the new version does bring some significant performance and memory improvements. This might be attractive if you can switch with minimal changes.

OTOH just drink the Node.js kool-aid and go with the callback flow!

1
0
Charlie Clark
Silver badge

Re: Not backwards compatible can cause a lot of problems

Apart from the lack of support for u"" and b"" literals, there is remarkably little difference between 2 & 3 syntax and a compatibility shim is tiny.

The real problem is that Python 3 is only ideally better than Python 2. It brought no performance improvements.

Things are only now starting to change with async.io

PS. I want my print statement back. I've been writing Python 3 syntax for years and I still don't think that print should be a function. Even less with f"" literals in 3.5

1
0
Charlie Clark
Silver badge

Re: They had to release it as v7

Cos perl6 will be out in a few weeks

'cos we never heard that before! ;-)

2
0

Booming Ballmer bellows 'bulls**t' over Microsoft's cloud revenue run rate

Charlie Clark
Silver badge
Stop

Re: Hang on, is Ballmer starting to have a vision ?

Microsoft made hand-over-fist during Ballmer's tenure. As a sales guy he really understood revenue and how to maximise it. If Azure isn't making money then making this known will really help focus those responsible.

He was less successful in the development / vision area which gave us Vista and Window 8. Okay for some of the shit in Vista, Gates was responsible and someone should have been in place to stop Sinofsky turning 8 into his own private toy.

But where Ballmer really fucked up was in acquisitions: aQuantive, Skype, Nokia, etc. But he'd more than earned the money to do this. IIRC MS profits per quarter more than covered those fuck ups.

And by keeping his shares he's also keeping his money very much where his mouth is.

10
1

Popular 3G/4G data dongles are desperately vulnerable, say hackers

Charlie Clark
Silver badge

Re: Cellular modems

Yep, my trusty old ZTE dongle only understand AT commands and you need physical access to fuck with it.

That said, I bet the firmware is a pile of crap.

0
0

CloudFlare intros HTTP/2, so we can ‘spend holiday time with our family’

Charlie Clark
Silver badge
Go

Great news

I take my hat off to CloudFlare for really working hard on this and providing it at no extra cost.

7
2

Monster fund manager sticks pin in Silicon Valley's unicorn bubble

Charlie Clark
Silver badge

A webscale Ponzi scheme

An increasing number of unicorns is an essential part of the private equity culture. Profits used to be made on IPO or acquisition. But the extended, er, grooming of the unicorns now gives opportunities to snare other investors, including retail ones, and sucking in more money for a smaller piece, thus driving up the valuation. A high valuation means a higher cash-out for those with preferred stock.

Thus Goldman Sachs was selling bits of Facebook to private individual ones before IPO. This was very close to breaking SEC rules about the number of investors you can have before you have to go public. Since then the rules have been relaxed including through the cleverly titled JOBS Act, which now allows the banks to finance private equity using crowdfunding. What could possibly go wrong?

Add to this the artificially low interest rates which have savers chasing yields harder than Frank Gallagher chasing a free drink and you've almost got perpetual motion. Almost. With the Federal Reserve tipped to raise the base rate to, shock horror, 0.5%, the party could be coming to an end. If it wasn't for the financial repression in Europe and Japan ensuring lots more funding. The scale is smaller but this has shades of the sub-prime mortgage scam in it: German savers ended up holding some of the biggest turkeys. Bond yields in Germany are now largely negative, in Switzerland entirely negative.

But even with all this let's not ignore that this structure has led to some successful companies: Facebook has a nice profit margin; Airbnb definitely has legs; NewRelic provides a monetised service. Some of the others are spectacularly anti-profit (SnapChat, WhatsApp) – way to go guys – and we are close to the dotcom assumption of scale automatically being followed by profit. But there is still too much faith in being able to just add webscale to a good idea to get a huge profit. How on earth is Groupon still in business? Some of the startups outside San Francisco are actually making things and might surprise us yet.

2
0

Google to end updates, security bug fixes for Chrome on 32-bit Linux

Charlie Clark
Silver badge

Re: It's not 32-bit that's the issue

Why should Google support those 32-bit operating systems? They never promised to support them for that long. And for desktop it really is a bit overkill.

TBH a lot of this LTS is hooey. RedHat et al. promise to support stuff but in fact you're often left in the lurch when upstream maintenance ends.

0
0

If a picture tells a 1000 words about latency, Google won't load it

Charlie Clark
Silver badge

Meanwhile in Germay

You can now buy SIM cards with virtually unlimited traffic WhatsApp. TopUp requirements are minimal. No use to me as I don't use it but interesting all the same.

Net neutrality: who needs it?

0
0
Charlie Clark
Silver badge
Coffee/keyboard

Re: The sites i visit...i NEED to see the pictures

Er, is that just coffee on your keyboard! ;-)

2
0
Charlie Clark
Silver badge

Re: So far you rarely wait for images

I don't see DNS queries as the real problem. And I've given up worrying about JS libraries: hopefully Houdini will allow things like JQuery to get slimmer over time but the important thing is people letting the browser decide how to do things and put load as much JS as possible after the onLoad() event.

http/2 should bring significant improvements but as long as people insist on using multi MB big images for thumbnail previews then websites will continue to get slower.

0
0
Charlie Clark
Silver badge

So, all good then! ;-)

1
0
Charlie Clark
Silver badge

Re: Déjà vu

TBH better to have control in the browser, which this kind of proxy setting does. Because "retina" websites are filling themselves with fooking huge images that generally get downloaded whatever the device.

0
0

Sued for using HTTPS: Big brands told to cough up in crypto patent fight

Charlie Clark
Silver badge
Stop

Here is my suggestion to fix this ludicrous aspect of the American way.

Pretty numptyish solutions to the problem.

1) "person in that knowledge field" is an even more difficult term than the "reasonable person" making an obvious discovery. If you look at the history of patents most abuse has come from large companies with more resources than patent holders. What you suggest would further entrench this system.

2) don't encourage even more litigation. In such an unlikely situation then the government should simply license the relevant patents.

The problems with the US patent system are well known: patents in too many fields are granted too readily and the courts, notably the one in east Texas then get to deliberate on their validity.

The US patent system must be overhauled so that it is sufficiently resourced to check patents. In the case of some of the vaguer software and business patents, which are the ones that cause most of the problems, applicants could be required to demonstrate specific applications. Because it is often the blanket application of a relatively minor patent across a whole field that causes problems. Cf. this one and the website plugin one. The patent clerks should have the authority to reject these applications on sight – though applicants should also have the right to appeal.

14
0

So why exactly are IT investors so utterly clueless?

Charlie Clark
Silver badge

Sort of – losses in one investment can be offset against profits elsewhere but you generally don't want all your investments to flop (unless you're Goldman Sachs selling mortgage-backed securities…).

The tax-advantages are important only as part of the bigger picture: borrow someone else's money (obviously, you don't want to carry the risk yourself) at the current artificially low interest rates (cheap credit is being paid for by screwing savers) and invest it instead of your own money. Any profits can be funnelled out via the most tax effective means. Publicly listed companies are currently doing this: borrowing money to buy their own shares instead of paying dividends Private equity has a few more tricks up its sleeve such as preferred stock which virtually eliminates risk for the privileged few. Inflating the value of RsWyp is important in sucking in other people's money to allow the scheme to run to fruition. Here again those artificially low interest rates play their part as suckers looking at returns of 0.5% (at best) on safe assets are attracted by RsWyp's potential due to its phenomenal growth. And their goes your pension…

18
0

BOFH: How long does it take to complete Friday's lager-related tasks?

Charlie Clark
Silver badge

Re: BOFH getting soft in his later years ?

Why should she care as long as she's getting paid. After all, she's probably got a boss of her own…

You seem to have forgotten that the BOFH has already met his match.

12
0

Mobe-maker OnePlus 'fesses up to flouting USB-C spec

Charlie Clark
Silver badge

Re: Standards, for a reason

Trading standards should be able to enforce some kind of notice or otherwise withdrawal from sale.

0
0

Nominet to hike price of UK web domains by 50%

Charlie Clark
Silver badge
Go

Re: Regulation?

I think you're spot. Articles 28 and 29 of the company could probably be legally challenged: giving executives power over the board is definitely non in members interests: the board is supposed to supervise the executives "for the benefit of the Members as a whole…" Article 1A.

There are no specific provisions about being a non-profit, but seeing as this is usually allied with special tax treatment, this is probably deliberately so. However, the purpose of the company seems to act in the interests of the members as long as they don't clash with those of the public. A bit nebulous but difficult to square higher prices without a benefit to members.

1
0

Mozilla annual report shows risky Google dependency now risky Yahoo! dependency

Charlie Clark
Silver badge

Re: Losing browser-market share...

So who's gaining?

Chrome mainly, though also Safari with the general shift towards mobile (from which Chrome also benefits). Weird because I find Firefox the best mobile because of the extensions.

People tend to stick with the default: IE on Windows, Safari on Mac, etc. People moved to Firefox and then to Chrome on Windows because Microsoft fucked up so badly.

4
0
Charlie Clark
Silver badge

Re: The problem

re. XUL

If you can't maintain something then you have drop it. Not so sure on what kind of UI stuff you really need for extensions – I've yet to come across an extension that only exists for Firefox that I need – but maybe following Vivaldi's lead there and switching to JS will be the way to go. Hell of a migration path but I suspect it could be partially automated. I hate JS but the toolchain is now pretty sophisticated and not having don't have to maintain your own multiplatform UI kit is a big win.

Vivaldi definitely, it's now my second browser, demonstrates that you can go beyond merely skinning Chrome.

0
1
Charlie Clark
Silver badge

Re: The problem

Dropping XUL and NPAPI were definitely sensible technical decisions.

As usual it's the "other stuff" that shows a lack of focus: fucking around with the UI and stuff built around new commercial agreements.

I've seen some good reviews of Firefox OS on tellies so that might be an avenue worth pursuing. There's no money in it for phones so they should drop that.

3
1

Spending Review: GDS gets £450m, Cabinet Office budget slashed

Charlie Clark
Silver badge

Those suggestions

a Common Technology Services programme will allow the Civil Service to purchase consistent, flexible and modern IT, driving savings and improving performance

Oh great, let's start doing everything different. Again! In systems procurement flexibility and consistency rarely go hand-in-hand are never seen with the word "cheap". Consistency usually goes with "standard" which can be simpler and perhaps cheaper. Well, that's the theory.

a new way of delivering digital services, Government As A Platform, will provide a common set of core systems that enable government departments to share digital services, technology and processes

This one's dead before it starts. There are no "digital services", just existing services delivered digitally.

the development of the GOV.UK Verify programme to enable individuals to prove their identity online and to access government services securely and safely.

Impossible without some form of electronic id-card with TFA (card and secure reader). Make it entirely voluntary and highlight the advantage for people of having a government system that can securely and anonymously verify identity. Could do a lot worse than buy in the existing the Estonian system. Or at least work with its components because the UK system will probably be subjected to more criminal energy than the Estonian one. By no means try and resuscitate old schemes or start with something blue sky.

Fuck, $ 450 will probably have been spent by the end of January. Time to buy shares in whale cruises, josstick factories and Vegas conference centres! Oh, and some "cowanking" space in London.

3
0

Hacker predicts AMEX card numbers, bypasses chip and PIN

Charlie Clark
Silver badge

Could have jobbed for a day in a trendy coffee shop…

OTOH given the number of cards Americans generally have all he probably had to was ask a few friends.

Don't quite know about US liability but in the UK this will mean that AMEX (and probably others) can be expected to be held liable for card fraud until they can demonstrate they have a fix. They normally insure against fraud but I can imagine the insurers also turning them down. Of course, any losses they do incur will be recouped through higher charges but in the meantime it looks like there's money to be made.

0
0

Grow up, judge tells EFF: You’re worse than a complaining child

Charlie Clark
Silver badge

Not the point

The case seems to be about making an ISP an agent of copyright holders. This is obviously nonsense without a contract. The ISP is contracted to its customers and the networks it peers with but not with BMG or anyone else. If BMG wants Cox to police its network then it should pay it do so (this might pave the way to offer stuff cheaper legally than illegally), otherwise the case should be dismissed as without merit.

The issue of whether access to the internet counts as a fundamental is entirely separate. I don't know US law so I don't know if there are any provisions for such services: water, electricity, telephone and internet. Oh and TV for Merkins. If there is no such provision then the amicus is also without merit. Some countries (France and Estonia, I think) have made an internet connection a human right which, especially in France, could lead to some interesting legal wrangles.

I really don't understand the copyright holders. Pursuing theses cases eats up a lot of resources while at the same time they seem content to sign up streaming services for a pittance and streaming services is where the market is moving: people seem to have been largely convinced that access to something online is all they need.

11
1

'Hypocritical' Europe is just as bad as the USA for data protection

Charlie Clark
Silver badge

Not that the ICO has been any better.

You're right. And neither has the Irish ICO. Of course, they've been kept on a short lead by the government and are chronically underfunded. With the ECJ judgment that might start to change: even if the ICO doesn't want to grow a pair the courts are likely to uphold challenges if they decide to do SFA.

Phoney war until the end of January.

1
0
Charlie Clark
Silver badge

The group has of European Data Protection Officers has given the situation until the end of January for a resolution after which Safe Harbour will be treated as no longer valid and its also likely that the "standard clauses" favoured by the Commission will considered in much the same way. We'll hopefully see a couple of high profile cases then everything will settle down: "suveil-as-you-go", fast-track warrants will no doubt become available to all law enforcement services that want them.

About the only thing this article gets right is the shift away from the European Commission to the national officers. Good because data protection is probably the area where the Commission has consistently failed to act in the interests of EU citizens.

Safe Harbour was on the way out anyway when the new Directive goes into force. It's just going to happen faster now.

4
0

Cat discovers GNOME desktop bug

Charlie Clark
Silver badge
Mushroom

More proof that the GTK is shit

I bet this wouldn't have happened with QT!

0
0
Charlie Clark
Silver badge

Re: My Daughter is Smarter than a cat.

Your daughter sounds smarter than you, if you let her loose on your computer logged in as you. I gave both my sons their own logins so they could happily wreak havoc without affecting anyone else.

That sounds like hubris. Most kids are able to pick up their parents login details very quickly: their young brains are wired to copy behaviour exactly.

3
1

From $6bn to $4.2bn to $2.9bn: Square's ever shrinking unicorn horn

Charlie Clark
Silver badge

Re: Bubble 2.0

Add to this the effect of artificially low interest rates in funnelling savers money (via pension funds) into risky investments such as VC funded start-ups.

1
0

Apple's design 'drives up support costs, makes gadgets harder to use'

Charlie Clark
Silver badge

They have a point

Apple's design has improved from the skewomorphic nightmare of a few years ago but is now much more perfume bottle (the bottle is the product) than a deodorant spray (the spray is the product).

Not sure about trashing Google for blindly following Apple. I personally think that the Material Design guidelines are far better thought out and presented than the Apple stuff now it. IOS 8/9 is "beautiful", Material Design has, er, rediscovered discoverability.

5
0

Hey Cortana, how about you hide my app from the user?

Charlie Clark
Silver badge

Re: Mad, Mad Multitasking

Office Mac 2011 was usable because it's got a menu but Office 2013 is a nightmare for me,

I'd have to agree on this and as I've been using Word since version 2 (skipped Office 2003) I'd say I've coped with most UI changes (disappearing menus was another disaster).

Office 2016 has the advantage of looking and behaving largely the same on Windows and Mac and is far less confusing than Office 2011 or 2013.

2
1
Charlie Clark
Silver badge

Re: Mad, Mad Multitasking

they do a lot of testing and so support many routes to the same result as people work differently.

This assertion flies in the face of most usability research which has been summarised as "make design as simple as possible and reduce choices for any particular task. No choices are best".

But, hey, if it works for you then you may have a great career ahead of you.

0
5

Dell and EMC customers happy about prospect of Dell/EMC merger

Charlie Clark
Silver badge

Business logic versus finance

No doubt there's some business logic behind the consolidation: it's easier to buy all the bits for a data centre from a single supplier. But then there's financial engineering behind this deal. The debt behind this deal is staggering and it's difficult to see it ever being repaid through increased sales. VMWare is where the value is and the tracking stock looks very much like a tax avoidance vehicle with the takeover merely show.

1
0

Game of Photons: Boffins make ICE with FIRE

Charlie Clark
Silver badge

More than a curio?

If the principle is to slow a molecule down by hitting it with a photon, where does the energy go? (Direction is important for momentum but not energy, discuss).

Personally, I don't see any direct application of laser-cooling but the underlying principle of energy extraction may have legs.

0
0

French Playmobil heist: El Reg denies involvement

Charlie Clark
Silver badge

I know who did it

It was the Small Soldiers and this doesn't bode well for life in suburban France

4
0

Hold on, France and Russia. Anonymous is here to kick ISIS butt

Charlie Clark
Silver badge

Re: Getting Tough

The labour party is far right wing, Blair is extreme right wing.

You're exaggerating, of course. He was opportunistic as much as anything else, which is why the evident conviction displayed about Iraq sat so strangely and for which he will probably be remembered (and reviled). Looking back I always try and imagine how things would have been if the Tories had stayed in power. But he did drag the country into a needless and expensive conflict that has almost certainly contributed to instability in the Middle East.

Mr Booth's comment did, however, prefigure Blair's opportunistic and egocentric politics as wonderfully satirised by The Comic Strip in The Hunt For Tony Blair.

7
0

X-Gene 3 in 2016 – no, not a superhero movie. It's a 16nm FinFET 64-bit ARM chip for servers

Charlie Clark
Silver badge

Re: Its getting harder...

Cool as it sounds: they ain't here yet.

0
0

Apple supremo Tim Cook rules out OS X fondleslab, iOS merger

Charlie Clark
Silver badge

There's a simple solution to the Safari problem: don't use it.

Apple hasn't go everything right since Snow Leopard but it hasn't all been about convergence since then: ignore ITunes shittyness and the OS has got some TLC.

1
3

PNG pongs: critical bug patched in ubiquitous libpng

Charlie Clark
Silver badge

News?

This will not be fun: the graphics processing library libpng has a vulnerability and needs to be patched.

Why should it be fun?

Why is it news? It's news if the patches aren't available. But they are.

2
3

TalkTalk hired BAE Systems' infosec bods before THAT hack

Charlie Clark
Silver badge
Coat

Re: An audit means nothing

Yes, the pen works fine…

15
0
Charlie Clark
Silver badge

Re: "Police told us not to answer questions"

No, this is good advice and standard practice.

If only Dido had stuck with it.

I think her public appearances to discuss the attacks were straight out of the good PR book and basically the right thing to do: admit to a problem; look concerned about it and busy trying to fix it. But, she should have stuck to the script that any lawyer or police would have given her an not commented on any details because of the ongoing investigation. Better still would have been a joint appearance with the police.

But she had to put her foot in her mouth.

2
1

PostgreSQL learns to walk and chew gum

Charlie Clark
Silver badge

Re: MySQL versus PostgreSQL comparison

Actually, it's more the case that MariaDB are doing a good job of cleaning up Oracle's MySQL warts.

Nope, can't agree there. MySQL has become more predictable and reliable under Oracle's stewardship. Many long standing bugs/failures have finally been corrected. I'd still recommend Postgres over MySQL but anyone who thinks that Oracle isn't taking MySQL seriously doesn't understand databases.

1
2
Charlie Clark
Silver badge

Re: MySQL versus PostgreSQL comparison

In the early 2000s MySQL's marketing was better and this helped push the LAMP monstrosity and its related bad practices onto a grateful world.

MySQL was a company that understood the importance of getting on PFY's notebooks, which were mostly running Windows and so they provided a Windows installer. Postgres had to be installed using cygwin: this worked fine but wasn't like to win any friends.

This helped favour MySQL and and encouraged development of PHP/MySQL stacks (with some fucking awful code most of the time). Database speed didn't tend to matter as it would be shot in the foot by the lack of connection pooling within a single page, let alone across sessions. And, oh yeah, there was the whole "parametrised queries, we've heard of them" versus "magic quotes" stuff. Magic quotes still make me want to cry.

I did some performance tests on something I was working on at the time and found no significant read performance advantages with MySQL. But it was faster for inserts – look ma! no triggers – as long as you could live with table-locking. Performance went down the toilet with joins; and a developer's life got harder because it meant manually adding indexes for foreign keys that Postgres ensured you got automatically.

2
2
Charlie Clark
Silver badge

Re: MySQL versus PostgreSQL comparison

MySQL with MyISAM ran a lot faster

As does anything if you drop integrity checks… which means replacing them with slower and less reliable application code.

MySQL's habit of applying table locks is a killer in many situations. Postgres has always had better concurrency.

But the biggest reason to avoid MySQL is that it fails big time and joins and encourages people to develop non-normalised schema. Relational DBs are all about joins and, done right, they're fast because they use indexes.

That said, Oracle seems to be doing a good job of cleaning up MySQL's warts.

4
3

Apple's OS X App Store downloads knackered by expired security cert

Charlie Clark
Silver badge

The article said it has happened with others but implied that since Apple has so much money they should be able to afford someone to manage this process.

And as a shareholder you obviously think there's something wrong implying this? Damn right Apple should be doing a better job for its paying customers and developers!

1
8

Forums