Posts by the spectacularly refined chap

Re: I'll never get the marketing people's valuations...

I have absolutely no idea what real world metrics marketing people use to value the personal data for an individual. I'm a good example of an edge case in their world; I'm 100% unaffected (in a positive way) by any advertising. I have never bought a product or service based solely on an ad. Yet, there are apparently billions of drooling idiots out there who will buy whatever the advertisers tell them to.

No, that doesn't mean the advertising is wasted, it probably makes you the advertiser's wet dream: you haven't understood the intention of the advertiser so you can't apply skepticism in the appropriate direction.

Advertisers do not expect to be able to plug any old crap and random members of the public simply to buy it unquestioningly. They do know that if you are to buy their product then firstly you must know that it exists and is available: either that their offering is among the options you have when considering a given purchase, or that their product will provide some real benefit to you, even if prior to that you hadn't been considering a purchase.

Suggesting that people will buy a product simply because they have seen it advertised is utter naivete and the advertisers know that - ultimately the need has to be there. Indeed, this is why the personal data is valuable to them, so potential customers can be targeted rather than a much wider group, most of whom simply who never would buy that product. If you have ever gone to manufacturer's websites to get data on products before making a considered purchase you have responded to advertising. If ten or twenty years ago you ever picked up a copy of e.g. Computer Shopper and waded through hundreds of pages of ads to find the best deal on X you have responded to advertising. That is the response the advertisers are banking on and the one you fail to recognize even exists.

Re: this is not your father's Microsoft.

Still have the images on my hard drive here. XENIX 86 2.1.3 was 16 360K disks. XENIX 386 2.3.4q was 9 1.44M disks.

Won't this defeat the purpose and allow data leaks?

But presumably there is an audit trail for stuff passing through the mail server. It's a balancing act as for internet access for anywhere else: presumably staff have legitimate need to communicate with the outside and even at times forward official records or documents. However the fact everything is retained on the server in identifiable form acts as a deterrent to the malicious leaker.

Re: walshk@byteform.com

"Hacker culture" has its heart in the right place, but it devalues theory and over emphasizes the act of writing code, and there is a limit to being self taught... learning through experiment is excellent, but only if someone can guide you towards the experiments that produce insights that will make you a better developer. I've worked with people who wore their lack of formal education in software as a kind of badge of honor, but their work always reminded me of that of a portrait artist who'd never studied anatomy: Well executed, but not quite the right thing.

I agree with this. The way I usually express it is that you don't really go to Uni to learn a program language - frankly, learning how to express yourself in any given language is not degree level stuff. Rather you go to learn what to express, not how to say it.

Secondly there is the perennial problem for any self learning - it tends to be of a piecemeal a la carte menu nature - one area is studied, then something else and so on. There is no guiding master plan ensuring a balanced rounded view. Examples that come to mind here would be tools like Lex & Yacc - Yacc in particular can save masses of time once you are familiar with it but the self taught tend to disparage it as much from ignorance as anything else.

Instead you'll hear the profound wisdom that a hand-written parser is always much better despite generally being slower, buggier and taking far more effort to build and maintain. Why? The learning curve for a tool like Yacc is pretty close to vertical - you'll need perhaps ten or twenty hours study before you can accomplish anything useful. For the self taught that's frequently difficult to motivate yourself to do for a fairly old, unglamorous tool that isn't getting all the hype of newer toys. The CS undergrad for whom it is simply on the course has no such issue.

Re: Internal Power Supply?

So let's get this straight? You ask a question, admit you don't know, make a blind guess and them complain about how crap your guess would be.

As for the price, if you don't like it, don't buy it. Yes, you are paying a premium for the complete package. This surprises you? If other people look at it and decide it it is worth buying that doesn't make them wrong, just less blinkered. They may decide that this is ideal for them based on various criteria, or may figure that a standard Pi setup is in reality much more expensive than it first appears once you get to a complete set up - "I had so and so lying around" doesn't cut if it you want to deploy them by the thousand.

Re: could be nicer in UK themselves

They're not the same company. Both T-Mob USA and EE are independent companies and are under separate ownership. The only thing they have in common is that both have licensed the T-Mobile brand.

It may simply be a duty cycle thing: it does equate to writing over a gigabyte a minute continuously. I'd regard that as pushing a drive quite hard for five years solid.

Re: Use the Disc?

right, and theres no solution to that eh?

1) use an external dvd drive

Connected to the same USB port that it doesn't support? Been there, done that with some Bay Trial systems here, although thankfully the most recent BIOS patch for the MB in question has alleviated that.

Re: VBA date handling has taken at least five years off my lifespan

Correct. The year used to start on 25th March but was moved to 1st January at the same time. Allowing for the 11 days correction for missed leap years we get 5th April.

But the tax year starts on the 6th April - post transition to the Gregorian calendar it was then advanced another day to make up for the "missing" leap year in 1800. No such amendment was made in 1900 though, and the situation didn't arise in 2000 so it's probably considered fixed to the "new" calendar now.

Must dash, George is about to say how he's going to sting us this coming 6th April...

Re: timing seems interesting....

How many of these fpga's can run on Windows boxes?

If the answers next to or none then I wonder if that's part of the move to Linux that Ms is looking for with MsSQL on Linux.

Yup. None. I can tell you that without even looking at it. Coincidentally that's the same number Linux supports. Something like is going to be outside the reach of general application code since it is essentially system-wide - you just wouldn't reprogram an FPGA at each context switch - so it's going to have to have explicit OS support as gatekeeper. I don't see adding that as some huge showstopper (essentially it's just another device to be managed) so speculating that it will be some great issue for Windows while Linux magically supports it from the get-go would be wide of the mark. Yes, I'm aware of existing systems with FPGA integration, but this is on chip and the details of interfacing are inevitably going to differ, so any support you have doesn't carry over unmodified.

On the other hand I'd like to see how it works in a virtualised environment. My guess is simply that it doesn't and it won't be supported regardless of either host or guest OS.

Of course if the James Webb telescope turned out to be able to see much further, say in excess of 14 billion, things could get really interesting...

We've already been there, done that. The furthest reaches of the observable Universe are getting on for 50 billion lightyears away if memory serves. The Universe didn't spring into existence at its current size, after all, so we can actually see things much further away than a simplistic calculation suggests.

The Huaweis I've seen in the past have good permission settings compared to most makes - any app can be restricted to wifi only or blocked from the internet completely. You also have settings to block e.g. the camera or GPS according to how suspicious you are.

No, shipmate, they got widely panned for claiming to be a competitor to the Pi while being THREE TIMES THE PRICE. In other words, Intel completely missed the point.

That was an association made here, not by Intel. Which is actually my point - everything remotely similar gets viewed through the prism of the Pi regardless of whether they target the same audience or whether a Pi is even capable of the task in question.

Really, a different class of product comes in at a different price point. This surprises you?

Which are not silent, especially when filled out with a few hard drives which is their main purpose of those machines. I have a couple here and love them for what they do, but while they're reasonably unobtrusive, fanless they ain't.

Re: Clickbait.

Quite apart from the fact that they are far to close to advertorials much of the time, the huge conflict of interest from the company whom is carrying out the "research" automatically makes me very wary about the quality. It will call into question the very methodology used and whether there is intentional or unintentional bias just for starters.

Personally I know enough about the methodology to know not to trust it - almost invariably these reports based on automated scans and tickbox marking get a "fuck that" response. There is no reference to what is being secured which is pretty important when determining if a given level of security is sufficient. Demanding that everything has military-grade encryption regardless of need is idiotic, it wastes a lot of time and distracts from protecting the important stuff. No-one has yet broken SHA-1 for example so presenting its use as a clear and present weakness is hyperbole.

Then you have opinion presented as fact with no knowledge of the context. Here the flaw is "untrusted" certs which is used to mean self-signed types. If your own organisation uses it own keys and distributes them to it own systems that is perfectly sensible and perfectly secure. A scan can't detect that so the conclusion is misleading.

End result - a paper from people who don't know what they are talking about and applying it to systems that they also know nothing about. This paper is only fit for cleaning the author's arse after the emission of so much excess verbiage.

Re: @Gordon 10 -- No surprises there then

Fuck me - are you serious? Is that really how you address a war veteran from your own country?

Yeah.. never let what someone has actually said get in the way of knee-jerk reaction. If you had considered what he said you would have noticed he never claimed to be American, indeed he specifically stated he was an outsider commenting on US attitudes.

Next point, did the US lose Vietnam? Yes. Was is morally justifiable? Not really, it was essentially US interventionism with no moral case to back it up. Should he really distort reality to pay lip service to a foreign veteran? Even within the US I would hope people are able to distinguish abstract support for the soldiers of one's country with evaluating the legitimacy of their campaign: the instant the US goes to war they are not automatically right - time and again their motives have been questionable at best.

Re: Christ

Right-click - New - Shortcut - IEXPLORE.EXE - Next - Finish

"You're welcome. Have a nice day."

You really do work in technical support, don't you? Because clearly it wouldn't have fixed the problem: we already know the executable is missing. But you don't give a shit about that, fob the customer off with any old shit to get them off the line as fast as possible.

It isn't garbage: the bricking scheme has well-defined semantics (a no-op) on the device that the chip claims to be. You can argue about the legitimacy, motivation and intent till the cows come home, but it is carefully crafted rather than random nonsense.

Re: Shorter true and true that returns false

The OS sees the file is not empty, so clearly it has to do something, but has no idea what it is. As the OS cannot execute AT&T's true, it returns failure!

It knew exactly what to do - early Unix would always pass an executable in an unrecognised format to the shell for interpretation so it was a well-defined semantic. Problems only arose when csh was introduced and that was covered by a magic value: if the first byte matched (may have been % but don't hold me to that - it's along time ago) it went to csh, otherwise sh. #! is a surprisingly late addition to Unix. ISTR It first appeared perhaps 1988 or 89 but it wasn't universal until the mid nineties.

Re: "That's not recommended for performance-intensive drivers"

Its RS-232, I'd hardly call 192 kbps 'high-performance'.

Bandwidth != performance. The other half of the measure is latency and RS-232 wins hands down.

Re: Hard and fast

Oh, did you want your single-purpose unikernel app to write to your production database?

Where is your hypervisor now?

Precisely where it should be: staying out of the way.

If you build access control into your clients come back when you have something meaningful to all.

The more software you have involved the greater the vulnerable surface. How many 0 days are in your operating system? How many affect you if there is no OS?

Re: Secret

Given that everything is recorded in Hansard, I don't think secrecy is an issue

Not everything, any MP can put forward a motion to hold the session in camera at any time and if passed then proceedings are indeed secret. It isn't even a rarely used power, although it tends to be for obstruction the main business of the day than because of any sensitivity about what is being debated.

Re: they've lost already

Intel have missed the boat apart from small places where their ability to integrate stuff at the silicon level might come in handy.

I don't really see that. If anything Intel are constrained by their sheer size, they can't chase down every little niche. If you look at their SoCs they are generally focussed on minimising the BoM on a PC-style system: If you need a few GB of DDR3, SATA, PCIe etc they're good to go. Something that looks less like a PC they don't have much to offer.

ARM and to a lesser extent MIPS win on their diversified supply chain with each vendor tailoring their offering with a much tighter focus. You get a rough idea what you want, say a 32 bitter with this much RAM, this much GPIO and these interfaces. You then go out shopping. Can't do that for Intel.

As Flocke Kroes suggests the price point for Intel is all wrong for the smallest systems: ARM may have a e.g. a $3 offering that pus everything on chip. The Intel offering costs $15 and needs external memory and storage on a high-speed circuit board on top.

Re: Maybe have a word with HP?

But the Curry's site does state it has the Ti variant. It isn't beyond the realms of possibility there's a custom spin made for a large retailer.

However, like many others here I really don't see the issue. An HP specced PSU is going to have a relatively honest power rating, 500W will mean 500W or thereabouts as opposed to 600W meaning 450W or so for many far eastern no-name supplies.

But even that isn't the issue: to give some idea, just before Christmas I was looking at the OEM integrator's guide for a hard drive. It was over 100 pages long - that's a level of detail the typical end user doesn't have access to and probably wouldn't know what to do with even if they did. It also means you can go through the requirements and tick them off one by one. Against the real requirements, not a headline summary for end users to get their heads around in a world of inflated specs.

If there's a requirement in the equivalent guide for the GPU that isn't being met then that is grounds for criticism. Taking a gross simplification of those specs aimed at end users and applying them to one of the biggest computer manufacturers in the world is simply complaining about something you know nothing about.

Re: Supermicro rocks...

They don't shaft you like HP does with an ILOM that shuts off the GUI once the OS boots unless you pay a bunch of money. I hate them. HP makes good gear, but they try to nickle and dime you to death for stuff that's just a bit flip away.

No one runs their server from the ILOM unless they have to, but when you do it's critical. And when it costs another $300/host to add that feature, it's just crazy.

Yes, I bought an HP MicroServer a few months back, great little system but they seem to go out of their way to gouge you. The ILO was a key selling point but to unlock it to the point it was genuinely useful they wanted as much as the server cost in license fees. Found a key generator on the torrent sites, ran in in a sandboxed VM, job's a good'un. Similarly the optical drive - it's a standard extra-slimline drive but with non-standard cable and a proprietary bracket. HP wanted £100, but a drive from Amazon, solder up a cable and half an hour's metal bashing to form a bracket and the job was done for £20 - you can work around them but why should you have to?

Even then it's still an appliance because of it's integration. If Supermicro did something similar it'd be based around an ITX mobo so if in three years you need more umph you swap it out for something newer. Can't do that on the HP.

OTOH that server cost me £120 plus drives after cash back. From memory that's around the starting price for Supermicro's IPMI equipped mobos, not servers. As the old adage goes, you pay your money and you make your choice.

Re: Money back?

Zero? It wasn't clear from the article: I assume you mean that EE had given them away, not sold them?

It was a service, and a free one at that. Customers never owned their equipment, it was merely on loan while that service was in use. If e.g. British Gas cut you off for safety reasons would you expect them to "refund" you £x billion to build your own network in its place?

Alternatively, for $48,000 a year you could buy a lot of PCs.

You could also buy even more postage stamps, or yet more penny chews. Your point is what exactly?

Yes, Red Hat support is bloody expensive. It's also top notch stuff. If you don't want to pay for that go elsewhere, if you do why shouldn't you be able to buy it? $48,000 is real money but it amounts to around the cost of a single dev. For that you get a "This doesn't work, fix it" service. From well trained sysadmins rather than devs moonlighting. If a patch is needed, well you'll get that too. It's going to be difficult to justify for a one man operation but if you have a dozen devs working on your project I can see the attraction of keeping them in the job they were actually hired for.

Re: All you treehuggers need to look at the numbers.

This study ... found that 7% of all muslims already in the US say that suicide bombings are sometimes justified and 1% say they are often justified.

Which means absolutely nothing, 1% is the sort of figure you'll get for any position in any survey. As for the 7%, is "sometimes" really an outrageous position?

Consider the Black Buck missions in the Falklands War: these are often portrayed as a heroic story of British derring-do, certainly not dishonourable in any way. One of the bombers only got a fraction of the fuel it needed in the final air-to-air refuelling before the strike. Radio silence was in play so clarifying the situation was out. The crew's decision? Proceed with the strike and ditch in the South Atlantic. From that point on it was a suicide bombing mission.

You can argue about whether the strikes were justified, that is the realm of politics. However, it's difficult to argue the strikes were not justifiable. You only need to show it once for "sometimes" to be valid.

For completion, yes the crew got home safely. The tanker crew were aware of the situation and another tanker sent further forward than originally planned to pick them up before they had to ditch. The bomber crew didn't know that when carrying out the strike.

You can only drive with no MOT if your car is pre-booked into the garage for an MOT.

The only way you would be allowed to drive for repairs is if the car is also booked into the same garage for an MOT at the same time.

If it has failed an MOT you are still permitted a single trip to a point where it can be repaired. If memory serves that is actually more lenient than it is for testing case: that requires you to take it to the nearest test point for the class of vehicle. You can take it to any point of repair after the failure.

Re: It's not about the product

The correct way to access data is through stored procedures and views so that the user has no direct access to anything in the database other than the procedures/views they need to perform the task.

No, that is one correct way and like all silver bullets it isn't always appropriate. Pretending otherwise ignores a wide range of legitimate end user requirements.

Two particular cases come to mind right away. The first is the "any and all" requirement for management reporting. Usually that boils down to "I can't be bothered to think about what I actually need in advance" but if it is there in an agreed spec there's not much that can be done about it.

The second is tracing a particular record. If you can guarantee that any access is always from a limited set of possibilities, for example account number, invoice number, phone number or a limited set of alternatives such as surname and date of birth then no problem. If on the other hand you need to be able to use anything you have available to find what you need the possibilities quickly exceed anything remotely manageable.

So yes, stored procedures are a powerful defence and have their place, but for many tasks there is no real substitute for dynamically composed SQL.

Re: Surprised about not giving away all the 0 day vulnerabilities

GCHQ is not a funded by my taxes to be the backstop security auditor of all the products and services I use. I refuse to subsidise that, they are there for my protection as well as their more targetted activities but that should not underpin corporate security laziness.

But that is the very essence of government in a capitalist society: to monitor and to regulate to ensure no one takes the piss. Should the government not ensure that the bank you use does not disappear overnight? That the food you buy is safe to eat? That the field next door is not used as a fly tip for nuclear waste?

These all control commercial activity. What makes encryption and security different other than an instinctive paranoia that fails to appreciate the very role of any government, namely the protection of the people?

Re: Source code

The term basically means that you as a (powerful, e.g. state) customer cannot demand to see the source code for an executable as a precondition of importing/purchasing the product. This is aimed at protecting valuable know-how etc in code.

No, the obligation is to each Party, i.e. each country that signs up. Nothing prevents a customer demanding source as a condition of sale, even if the potential customer is the state itself - sale is covered but not purchase. The net effect is that signatory countries can't simply say "OK if you want to sell that in our market you need to give us the source.

Re: "Before Current Era arithmetic is useless"

Do please show me someone who knows his total-to-pay (beyond a rather vague range) before being told at the supermarket checkout, so I can show you a bloody liar...

Hardly difficult, I've done it myself in ASDA. I bought around a dozen items and noticed at the self check out that the total was a penny higher than it should've been. Looked at the receipt and went to customer services: yes it's petty but the shelf edge price on that bottle of Coke is wrong.

They looked at it and yes I was right. I shouldn't have bothered, I only wanted the shelf correcting but they wanted way too much personal information to process a penny refund they insisted that I took.

Re: Any chance of a SPARC lappie running Linux?

I was issued with a Tadpole lappie with a SPARC chip at work around a decade ago. Nice enough machines but they were lacking in grunt for most laptop stuff compared to commodity hardware at a fraction of the price.

In other words they were like SPARC generally, if you need it you need it, otherwise don't bother. I've lost track of what became of Tadpole with corporate shenanigans over the years but last time I checked the line was still available and being updated.

Re: POSIX

Using SUA (an optional component) you can have a POSIX environment on Window, but IMHO, any first class application in Windows has to work as a "native" one, not pretending to be still in its *nix environment, and should not require any optional compatibility layer.

OK then, using this definition name a single native Windows application: I certainly can't. The lowest system call layer of Windows is not publicly documented - the lowest level access you can get is the interface exposed by NTDLL.DLL. Above that for what is usually regarded a "native" Windows application you have the Win32/Win64 API as implemented by WIN32.DLL. Most of the "native" facilities you are keen to emphasise are facilities in those compatibility layers that implement the public APIs rather than features of the underlying OS kernel itself.

Re: Biased and a little bit clueless

The physics of gates is irrelevant if you don't change the clock speed to utilise faster gates.

And someone modded you up on a tech site. Jesus H.

Not by definition nor even universally in practice. Plenty of architectures have used 'early out' instructions that essentially stall the processor until the result is known: for example multiply on the 386 - how long it took was a complex formula depending on the exact values being multiplied.

A faster logic could potentially shave a few cycles of such variable-duration instructions.