307 posts • joined 22 May 2007
In theory this should never have happened because malloc should have thrown a wobbly at copying that memory. In practice, it appears that OpenSSL is using unconventional memory allocation logic: http://article.gmane.org/gmane.os.openbsd.misc/211963
I don't roll out my own crypto code because I am no cryptographer and I trust crypto specialists to do it right. So why can't crypto specialists trust the OS to do memory allocation correctly and let the kernel devs deal with that rather than try to roll their own?
@boltar this is C code.
Not perfect but still a good start
PCI-DSS is not perfect and won't prevent breaches. However, what is in the standard is not rocket science and is good general security practice. From a business perspective, it should be seen as the bare minimum you need to do in order to protect your customers' card data as part of a wider security policy.
For small businesses (and even large ones), the simplest way to handle it is to use a third party payment service provider to handle card data so that card data never even touches your systems. Some will even handle tokenisation which allows you to do recurring charges. And some will even provide fraud monitoring systems where you can configure the rules yourself. Of course there are still situations where you want to build your own solution because you have special requirements but the value of building your own compared to the risks of getting it wrong is diminishing fast.
Re: Ideas to ask speakers
As ever, it's just after I click "Submit" that I spot all the spelling mistakes and grammatical errors... I need another coffee.
Ideas to ask speakers
It would be great if you could investigate a couple of interesting technologies and report back:
1. Basho have recently carved out riak-core out of Riak to provide a common platform to build distributed services and the DB has become an app on top of riak-core (also called Riak KV); they then released Riak CS which is a cloud storage system built on top of riak-core. It would interesting to know more about riak-core and what it can do. And of course Riak CS.
2. They are currently integrating SOLR into Riak to provide distributed search capabilities. That is definitely worth having a look at.
Thare, you go, that's at least 3 interesting articles you can come back with :-)
Could be useful to embed sensors and networking gear in buildings. Of course you then have the question of how you upgrade the tech during the lifetime of the building.
I've had a look at XACML about a year ago in the context of a single sign-on solution based on SAML. It does make sense in this context because most products that support SAML tend to support some version or other of XACML. Having said that, if you are considering such technologies, it means you're talking to the likes of IBM, Oracle, CA, etc so whatever you do won't come cheap, which is fine if you are working for a large multi-national that requires all its software to have a blue or red badge on it and cost an arm and a leg.
Now, if you work for an SME, you're probably better off looking at OpenID and OAuth.
"there's really no need to go around [...] rehashing discredited ideas into new TV"
How would they make new TV then? Surely you're not suggesting they get *new* ideas!?
"making a pivot table do a complete rendition of that Kevin Bacon sequence from Flashdance" See icon.
This this too: http://www.gameranx.com/updates/id/13275/article/sim-city-ea-refuses-refunds-threatens-customer-with-origin-bans/
Oh dear! And Ms Leach has just left: how are you going to cover that unfolding story?
At least, when installed on a Galaxy Nexus, it can make phone calls and send SMS (and receive them) so it's not completely useless.
Regarding the port-a-thon, like every Linux distro, Ubuntu has a problem that it never gets tested on enough different hardware so getting it ported to as much hardware as possible is a sensible way to find issues early and fix them.
I for one am very interested to see how quickly they will get to something usable as I need a new phone :-)
Installed it last night
I flashed a Galaxy Nexus and a Nexus 7 last night with the preview. Phone and SMS work out of the box using a 3 PAYG SIM. Wifi works too. In terms of apps, the web browser, photo gallery, notes, contacts apps all work fine. All this means that it is very usable as a basic phone or for casual web browsing at home.
The porting guide got released today: http://developer.ubuntu.com/2013/02/taking-ubuntu-touch-to-new-levels/ so I wouldn't be surprised if we started seeing the preview on other devices sooner or later.
Re: El Presidente
I'd rather they wasted £100M on RasPis that some kids may not use than several magnitudes more on failed government IT projects. If doing that gets even a small number of kids to be interested in computing and create their own tech start ups when they grow up, the return on investment will dwarf the waste. Kids are smart when given the right tools and support: http://youngrewiredstate.org/
Re: Good Luck To Them
The desktop environment already exists today, it's Unity. The phone and tablet versions are just modified versions of Unity with different emphasis on different elements of the interface and the addition of touch gestures to replace the keyboard shortcuts of the desktop versions. In addition, the SDK they are producing introduces the concept of "grid unit" which allows the developer to size interface elements in a way that is device independant so that you end up with larger icons and touch targets on a touch-based device while having small icons and target like you're used to, in the desktop interface.
True but being able to take advantage of your competitors' mistakes is part of good business management. To be a successful tech company you need both innovative products to build yourself a strong base and good management to be able to take advantage of opportunities (whether they be a result of your own strength or of weaknesses from competitiors).
In this sense Microsoft has had a business management team that was able to efficiently identify opportunities given to them and take advantage of them, even if they haven't been able to innovate themselves all that much (although they do occasionally, kinect being the best example).
As Microsoft are making mistakes in the smartphone market, it's down to others like BlackBerry, Mozilla or Ubuntu to take advantage of it: they need to take that chance as it may not come back any time soon!
Here's the link to the full response, love it! https://petitions.whitehouse.gov/response/isnt-petition-response-youre-looking
Did you actually RTFA? They explicitly say you can either write HTML5 apps or native apps (using QML). So you can definitely run real apps. In practice you are not even limited to HTML5 and QML, you could write apps in any language that compiles on Linux and that you can package in a .deb (quite a few of them).
Re: Totally missed the point!
"release-before-current of Ubuntu"
It's the current LTS which is always recommended on a production machine so it's not completely unreasonnable. Of course, developers do have a tendency to want non-LTS releases too.
Amazon ads are not baked into the desktop. You have a shopping lens that sends your search query to Amazon and returns search results based on what you typed in the dash. It takes 2 clicks in the privacy settings to disable it and it's been packaged as a separate package so that you can completely remove the shopping lens without affecting anything else (search for shopping lens in the software center). If you don't trust Canonical, you're welcome to go have a look at the code, it's on Launchpad: https://code.launchpad.net/ubuntu/+source/unity-lens-shopping
If you don't like the way Ubuntu is going with Unity, that's absolutely fine. But please stop spreading FUD.
Completely agree about Shutter: Brilliant application! And thanks for other useful suggestions that I didn't know about.
That's because they spend all their money sending junk mail to us punters who dare still be with a different provider. The amount of marketting I get through my letter box from VM is ridiculous: more than my bank and all utility suppliers combined.
Re: Engaging comic-book-guy mode....
Indeed. Being French and having grown up with the Franco/Belgian type of comics, I was extremely disappointed when I moved to the UK. It all feels the same: action heros and violence, irrespective of the actual story line. As a kid, the excellent, clean artwork and great though simple story lines of Gaston Lagaffe, Boule et Bill, Asterix, Tintin, Buck Danny, Lucky Luke et al meant we just couldn't put the comics down. Then growing up, you get into more convoluted but enthralling stories like Les Passagers du Vent, the XIII series and dozens of others.
The problem with UK/US comics is that none of them are meant for a very young audience, they are way too heavy a read. By the time kids are old enough to read great works like AD2000 or Sandman, they've already been lost to Nintendo and other game consoles.
Import continental comics in the UK and maybe you can have kids interested in stories again.
Re: Obligatory UPS anecdote...
One company I used to work for, under each deak we had 2 power supplies connected to the UPS, 2 connected to normal power, clearly colour coded. The day we had a power failure we realised that in the sales department the only thing connected to a UPS backed socket was the Christmas tree.
Re: am I a luddite ?
I use my laptop to do real work (development, system admin, office tasks, accounting and a few other things) and I find that Unity is a lot better than GNOME 2 to help me get it done. But then we all have different ways of working and it may just be that my way of working fits Unity whle your way of working fits another environment. That doesn't make either good or bad.
Re: Two problems...
Thanks for that link, absolutely brilliant!
Re: Dunno about this...
I know what you mean. Last time I had VRB, I didn't do anything as dangerous as proposing to someone but I still swore never to touch the stuff ever again.
Re: real compatability!
Saving as PDF gimmicky? I beg to differ: I use it all the time for documents for which I am the only author but that I want customers to be able to open. Invoices for instance are a typical use case: I create they invoice, they read it (and hopefully pay me), PDF is ideal for that sort of use cases and LibreOffice produces flawless output.
Re: "Office Open XML"
> If I'm trying to sort out incompatability problems between versions of Office, the most important tool in my toolbox is LibreOffice.
Same here. And LibreOffice also allows me to open MS Works files and save then in MS Word, which MS Word itself can't do. Apologies for the shameless plug: http://brunogirin.blogspot.co.uk/2011/04/libreoffice-to-rescue.html
Re: Have your tried some wine with that?
Problem is that IE is usually one of a large number of applications installed but happens to be the one that prevents moving off WinXP. Moving to Linux doesn't solve it as all other apps then become a (potential) problem. It looks like Browsium already cracked that nut by in effect doing for Windows 7/8 what WINE does for Linux in terms of running old versions of IE.
Re: £52.6m on marketing costs
Same here. I called them to complain and got nowhere. I receive more mail through my door from VM addressed to "The Occupier" than I receive mail from my bank and all my utilities combined.
Ah the fallacy of the easy re-compile! This is exactly the problem that Java has always had. Compiling and re-compiling an application for multiple platforms is the easy part (Java has no problem there, most Linux distros can compile on multiple architectures too).
The hard part in building an application that works on multiple form factors (desktop, tablet, phone, etc) is the UI and the interaction: you do not design an application for a desktop with a large screen and a mouse in the same way than you do for a tablet or mobile phone with a small touch screen.
So the risk is that you get a lot of devs building apps for W8 targetting the desktop; then they recompile for WP8 and realise that their app works but is a nightmare to use on a mobile phone or a tablet. At that point, they have to do the maths: is the WP8 platform big enough that it justifies spending time and money adapting the UI for those form factors? Or are they better off keeping the money and concentrating on other W8 desktop apps? The answer will differ depending on the application's target market.
If multi-form-factor support was as easy as a recompile, Java would have won the day a long time ago. the fact that it hasn't is a hint that recopiling is not the only (or even the most important) issue.
The novelty is not in using melted milk carton plastic to build or repair things, the novely is in doing this with a 3D printer (presumably controlled by a computer from a 3D model). So to use your analogy what they've done here is take a 3D model of your kayak and create a real kayak from scratch using milk cartons and a printer.
Brilliant article! My fav bit of it being: "Their offers of protection have less credibility than the reports of a Greek finance minister."
A step in the right direction
Even if webOS is technically dead, that's a step in the right direction and I hope they will eventually release enough so that you can run webOS applications on other platforms such as Android or Ubuntu. There are a lot of cool apps in the webOS app store and it'd be great to be able to give them a second lease of life.
Re: Finally, they get it
The screen on my 13" Lenovo X1 as well as on the 13" MacBook Air are very nice and definitely on a par with 15" laptops with the advantage compared to a netbook that they have full size keyboards so I don't think this is the whole story.
The slim and light 13" form factor definitely has a market between the 15" laptop and 11" netbook but is certainly not for everyone: the great portability combined with high end specs (and high price) is only justifiable to a small minority of users but those who need that combination and are happy to pay the price now have great products to choose from. So planning 30% penetration in the first year for a product that is targetting a fairly narrow market was very optimistic at best, especially when the first models are rather expensive and being sold during a less than perfect economic climate.
I, for one, am very happy to have a laptop that is light and small enough that I can take it everywhere I need to while being able to run Eclipse and a couple of VirtualBox VMs concurrently or do photo editing on it but I also realise that the market segment I represent is a small minority and certainly not 30% of the laptop market.
My advice to those companies would be: release products with the same form factor but more average specs so that you can extend your market to potential users who like the concept but can't justify spending a grand on a laptop.
Re: "Ever heard of pseudocode?"
"Has anyone actually ever used pseudocode, outside of 'intro to programming' type courses?"
Yes, all the time. It's often simpler to write a few lines of pseudo-code to explain to our offshore build team what we're expecting them to do than draw a complex diagram or wax lyrical for several pages. Plus pseudo-code is easy to include in a text only email and not having all the weird punctuation means it's easy for business analysts to understand and validate it.
As to whether it would be quicker to write the code directly, sometimes yes, sometimes no. In particular, when writing pseudo code I can gloss over details like import statements, class/function declaration, etc.
Python vs PHP in the enterprise
To understand why Python is making headways into the enterprise more than PHP is, you need to understand where and how python is used.
First things first, when it comes to internet facing mission critical systems, rightly or wrongly there are only two games in town as far as enterprises are concerned: Java/JEE and .NET. When it comes to mission critical back-end systems, it's the same story with the addition of mainframes. Python and PHP are not displacing those and will probably not do so for several more years.
Python and PHP are being used in other areas that are not mission critical for the enterprise and certainly nothing that is internet facing. And this is where python has an advantage over PHP: PHP is seen primarilly as a language to build web sites so if it's not going to displace the incumbents in that space, it doesn't have many more places to go. On the other hand, python is seen more as shell scripting on steroids than as a web language and it comes pre-installed on the hundreds of Unix / Linux boxes that live in a typical large enterprise network. As a result, I see python used extensively to automate sys admin / operational tasks, such as building deployment scripts for JEE applications, parsing logs, etc. Once it's being used within a company, it's a small step to use it more extensively.
TFA says "Linux Mint is pitching the devices at corporates, the education sector, and internet cafes."
For that target market, the announced price seems reasonable and the hardware seems to be fit for the job: you don't need 1080p video for corporates, education or internet cafes but you do need good network connectivity, which those boxes seem to have. I for one am happy to see computers aimed at business users with a version of Linux pre-installed and I wish them the best of luck.
Now I can see the bragging around the water cooler: I got a *ribbed* Mint box, what did *you* get?
Re: Took a leaf out of Ubuntu's book, methinks
I use Unity every day and I actually like it, a lot more than I ever liked Gnome 2.
At least Ubuntu have done two things that MS don't seem to do: 1) they've made the whole Unity implementation consistent rather than the schizophrenic W8 behaviour described here and 2) they're not preventing you from installing Gnome Shell or any other window manager: you can still chose to run something else, it's all in the repositories.
That's the principle behind the French "Frisee aux lardons": nice frizzy salad leaves (retains the dressing a lot better than classic lettuce) sprinkled with pieces of fried lardons (cubes of bacon). You eat mostly greens but it all tastes of nice fried bacon. And you can even use a fairly lean bacon, it will still taste great. Some recipes add a boiled egg too.
That's a typical French country dish that is great as a quick summer meal: it is easy to make, tastes great, uses cheap ingredients and takes 5 minutes to put together. It's just not good for a posh meal because of the risk of ending up with salad dressing all over you: frisee laden with dressing is about as dangerous as spaghetti with tomato sauce in that regard.
Re: I'll just stick with LibreOffice
Well except that AFAIK LibreOffice are considering multi-licensing their code GPL + Apache to enable more sharing between both projects.
@madra Re: I used to use open office
Do you mean a mobile version like the Android and HTML5 ports currently being built? http://lxnews.or/2011/10/17/libreoffice-mobile-and-web/
All of them
I've worked in places where you had all of those problems at the same time. Including too little process and too much process.
@AC 11:13 Re: MS blocked the use of Open Stanards...
"List something - anything - that happened within the last five years"
UK gov policy on open standards. The consultation is happening right now and MS are one of the proprietary companies lobbying to have it changed to terms that would exclude open source. The online consultation is here: http://consultation.cabinetoffice.gov.uk/openstandards/
If you have any interest in the matter, please go and reply to the consultation, whether you are an open source advocate or a proprietary evangelist. UK gov needs to hear all voices, not just the voices of a few large companies.
Re: matt assay - another fail
The price of licenses for the suite of Rational tools, LotusNotes, AIX, the multiple WebSphere products, etc suggests otherwise.
IBM makes money from service, hardware and software sales. Each of those is used as a channel for the other two: you got in the door selling services? Sell them hardware and software too! You go in the door selling a single license of WebSphere App Server? Sell them services to learn how to use it, some hardware to run it on and a few copies of Rational Software Architect to build stuff on it!
IBM is a complex beast and has a business model that is a lot more complex than "oh they just sell services". Software may not make up the biggest part of their revenue but it is still essential to the way they operate: a lot of smaller companies and individuals deal with IBM for the first time through software either directly or indirectly. And in that space open source is essential to them: the vast majority of Java / JEE developers get their first view of IBM by using Eclipse. Some will stay on the open source product, others will move to the Rational suite and become bona fide customers.
So the comparison with IBM is not that far fetched.
Linux: Q2 2012
As usual, you have to read the small print: the Linux options are nowhere to be seen when you go to the shopping site and the reason is to be found in the notes on the detailed tech specs: "Linux available 2nd calendar quarter 2012 (CQ2'12)"
Having said this, it looks like a very nice machine for its target audience. Granted, it's got the same downside as any other all-in-one in the sense that the screen is non-replaceable but for customers for whom desk space is at a premium and who would otherwise be tempted by an iMac, it looks like a good alternative. A good compromise between a desktop/tower design and other all-in-one designs methinks.
For those saying "it's not as upgradable as X" or "not as cheap as Y" or "not as slick looking as Z", you are probably right. Just remember that very few people have a single requirement in mind when buying a computer so a design that provides a good compromise between several conflicting requirements is usually a winner.
Finally, it's an HP. Good news for some, bad news for others. My (limited) experience with HP hardware is that their consumer stuff is crap while their business/professional offering is a bit dull but is solid and works very well.
Interesting toy anyway!
Re: It's an admirable project to be sure...
This is exactly why the first batch of boards are aimed at developers so that they can iron out the production issues and get developers to fiddle with them, build software, see what works and what doesn't, basically get them to a large audience. The education versions (which will come in a case and with a manual) are planned for the end of the year IIRC.
Also, as it's a Linux box, you have a massive choice of languages to tinker with, including LOGO and Scratch. Once they get the basics of programming in those languages, they can move to other more complex languages. Experience so far seems to show that kids are indeed interested: http://www.raspberrypi.org/archives/1022
Re: Plan B
Yes, it's called MeeGo and it works very well on my N9.
Re: £700 for a decent chair
The posture is part of it but if you have a really wonky chair, your body will automatically compensate for the wonkyness and adopt a weird (and possibly painful) posture. I had one yesterday that looked fine but was subtly out of kilter and my back started aching after 15 minutes. Swapping for another one (same model, less wonky) immediately relieved the pain. So a good chair is one that enables you to adopt a good posture and can also survive an office environment many years without breaking. Such chairs are not cheap but well worth the investment.
What this doesn't say is how many of those downloads of old versions are done knowingly because devs are working with legacy code that only supports Tomcat v184.108.40.206.5 RC1 and nothing else? Or because the company policy mandates a particular version of a product irrespective of whether it has security holes or not?