* Posts by Michael Wojcik

5342 posts • joined 21 Dec 2007

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers

Michael Wojcik
Silver badge

"doozy" is actually a vestige of the Dusenberg car brand

Alas, appealing though that is, <a href="https://en.wiktionary.org/wiki/doozy>it's a folk etymology</a>.

Dusenbergs <i>are</i> doozies, though, as anyone who's been to the ACD Museum knows. So they may have helped popularize the term.

(Dusenberg or Hispano-Suiza? Discuss.)

0
0

Party like it's 1999: Packets of death, code exec menace Cisco gear

Michael Wojcik
Silver badge

Found internally

These latest issues, like many of the others from Cisco over the past several months, were "found during internal security testing". That's a Good Thing. Seems like someone at Cisco is really pushing pen-testing and other SDLC behaviors among the development teams.

While it's easy to criticize Cisco for their recent spate of CVEs, they should get credit for being proactive and improving their software. Other organizations would do well to emulate this behavior.

4
0

Are you ready for some sueball?! NFL opens wallet, makes vid stream patent spat go away

Michael Wojcik
Silver badge

played by blokes who think wearing armour is for cissies

(Google nGram viewer suggests the spelling "sissy" is more common than "cissy", and indeed has been far more common since it began a rapid ascent circa 1900. But maybe "cissy" is still common in the UK?)

Anyway: research suggests that the addition of ever more protective equipment in US football has actually increased the rate and severity of long-lasting injury. I think it was covered in Why Things Bite Back, Tenner's popular treatment of revenge effects.

1
0

Ransomware is so 2017, it's all cryptomining now among the script kiddies

Michael Wojcik
Silver badge

Android phones come infected with malware

I know all of mine have. They've all come with the "Facebook App", for example.

1
0

Dudes. Blockchain. In a phone. It's gonna smash the 'commoditization of humanity' or something

Michael Wojcik
Silver badge

"Blockchain" is just a (misleading) name for a Merkle tree with some additional unicorn feathers tacked on. The point of Merkle trees is that interested parties can verify membership in the tree, as long as they've already verified the appropriate subset of the parent tree.

As long as there's an interested party with the necessary state, the Merkle tree remains verifiable. The number of Merkle trees in existence doesn't change that fact.

On the other hand, the Bitcoin model of recruiting verifiers for its blockchain only scales so far. That's why we see a lot of copycat cryptocurrencies vanish into obscurity, and why Bitcoin transactions can take a long time to complete.

In short, the economics for blockchain work just like the economics for anything else. If there's a reward for verification, then someone will perform that labor. The reward may be something like "enables us to perform a business function at a lower cost than currently-feasible alternatives" - it doesn't have to be "a chance of obtaining some digital good I can sell"

2
0
Michael Wojcik
Silver badge

I get the wife's hand-me-down iPhones.

I hate the iPhone, personally, but after a few rounds of buying unused overstock previous-generation grey-market phones, in the hope they might last a few years each, I've switched to buying used Android phones. New or used, they're all crap, as far as I can tell, so why pay any significant amount of money?

Currently I have a Galaxy S6, which is shit (Samsung beats Lenovo and ASUS at making Android worse), but it was cheap and basically works.

I'd just go back to feature phones but my family insist on texting rather than calling, and I hate T9, so I need something with some sort of qwerty keyboard. I'd like a physical one but cheap phones with physical qwerty keyboards have become hard to find.

0
0

A curious tale of the priest, the broker, the hacked newswires, and $100m of insider trades

Michael Wojcik
Silver badge

Re: Newswire Drain Tanks: HODL b4 We Profit

Thanks, but we already have amanfrommars1.

0
0

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today

Michael Wojcik
Silver badge

Most of these seem to depend on getting root as a local user.

None of them do. But thanks for playing.

3
0

Malware-slinging scum copied D-Link's code-signing certificates to dress up PC nasties

Michael Wojcik
Silver badge

Re: someone managed to factor the primes

Yeah, this one's a shibboleth too.

(At least the certificates are in fact RSA, so there's a product of large primes to be factored. The original comment would have made even less sense if they were ECC certs. Oh, well.)

In any case, no one's going through the trouble of factoring a decent-sized RSA key for this, when you can buy leaked keys, or a private-key and certificate pair issued erroneously by a CA, for a reasonable price. And you can - see the link in my post above.

Many organizations have very poor code-signing-key hygiene. They have the keys sitting on build machines. They commit them to code repositories (sometimes on public servers like GitHub). They email them around the organization. Attackers who get into the corporate network have a decent chance of finding them, and they're easy to exfiltrate and sell.

0
0
Michael Wojcik
Silver badge

Re: "copies of code-signing certificates"

That's why we have revocations, and need to check for them before trusting a source!

Revocation is a fucking disaster. At best it offers a very partial mitigation for some use cases.

The simple fact is that the public X.509 PKI is broken.

0
0
Michael Wojcik
Silver badge

Re: "copies of code-signing certificates"

Everyone who has the software has a copy of the certificate. It's the private keys that were leaked, not the certs. (This is of course a common mistake, but it'd be nice if knowledgeable folk like Richard and Drew avoided it.)

Given we don't hear of this too often, I guess once in a while is somewhat unavoidable.

It happens pretty frequently; it's just under-reported. There's a brisk market for code-signing keys (for illegitimate use).

This is one reason why the CSRG recommended vendors require EV certificates for signing. In particular, the key-hygiene requirements of EV certificates, where they were actually observed by the CAs and key owners, would reduce key leakage. But there was tremendous industry pushback because EV certificates have all sorts of problems - not least those hygiene requirements, which become quite expensive for all but very small organizations.

0
0

The strange tale of an energy biz that suddenly became a blockchain upstart – and $1.4m now forfeited in sold shares

Michael Wojcik
Silver badge

Not if he doesn't give them real burgers for their money.

Does anyone in the UK sell reall burgers?

0
0

White House calls its own China tech cash-inject ban 'fake news'

Michael Wojcik
Silver badge

Yes but there are exceptions. Sometimes they even claim "Fake News" for things that they did personally release in a press statement.

To be fair, this was Mnuchin decrying something Trump had said, so it wasn't "personally".

Also, in this case, not the White House but the Treasury1 waving the "fake news" flag.

Not that it makes much difference. In my estimation, Mnuchin has dropped from "pretty smart asshole" to "pretty stupid asshole" since he was appointed.2 This looks like him shooting off his Twitter-mouth before checking what his boss had said.

1The Secretary of the Treasury is a Cabinet member, but Cabinet pronouncements are not generally considered to be "from the White House". That phrase usually indicates blather from the POTUS or his spokesbeasts.

2His career was, frankly, pretty undistinguished. Yeah, he did fine as an investment banker, but there are tons of successful investment bankers. He had executive jobs at Goldman, but at an organization like that, the executives are not the cleverest employees. He ran one successful clever scam, as far as I know - the rather nasty IndyMac / OneWest foreclosure-with-FDIC-rebates business. He bankrolled some successful films, and also some flops. And so on. As SoT, he's been a complete waste of space, with no significant accomplishments and a string of petty scandals and missteps.

0
0
Michael Wojcik
Silver badge

Re: Enjoy this while it lasts

I never believed the story of "Russia" interfering with the US election - there were plenty of better reasons why Trump won

The existence of those other reasons has no bearing on whether some people in Russia (or anywhere else) interfered with the US election process - either directly in the election mechanics or in attempting to shape voter sentiment.

In fact it's wildly unlikely that independent activists outside the US didn't attempt to do so, and highly unlikely that government-sponsored groups didn't attempt to, because individuals and governments have been trying to interfere with other countries' political processes since time immemorial.

Whether such interference had a significant effect on the outcome is a separate question, and one that is probably impossible to answer with any accuracy. Certainly there are plenty of domestic factors that could explain Trump's win. But thinking that any significant election, in any of the major nations, goes by without foreign meddling is naive.

2
0

Net's druids thrash out specs for an independent IETF

Michael Wojcik
Silver badge

Re: RFC vs STD

But RFCs have a strength and a weakness in that pretty much anyone can submit one.

Anyone can submit an RFC, but the RFC Editor won't necessarily publish it. Pretty much anything can get published as an Internet-Draft (though even those have rules that must be met before the IESG will consider them), but the barrier for RFCs is somewhat higher, particularly in the modern (since RFCs 2119 and 2223) era.

These days it seems RFCs are published at a rate of around 5 - 30 a month. That might seem high, but considering the broad remit of the IETF and interest in RFCs, I think it's pretty tight. After all, there are hundreds of active I-Ds, and a couple dozen actually under IESG evaluation.

0
0

Big Blue's Summit super sits, aptly, at the peak of official Top500 beast list

Michael Wojcik
Silver badge

Re: shout out for storage?

In our supercomputing system, we have [a large number of unicorns, etc.]

I was underwhelmed by this post. Needs more exclamation points.

We are located in Vancouver, British Columbia, Canada

Oh, that Vancouver.

2
0

So you're doing an IoT project. Cute. Let's start with the basics: Security

Michael Wojcik
Silver badge

Re: The biggest problem

Thing is it's difficult to buy dumb now.

Yes. Last time I bought a TV, Target had only one non-"smart" model on sale, and only two of them in stock.

You'll have a much easier time buying smart and not connecting it.

I hear anecdotally that some models won't work unless they're allowed to connect on initial power-up and occasionally thereafter. While it might be possible to reduce how often it's allowed to phone home, or spoof its server (I'm betting many manufacturers fuck up certificate validation), that sort of thing quickly becomes onerous for experts and impossible for regular consumers.

Appliance manufacturers have razor-thin margins, particularly at the low end. Data collection from "smart" devices is going to be very hard for them to resist.

1
0
Michael Wojcik
Silver badge

Re: Am I the only person...

The OWASP Top 10 (updated for 2017, kids!) is great, particularly in the associated resources on their wiki. But it's web-focused, even if many of the issues have non-web analogues. Many IoT devices have web interfaces, but not all, and that's not the extent of their problems.

I'd suggest starting with the SANS Top 25 or the Howard / LeBlanc / Viega 24 Deadly Sins. Then hit 'em with some actual software security theory and SDLC practices.

0
0

Amazon, eBay and pals agree to Europe's other GDPR: Generally Dangerous Products Removed from websites

Michael Wojcik
Silver badge

I'm sure some American will sue Amazon claiming exactly that.

I don't know why you were downvoted. I haven't bothered checking LexisNexis or Westlaw or anything, but I would imagine more than a few lawsuits have been filed against Amazon on all sorts of spurious bases.

Ridiculous lawsuits are an American tradition, and there's no reason to think that will change.

0
0
Michael Wojcik
Silver badge

Re: Dangerous?

They have toll roads in the US...

And in the UK, but they are the exception.

At least by mileage. If Wikipedia is to be believed on this topic, the US has around 5000 miles of toll roads. Presumably most of those are on the numbered highway systems (defense highways and Interstates), of which there are around 161000 miles. So about 3%.

By number of vehicles or passenger-miles or the like, who knows? Toll roads do tend to be some of the more heavily-traveled routes. But mileage is one reasonable metric: you can do a lot of driving in the US without hitting a toll road.

And there are generally alternative routes around the tolls if you really want to avoid them. I often skip I-70 when I drive to Kansas, incidentally bypassing the tolls, simply because the back roads are more interesting. It adds perhaps half an hour to a 13-hour drive.

0
0

SUSE Linux Enterprise turns 15: Look, Ma! A common code base

Michael Wojcik
Silver badge

Re: Cultural cloning and diminishing returns

Haven't the cultures that have developed negative associations with certain numbers thought of changing the word or pronunciation to remove the association.

What's fascinating is that this got two upvotes. Apparently we have at least three forum participants who have no understanding of what a culture is, or how one works.

I do like the prediction of economic doom, though. That's the most hyperbolic snowball argument I've seen in some time.

1
1
Michael Wojcik
Silver badge

Re: How about Windows skipping 'Windows 9'?

Is 9 an unlucky number?

In the case of Windows, not nearly so unlucky as 10. At least for users.

(Just had my corporate Win10 Enterprise laptop do another unannounced forced reboot last night. Second time this week. Unforgivable.)

1
0
Michael Wojcik
Silver badge

Re: SuSE Linux

And SuSE is sponsored by M$, so better not trust them with your data.

SUSE is a division of Micro Focus. I don't know what sponsorship you're referring to (Microsoft isn't a current openSUSE sponsor, for example), but believe me, we give Microsoft a lot more money than we might get from them.

It's been "SUSE" for years now. The mixed case was abandoned long ago.

2
0
Michael Wojcik
Silver badge

Re: not uncommon

What is the opinion of the native Americans on the subject of floor labeling?

Depends whether you're talking multi-level tipi, wikiup, longhouse, .... With hundreds of indigenous American ethnic groups, you'll get lots of different customs, mores, superstitions, and so on. As I'm sure you know - but it shows how foolish the GP's rant was. Even with the homogenizing effects of mass media and widespread travel there are hundreds of distinct local customs and the like just in the US.

(And, frankly, anyone who eats in the US today should be really, really happy that we didn't stick with either native cuisine or what the initial European settlers brought with them.)

But then the AC you were responding to is clearly an ideologue uninterested in actual facts or reason, as all of this is prima facie obvious.

1
0
Michael Wojcik
Silver badge

Re: not uncommon

None of the Americans would take a room on the 13th floor.

How many Americans were there? The triskadecaphobic thing is somewhat common in the US, I suppose - though I don't think I've ever met anyone who admitted to it - but it's hardly universal. Most of the people I know treat it as a joke.

And then, in fine untenable fashion, we have the "baker's dozen", which has positive connotations. Even though it's the same number.

1
0
Michael Wojcik
Silver badge

Re: "moronic ancient superstition"

Ha ha ..... my upvote made the count 13 !!

You fool, you've doomed us all. I wager not one reader of this forum will survive the millennium.

(If I'm wrong, let me know in 3001 and I'll send you a Dogecoin, which I believe will be the common currency then.)

0
0

Amazon staffers protest giant's 'support of the surveillance state'

Michael Wojcik
Silver badge

Re: Not really knowing...

Having worked for Amazon (out of pure curiosity) I suspect they'll be shipped off to the arctic when nobody's looking.

But will shipping be free? Is Bezos a Prime member?

Simply disappearing the employees seems inefficient. Surely Whole Foods could find some shelf space for Amazon Soylent Food Product.

1
0

How a tax form kludge gifted the world 25 joyous years of PDF

Michael Wojcik
Silver badge

Re: A beast of many things...

a freaking filesystem, because that's really what PDF is

When you want to flatten complex documents into a single file, you're probably going to end up with a compound file format of some sort. Open Document Format is a compound file format - it's just a zip archive, in fact. OOXML and XPS are compound file formats. EPUB is a compound file format.

The alternative is a single non-compound format that encompasses all the types of data you might want. That's worse: it's more cumbersome to define, document, implement, etc. With a compound file format, it's trivial to build toolchains that operate on only some parts of the entire document - the explode / filter / implode pattern.

HTML and its siblings can get away with not being compound because they present a de facto remote filesystem to the user agent. They don't try to flatten everything into a single byte-stream blob.

2
0
Michael Wojcik
Silver badge

Re: Open format !!

If we want things that can be read for a long time to come, is there anything as robust as PDF?

Digital document preservation and archiving is a large and very active field. As with any such, the guesses non-specialists make about it are not likely to be particularly accurate or useful.

There's a decent short introduction to the subject by David Anderson in the December 2015 issue (58.12) of CACM. Anderson mentions the #nodigitaldarkage discussions on Twitter that were sparked by Vint Cerf's "Digital Dark Age" arguments, and such projects as POCOS and E-ARK. Interested readers may also want to investigate historical efforts such as Acid-Free Bits or the long debates about human-readable versus machine-readable formats, and so forth.

1
0
Michael Wojcik
Silver badge

Re: PDF can be cool... if you stay away from Adobe

PoC||GTFO is a wondrous thing (and let us not forget that two volumes are also available as lovely hardbound books). But using it as an example of the virtues of PDF is a bit like using the Bugatti Chiron to argue that cars are pretty fast. It's something of an edge case, surely.

0
0
Michael Wojcik
Silver badge

It nicely illustrates how narrow and limited many commenters experience is; you wouldn't use Word to write a musical score, however, PDF allows those without the relevant application to read your score.

1. Terrible thing X is useless for application A.

2. Sometimes-useful thing Y is useful for application A', which is related to but distinct from A.

3. Therefore people who do not believe Y is wonderful have limited experience.

I think your syllogism needs work. Or, preferably, nuking from orbit. Care to try again?

0
0
Michael Wojcik
Silver badge

Re: PDF has its uses I suppose

So you want to do away with a standard, so when I refer you to page 404 of the HTML status code manual, you get something totally different because in your rendering of the manual the relevant material is on page 418 or even 1415...

The vapidity of this example (there is no "HTML status code manual") aside, the problems with using page numbers for citation have been well known since long before there were computers. That's why, when we're using responsive-layout documents, we don't use page numbers to cite passages.

This straw man was scattered to the winds long ago.

0
0
Michael Wojcik
Silver badge

Re: "Placement and styling is important" ...

The good old printed book is much more than "just the text"!!!

Yes, but that excess is often irrelevant to readers. Anyone with even cursory knowledge of textual scholarship knows that audiences generally consider all editions of prose books to be essentially the same, even though they may be typeset completely differently.

There are certainly cases where typesetting matters to more than a small subset of the audience, but those cases are the minority. And most of the professional book designers and typesetters I've heard discuss the subject are well aware of that.

Precision layout is mostly important to the people who lay things out. For most other audiences its effects tend to be detectable but not hugely significant.

0
0
Michael Wojcik
Silver badge

Re: Format of choice for immediate offline reading, easy sharing or simple portability

you can be 99% certain that it will display properly and legibly on any and all computing devices

I don't know what magical unicorn devices you use, but the vast majority of PDFs I have aren't legible on my (Android) smartphone or my Kindle. A small rectangular subset of a given page may be legible at any given moment, but scrolling half a dozen times just to read a few lines is not a usable reading experience.

PDF is a non-responsive format, and as such is inherently limited on what device form factors a given document can be usably rendered.

(I won't even bother noting that the vast majority of "any and all computing devices" don't even have a display, and chalk that phrase up to lazy thinking.)

0
0
Michael Wojcik
Silver badge

Re: Format of choice for immediate offline reading, easy sharing or simple portability

Placement and styling is important.

Anybody who cares about communication should appreciate how design affects interpretation.

I have a Master's in digital rhetoric, so I'm well aware that design affects interpretation. I've read scores of scholarly articles on the subject, presented on it at academic conferences, done user research, etc.

It's naive to claim that the rhetorical effects and additional information channels afforded by precise control over layout are an absolute good, or that they outweigh the tremendous advantages of responsive layouts, particularly when addressing a large and diverse audience using a wide array of devices. Unreadable documents have proven very poor at communicating and persuading.

Frankly, based on your comment, I rather doubt you've studied this area in any depth.

0
0
Michael Wojcik
Silver badge

Re: Jobs Didn't Introduce Typography to Computers

I guess the author was referring to the NeXT's display system.

He specifically mentions the LaserWriter in the same paragraph.

0
0
Michael Wojcik
Silver badge

Re: Jobs Didn't Introduce Typography to Computers

Yes. The line about "Steve Jobs introduced typography into computing" is complete rubbish.

TeX was released in 1978, so a good 7 years before Steve Jobs and the LaserWriter. Even the first version of PostScript was only released in 1982.

troff was just one descendant of CTSS RUNOFF, from 1964. Arguably RUNOFF didn't do much in the way of "typography", but it did lay out text. troff appeared a couple of years before TeX (circa 1976) and did quite a lot of typesetting.

Perhaps the "Apple fanboi legend" and some paywall-protected Forbes page aren't ideal sources.

1
0

JURI's out, Euro copyright votes in: Whoa, did the EU just 'break the internet'?

Michael Wojcik
Silver badge

Re: Citation needed

Encryption to specific recipients and groups, and serving files off one's own machine are perhaps going to get more interesting.

It's easier than that. Use a public hosting firm that lets you configure TLS. Run your own CA (it can be a toy/demo CA like OpenSSL's) and issue client certificates to anyone you want to grant access. Leave index pages and their resources unrestricted, but require a client certificate for anything you don't want visible to hoi polloi, Google, the IP bottom-feeders, etc.

In other words, "encryption to specific recipients" is already provided for in existing web standards and infrastructure. Browsers and servers will handle it automatically; in fact, many TLS stacks will handle it automatically for all the applications that use them.

0
0
Michael Wojcik
Silver badge

I've never figured out why lobbying is legal.

In the US, because it's protected by the Constitution, specifically by the First Amendment. The freedom of speech clause obviously applies, and it's not difficult to argue that a law attempting to excessively restrict lobbying would fall foul of the petition-the-Government clause.

It's even possible that SCOTUS would find a prohibition on lobbying a violation of the assembly clause, as they did with California's blanket-primary law in California Democratic Party v. Jones.

More generally, how do you think lobbying should be restricted under a democratically-appointed republican form of government? What mechanism would prevent "lobbying" (already difficult to define in a sufficiently specific way) while still letting constituents interact with their representatives?

If you're concerned about the money, how do you eliminate all quid pro quibus? No representative, nor any party body, nor any recipient the representative might care about, can benefit in any way from any contribution made by anyone, ever? Such a proposal is patently absurd.

0
0
Michael Wojcik
Silver badge

Re: bad for small sites

The vast majority of the ones rejected are because they URL has already been reported. IOW they aren't malicious they are duplicates, the URL in question has already been removed.

Citation, please. To actual data.

1
0

Are your IoT gizmos, music boxes, smart home kit vulnerable to DNS rebinding attacks? Here's how to check

Michael Wojcik
Silver badge

Re: 192.168.1.xxx

The proof of concept exploit is hardcoded to 192.168.1.1/24. He should have mentioned that, and if he had, perhaps The Registers might have mentioned it

The article does now mention it. I'm assuming that's an edit, since a number of people complained.

Personally, I'm far more worried that nearly all the responses here are about the proof-of-concept rather than the actual problem. Those who do not understand DNS Rebinding are doomed to remain vulnerable to it.

Of course, that's what happens when you make typical consumers de facto network administrators. It's not reasonable to expect even most people in the IT industry to be aware of and understand all these vulnerabilities; most people simply don't have that luxury, even if they had the inclination. The onus has to be on the manufacturers of these IDIOT1 devices and the infrastructure2 they rely on.

1Internet of Dumb and Inappropriately Online Things.

2Including poorly-designed protocols like SSDP and crap devices like consumer-grade routers.

0
0

'90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years

Michael Wojcik
Silver badge

Re: 56k bullshit

the days of Procomm & Qmodem

Telebit Trailblazers were my drink of choice, before I had a 56K leased line. SLIP over those for interactive stuff, then drop the SLIP connection and use the modems' uucp g-mode spoofing for bulk transfer. Worked fine for editing code with vim and the like.

0
0
Michael Wojcik
Silver badge

Re: Well

I am not surprised Internet security has not improved.

There's probably no useful definition of "Internet security" that's acceptable to actual security experts, and claiming the security of any non-trivial system has or has not "improved" is a dubious proposition as well. But under any reasonable threat model, software security has improved significantly over the past few decades, in the senses of removing many prominent branches from the attack tree and increasing costs for attackers. It simply has a long way to go yet.

1
0
Michael Wojcik
Silver badge

Re: Liability

All code is written by offshore idiots to the lowest price

Even just the "offshore" part of this is patently untrue, probably for any continent. I haven't verified that there's anyone writing code in Antarctica at the moment, but unless that's where you live, you're prima facie wrong.

0
0
Michael Wojcik
Silver badge

Re: bzzt yourself

BIX and Delphi both had some commercial Internet access in ''92.

True, and we could certainly quibble about whether 1992 was pre-commercial-Internet. I think most people who remember the historical details would be more likely to call 1991 the watershed year for commercial Internet; that's when CIX was formed and ANS CO+RE opened for business.

But 1992 was when ANS and CIX agreed to interconnect, and when the SAT Act changed the NSFNET usage terms to allow general commercial traffic. (There had been limited "experimental" use of NSFNET for some commercial traffic as early as '88.)

So it's while it's inaccurate to say that there were no commercial Internet users in 1992, most commercial users got connections after that year.

1
0

What's all the C Plus Fuss? Bjarne Stroustrup warns of dangerous future plans for his C++

Michael Wojcik
Silver badge

Re: Disagree....Because it's been done

Have a look at RUST.

Rust (it's not an acronym) suffers from programmer resistance to the borrow model, a community widely noted for hostility to being questioned, and (as someone else noted below) a tendency to change without preserving backward compatibility.

It may yet outgrow those challenges, but history suggests that new programming languages have an uphill battle, and Rust hasn't done a great job so far of building momentum.

I have no dog in this fight myself - I haven't done anything significant with Rust, and I'm perfectly happy with the borrow model. (I designed a toy language with something conceptually similar years ago.) But I'd be quite surprised if Rust is one of the major languages in, say, ten years.

2
0
Michael Wojcik
Silver badge

Re: C and C-style C++

Stroustrup has always been a blowhard, for me his ship sank almost 20 years ago.

I disagree with Stroustrup on a number of points. I've argued with him in public, on Usenet. I'm certainly not an unalloyed fan of C++.1

But your comment is small-minded and foolish. Stroustrup has made many excellent contributions to computing, a good portion of which have nothing to do with C++, such as his essay (written while Chair of CS at Texas A&M) deploring the resistance to programming among academic computer scientists.

The article links to his papers on the history of C++ and programming languages in general, which are a good example of Stroustrup as an academic. I'd like you to point out where in them he's being a "blowhard".

1A decent, fairly clean language, hidden under a huge mound of ugly and unintuitive syntax, grievous legacy features, unfortunate complications, and obvious failings (some of which S. mentions in the article) which have yet to be remedied; most frequently seen in fevered visions after looking at far too much extant C++ code, which is nearly always execrable.

1
0
Michael Wojcik
Silver badge

Re: C and C-style C++

The "two languages" problem you describe is exactly what Julia is designed to overcome. Code in a modern language, with a REPL and Juyputer notebooks.

I like Julia, but I don't see Julia growing outside the HPC and data science domains. As with most programming languages, its advantages aren't compelling enough to retrain large groups of developers, much less convert existing codebases.

Jupyter (which is what I assume you're referring to) definitely has its applications - if I were doing quantitative research I'd definitely be considering using Jupyter notebooks, whether we were using Julia or Python or some other supported language. But I don't immediately see much use for it in typical system or business programming, even if that happens to be done in a language Jupyter supports.

1
0

Unbreakable smart lock devastated to discover screwdrivers exist

Michael Wojcik
Silver badge

Re: Yeah - but if I am a "common criminal" I'll definitely find another non-indiegogo to pawn

A pair (male and female) of these is as effective as two 24x7x365 guards armed with submachine guns.

Really? What if the attacker is, oh, let's say, in a car?

Mind you, I'm not advocating for attack dogs or attack humans. But I think your threat model is a little simplistic if it finds those two mitigations equivalent.

(There are, of course, attack classes in which the dogs are more effective. They're less susceptible to threats against family members, for example.)

2
0

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

Michael Wojcik
Silver badge

Re: Strange Charcters

Just some of our local kooks. What has the deal ever been with online kooks? They are a species unto themselves.

Personally, I'm glad to have them, as long as they don't become too disruptive. They give the dish some flavor.

Hell, I even enjoyed Eadon. ("Overwhelming, am I not?")

0
1

Forums

Biting the hand that feeds IT © 1998–2018