I don't understand the subtitle
So it's "closing the door after the horse has bolted"? Why is the horse meeting the door?
I think there's something of a horsemeet scandal here.
164 posts • joined 24 Jun 2009
So it's "closing the door after the horse has bolted"? Why is the horse meeting the door?
I think there's something of a horsemeet scandal here.
Go to the BBC website, Rory Cellan-Jones is already there wearing a pair. That gives you two independent identifiers for who you should punch.
Yes, exactly that. It would require a phishing or similar attack to first breach security. At which point they are unlikely to decide to prank the user with this, they will install ransomware.
To emulate the subtitle - "The nineties called, they want their benign hackers back."
Well, if you want a stream of thoughts on the subject, I found this link at least demonstrated some people were aware of the actual situation: https://news.ycombinator.com/item?id=14422706
Long story short, it's all a storm in a teacup. To actually do something with this you would need a user to download an HTML file and run it locally. If you can get someone to do that, you'll probably be doing something far nastier than locking up their PC.
Agreed, this doesn't add up. I'm guessing that people have "proven" this bug by opening an HTML page on their local file system, and having this link in an img tag.
Maybe there's an actual vuln here, but the idea that my website could go crawling around on your file system sounds like a far greater security issue than just this, and would surprise me if two major browsers both failed to protect against it.
No, I am friends with a trademarks and patent lawyer, and we have spoken about such cases on a few occasions. While initial perception might hold some sway, the criteria applied is much less subjective. From what I remember from our discussions, I would suggest that the following make the case for PayPal unviable (this is me, not the lawyer, talking. I'm just applying similar rules that he applied in other similar discussions):
1) The angle of the letter is different, this makes the comparison very hard to relate as the angle is one of the distinguishing things about the logo.
2) The length of the stalk before the bulk of the P begins is significantly shorter for the Pandora logo. Given this is a defining point about the letter, that makes it substantially different design.
3) The bevelling around the corners of the P is different, on the PayPal logo all edges are bevelled, including the underedge where the body meets the stalk. On the Pandora logo only the bottom right corner of the stalk is bevelled.
4) The colour is different. You cannot trademark "Blue", it doesn't match either shade of the Ps on the PayPal logo.
5) The body of the P is bigger. Obviously coupled to the length of the stalk, but also given significant weight in the distinctiveness of the logo.
6) There's only 1 ******* P! It's a pretty significant difference in the logo.
I think Paypal are trolling here, possibly hoping to scare them off before they attempt to fight in court, as I'd happily bet money that if they fight this in court PayPal will lose.
Wasn't that Tim W's Alma mater? In fact, if you hadn't said "History Graduate", I'd be advising you to check the name of the guide :).
(I know... he lives in Portugal)
Is that in any way a useful comparison? It was only in the 1950s they'd acknowledged a link between cancer and smoking. I'd say the health advice in the 1960s simply wasn't very good or informed, so the fact they advised a bottle a day is kind of irrelevant to the advice given now, and does not imply puritanism but just better science.
Doesn't mean I'm going to change my drinking habits because of it, but they're fine to try to tell me accurately what's healthy.
I think this article would have benefitted greatly if at the start you had defined what you considered an "algorithm" to be. Without this, especially given your apparent definition differs from what most programmers would use (I think, I can't be sure because you didn't give a definition), it isn't really possible to give any value to the subsequent points made about them.
By the end of the article I got the feeling you could have just replaced the word "algorithm" with "scary thing".
I'm sorry sir, but... God just wants you to have a rotten life.
Are plods phone details formally registered somewhere? Blocking your drivers from performing an illegal act sounds ok, selectively doing it doesn't. Tracking law enforcement officials all around the world based on their phone details sounds like their accessing a source of information that really shouldn't be available / isn't legally available.
It's possible that they're just recording details after they've been stung once, but that sounds a little bit too easy to circumvent.
Actually, that problem is already here. I worked on a commercial application with some legacy VB6 code, and owing to some dll hell with MSCOMCTL.OCX, we were unable to find a way to compile it using Windows 8 or 10 (we tried very hard). I've since left the company, but I believe they still have to do their release builds from a win 7 VM.
Once compiled it works on most machines, but really that timebomb started ticking years ago.
Not sure if anyone else has mentioned this, but unless you're thinking of a different episode to me. The one where he "failed", was not the entrance exam.
The power needs would indeed be significant for calculations, but my point (and I think theirs) was that the horizontal component of the travel would not add to these costs. If you're calculating a way down, you're making these decisions. Whether that's a direct drop, or a "glide" is irrelevant to the calculation costs. The glide itself is unpowered.
"Really? It can fly horizontally using NO power?"
They said using "little to no power", not "No power". That is entirely feasible given the height the drone would be descending, they are clearly stating that the horizontal component of the journey would not significantly contribute to the power consumption, all the energy from that would be contributed by the very thing you were suggesting they'd forgotten, the air resistance generated by the descent (i.e. they'd effectively glide horizontally).
Unfortunately you focused on one of the things that is pretty solid and achievable. What I find more curious is how, once the drone has descended 45K feet and delievered its package, does it get back up there? A quick google suggests that the most people have managed to fly a drone to is about 11K feet, and it then needs some way of docking. Alternatively they might be intending to then fly the drones off to some collection point to then be re-installed when the plane lands, but at that point you have to wonder if that's a cost effective solution.
Others have pointed out things along these lines, but I just wanted to chime in with how utterly stupid this article is. Is this actually trying to suggest that the thing that keeps microsoft's prices where they are is their sense of fairness and their desire to provide their services to us at as low a price as they can manage.
Other commenters here seem to be suggesting that prices are dictated by the costs of providing the service / product - that's a very bad model for a business to follow, I think HP tried it with their tablet range. Microsoft are a business, while they might have certain "community responsibilities", their primary job is to squeeze as much money out of us as they can. They will sell their product for as high a price as they can get away with, and they are right to do so.
The things that are stopping them from sending prices through the roof is whether we feel that we're willing to pay that amount for the service at all, and whether we feel it's the best deal for us compared to what else is on the market (i.e. the competition). It is completely non-sensical to demand a justification for price rises from companies, I'd be perfectly satisfied (in fact I'd find it refreshing) if they replied to this article and said "it's because we like money, you idiot".
This is a totally uneducated guess, as I know nothing about windscreens, but it could be that it was damaged in putting out the fire. My experience of hot glass and cold water is that it tends to shatter. While the windscreen may be some composite rather than sheet glass, a jet of cold stuff fired into it may have had a similarly destructive effect.
Genuinely curious about this. Why did we build this massive ship (contract stuff aside)? Somebody said it was patrolling safe seas, in which case, what's the need for it to be so big? Is it to enable longer journeys? So that it can perform better in choppy waters?
Could somebody break it down into dummy speak for me please? About the level of a simple strategic computer game like "Aircraft carriers to launch fighters but weaker in direct combat, Destroyer class ships to engage in naval combat with big guns, Corvettes speedy but weaker, this 1600 ton warship for...".
The definition of an Enterprise Architect does not align with what I've encountered for the role. I certainly wouldn't associate them with the phrase "highly technical masters of electronic wizardry". Wikipedia also suggests a less technical slant to such a role (accepted it's not the most reliable source, but it indicates some measure of opinion).
Those I've encountered with such a title are more concerned with processes and high level interaction between components rather than technical details like authentication systems and group policy. I fully accept I may well be wrong, but it would be interesting to know where this definition that is being worked to came from.
Well, it's called an assumption for a reason.
Yes, the collisions mean that you won't necessarily get the correct password, but with 200m you'd get quite a few, and I still hold their more valuable passwords than your standard low quality website hack..
If they're using MD5, then they're unlikely to have salted the hash. In that case the passwords can be cracked using rainbow tables, so deriving the password from the hash is easy (even with your random password suggested).
Why would you do it? My main reason would be that a lot of people have only 2 passwords. The weak one that they use to sign up to services using their email as the userid, and of course the strong one which they use for specific services like online banking etc. They would of course use this for their email password, as they don't want to give out their email password when signing up to new services using their email address.
By "Package" I assume you mean "shrink wrapped" software that you'd previously have burned onto a CD, and sold (also referred to as COTS).
If so, then yeah agile works for this, as does DevOps, but Scrum does not for anything complicated (see my post above). DevOps is nothing new, we've always had modular systems, used interfaces, practiced continuous deployment. It's not really viable to push that to your customers regularly unless you've got a very intrusive upgrade system like some gaming platforms have, but if you consider your PO to be the end point, then it's viable. You just build a lot of point versions of your product, and make sure that it's all automated right through to your signed and packaged installer.
From what I can see of Kanban, it could be viable as a process, and the backlog management that it brings can certainly aid in developing such software.
What do you see as the roadblocks of Agile when it comes to packaged software?
Having just worked on an Agile scrum project where this was most definitely going to be a regular problem, I'm afraid the answer is that you lie to the Scrum Master. You create a sufficient number of over-estimated tasks, and smuggle in some good engineering practices. Either that or you find a "particularly tricky" bug that takes up your time.
My recent experience of Scrum has demonstrated to me that it doesn't work for exactly this reason. The re-work wouldn't be so bad if it weren't caused by the fact that we're working to an arbitrary deadline of a 2 week sprint that we've set for ourselves purely in the name of "processes". Sometimes to do a job well takes 4 weeks solid work, sometimes that work cannot be divided up usefully between team members, and most terribly for a scrum master & product owner, sometimes that work doesn't directly add business value (The product owner cannot directly demonstrate the product actually works, so seems to think this isn't a requirement). The answer from the Scrum process is avoid doing that work. My answer is to avoid doing that Scrum process.
I tried to shift the team over to a Kanban process to see if it would do any better, but met with political resistance from the P.O and the Agile "expert" in the company who feared it would reduce their control on the processes (which it would, and should because their not software engineers).
If you're working on a system with any complexity or that requires a well planned architecture (most systems) then avoid Scrum.
Did anyone else flag that up from the movies?
You have to walk into a dimly lit area, in the hope that the light will then come on, only then when in proximity do you discover what's in the dimly lit area. Suddenly you're face to face with the masked killer!
I wonder which direction I need to walk for the next one to come on. Lets try over here and AARRRGGG, I WAS ON A BRRIIIDDDGGGEE.
So now, if SQL Server 2016 is boasting up to 34x performance boost, we should be seeing up to 1020x performance boost on SQL Server 2012. That should be fairly easy to spot, your struggling query that was just hitting that absurd default .NET timeout of 30 seconds is now near instantaneous.
Thing is I didn't ever observe that 30x performance boost for 2014, I assume whatever tech they had ready for it got pulled, and we're going to see it in 2016 instead. That's the nicest way I can spin those figures, a cynic might just say that we've heard all this before.
I have to ask, as you clearly know a fair bit about this stuff, but then have dropped in this suggestion that you would have a length limit on a password. Why?
I had a quick search on the subject, but cannot find any security benefit to applying a limit.
There is one thing of value that yahoo have, and unfortunately for me, I'm one of those affected. There was a time when the internet was coming in, and I was about 16, when it seemed a good idea to grab a yahoo email address. That account is now the username to so many services that it would be a major ball ache to try to untangle myself from it. I've got my own domain now, but I think I'd probably be ok to pay a small subscription amount to route email to that, rather than change everything to directly hit it (where it's even possible to change it).
I don't think I'm the only one affected, so there's money to be made there...
I'm not a tax expert, but I'm reasonably sure you don't pay tax on an option until you take it (in fact even then I'm not sure what you have to pay, surely the bulk of the tax, if not all, is when you sell those shares?). I also don't think you can sell options, just elect to buy the shares at that price.
However I'm no expert on the matter...
I wonder if you're looking too carefully at the vocal community. I run 8.1 on my machine and the get10 thing is a notification. It's still 8.1 there's no pressure or anything.
Are you sure you're actually getting good stats here, or just heresay?
Normally when someone spews customer data out to unintended sources we're told the ICO will investigate. Do they apply to Valve? I would have expected so, but cannot find them on the list of companies under the jurisdiction of the ICO.
Were The Register able to get a comment? I couldn't even see where to email to ask them.
If you believe MS I assume that is? It's end of life right now for everyone else. Chrome won't run it any more, Firefox will ditch it very soon, even the new Windows browser "Edge" won't run it.
People are rushing to ditch SilverLight right now, I very much doubt it will be around beyond next year. In 2021 when it officially ticks over, nobody will notice.
It's shame in some ways. Hate MS all you like, detest plug-ins as much as you want, but I doubt that many people would say they wouldn't like a cross browser supported XAML driven web site with a strongly typed language backing it. It speeds up dev time enormously. My hope is that someone brings in some kind of XAML to HTML framework (it gets suggested by various people, but I don't ever see anyone really committing to it).
MondoMan, it does indeed say that. As a result I decided to go ahead with keeping the storage, then I would go and disable the app.
Unfortunately it was lying. I have searched for about 5 minutes now. I can find no option to change this. You'd think it would be in the "Options" section, but I assume that somewhere via some other menu I have to find the "Account Settings" screen.
They have either lied, or made it very difficult to find.
EDIT: Found it, it's not in the one drive options, you need to click your profile picture, go to edit profile, then click your picture again and there's an option for "Account Settings".
I appear to be in the minority, but in my opinion, every Moffat story seems to have the same flaw. He's planned out some scenes, then he has connected the scenes. He hasn't remembered to actually make a story. We had the scene where The Doctor returned to Gallifrey and confronted Rassilon. Having done this they very swiftly skipped through a quick note that Rassilon might come back, some mentions of the prophecy, then onto the scene where he rescues Clara. Some quick shots of people panicking and running around, then we're onto the scene where they're walking around the matrix with all the old favourites jumping out. Then a Clara to Doc conversation to lead onto the scene in the tardis...
I could go on, but personally I watch these episodes and feel like I'm just being pulled around into little bits of script. The actual plot to the episode was very weak, just a lot of suggestions of a plot, which is what he's been doing right through his time scripting. I keep finding myself saying "Ok, where are you going with this then? Oh, you're not".
I'm not a lawyer, but even a quick google of the subject shows that you're not entirely correct here. Cases have been dismissed in the UK on the grounds that they were entrapment. It sounds as though the case you're highlighting where they actually persuaded the person to commit a crime, the judge should have thrown the case out.
From my brief read on the subject, it appears that police are allowed to create an opportunity for a crime (leave goods unprotected then arrest the thief, or run a shop on the dark web that can be contacted for gun purchase), however they cannot encourage you to commit that crime. So I assume that they could not leave some goods unprotected, then pay someone to go and steal it for them. However it's up to the judge to conclude that was done, you cannot submit it as a defence to the jury.
Once again - not a lawyer, just breaking down the results of a quick search on the subject.
Kate Stewart wasn't caught out by the "not-a-cop-anymore" Zygon, as I expect we'll be amazed to discover next episode.
Hell, if Queen Elizabeth the 1st can kill one then I'm pretty sure a unit operative can.
He wasn't telling jokes, he was acting out a person telling jokes. If he was just being genuinely funny then the acting wouldn't have worked. It's a bit like when someone in a film / tv show is then "in a play", they have to convey the story point that they are acting. Similarly so, he was acting out a person that wasn't a comedian, that was making cheap gags in order to delay his execution. Would it have been more convincing if he'd come out with a finely polished routine?
I thought it was actually quite well done. He conveyed the sense of desparation well, trying to find anything to keep him alive.
A real shame to see you go Tim, I've really enjoyed your articles. Guess I'll have to start following your blog now, it was easier for me to have the articles distilled and produced on schedule.
I hope you advised the new elite of El Reg to get economists with contrary views to write some articles - you could get to dish out some of the commentard magic in the other direction.
Given it's a figure that we almost all agree is at best a guideline, and is open to some pretty significant distortions, does it have value as a figure? It's all very well to say it's the best we've got, but when you put a figure on something people tend to go absolute on it. To an economist GDP may be a guideline with (un)known variance, but that same figure once reported will get reported by an economics journalist to a readership of vaguely informed people (us), who will then repeat such figure to completely uninformed people and then suddenly it's a rock solid measure of our economy.
Let's not even start on how politicians use it.
Is it the best measure we've got, when "no measure" is taken into account as an option?
You can sneak code in if you really want. I don't believe it happened in this case, but a driven developer is usually able to smuggle a change through without being spotted. It can be as simple as using a build server account, or even as unfair as just accessing a colleagues machine (often via a share that the naieve colleague has agreed to) and altering some files to piggy back a change on a legitimate changeset.
I don't think it happened here, but I don't agree with those saying that a good change control system could prevent this 100%.
...that there might be other pieces of unauthorised code lurking in VW's engine management systems. In fact if it's possible for engineers to sneak in code to so fundamentally affect the workings of the engine without anyone noticing, it doesn't seem possible to deny that someone could potentially have placed code to make the engine explode on a particular date.
To my mind he appears to have said that as a matter of security all VW cars with an engine management system (which I assume is just about all VW cars), must be immediately recalled.
I think you're seeing a paradox because you're looking at these two things from opposite directions. If you're going to look at drugs as being that the person providing the drugs can command a higher price, then you have to look at the child labour as being the person offerring the labour can command a "higher" price (i.e. not pay as well).
Indeed, a good illustration of the added complexity that we seem to be avoiding in the discussion.
Just to be clear, I was not seeking to be one of those people who make you feel wrong for having many children. I think when I said you could "easily argue that...", I intended something more along the lines of "lazily dismiss this factor by saying that...".
It strikes me (and therefore is probably irrelevant) that most discussions on reducing poverty and ensuring a fair distribution of wealth always conveniently ignore one of the biggest financial costs to a family, which is the kids. I can see why, as Tony Blair demonstrated with his education x3 speech, once you start pulling on the parenting strings, people lose objectivity.
Without this consideration it kind of makes all the rest seem redundant. It's all very well to guarantee an income to an adult, but if they've got 3 additional mouths to feed then they're signficantly worse off than the person that doesn't. You could easily argue that kids are a luxury, but there are unplanned pregnancies, and if there's a moral imperative to help the adults out of poverty, surely it applies to the children too? There's also the economic point that we need to keep fresh people coming through to pay for those retiring.
I'm not suggesting I have an answer, just that without it taken into account we're not really addressing a real world problem.
I understand the whole hedonic adjustment thing. I suppose I'm more pointing towards inequality, but more specifically how the current economic policies appear to be motivated by keeping wages down. This comes back to my point, when is there a time when they should go up? We never get a "times are good, lets reward you" moment. Only times are bad so we must stagnate, or times are good, so we must slow things.
I might have ranted about this before, but there's something nagging me about all this economic policy. When times are hard we all need to tighten up our belts and accept that pay rises and improvements to our wealth are not realistic. Then as times improve, the banks increase interest rates to stave off the risk of "inflation busting pay rises".
I know Tim's argument has been that we dictate our pay by providing that level of value for our work, but I can't help but feel that there's economic policy stacked against us here. It's further aggrevated by the fact that those interest rate increases haven't staved off the inflation busting pay rises of the FTSE board room members, something the ASI came out in defence of.
Sorry, rant over. Interesting article Tim.
A good article Tim,
I did like the point about making things to blow things up not being economic growth. It made me think as to whether or not the arms trade is contributing to growth or not. Is the net effect of the arms trade on the global economy a positive or negative one? On one side we have the obvious advantage that we've made something (for example a bomb), on the other hand we've got the disadvantage that it will ultimately destroy something. In between we have the potential advantages/disadvantages that our "will" is being enforced, and we perhaps get global security.
I suppose it actually comes down to a basic question of "is it ever necessary to fight a war". Still, got me thinking, which is sometimes a good thing.
Is there any room for rolling off the slope of enlightenment and down into the valley of verified bullshit?
No, abusive means exactly what I meant it to "using hurtful language". What I find astounding is the inability of commentards to actually understand the term. Similarly so your lack of understanding that I was not criticising Tim.
He was making a personal attack. He even said it. I thanked him for saying that, for declaring his interest such that we could move on to the discussion. I even noted that I percieved his declaration as softening his stance.
Abusive: You're an idiot.
There was a definite personal focus, and you cannot take the article without accepting that it is attacking (to a point) the person rather than the argument. Tim admits this, which was actually what I was thanking him for.
As for other times he's done it: This was particularly bitter and in my opinion uncalled for: http://www.theregister.co.uk/2015/03/04/evgeny_morozov_why_does_he_bother/
My thanks to you Tim for making it clear that you were biased on this one. I find your abusive articles much more palatable when you make it clear that it really *is* personal.
I also suspect that in doing so you actually make the article less abusive, as you've been far ruder about other articles and people in the past. Perhaps your clear bias prompted an attempt at impartiality (or perhaps because he accused you in that other article of ad hominem and straw man).
Biting the hand that feeds IT © 1998–2017