* Posts by Tom 38

3048 posts • joined 21 Jul 2009

systemd-free Devuan Linux hits version 1.0.0

Tom 38
Silver badge

Re: They missed a trick

djb and Poettering are very different. djb is an exceptionally smart cryptographer that no distro trusts, and Poettering is an exceptionally naive developer that every distro trusts.

The only similarity between the two is that they both have the firmly held belief that they are right; when it comes to security, I'm inclined to trust djb on that regard.

2
0

That apple.com link you clicked on? Yeah, it's actually Russian

Tom 38
Silver badge

Re: an easy fix for firefox

Obviously another solution will need to be found for them, but English speakers are likely to be the target of the vast majority of hijacking attempts that use punycode domains masquerading as real ones.

No, you are only thinking of the problems that an anglophone will encounter from homographic IDN attacks, it is still a form of colonialism.

You haven't considered that due to our earlier anglophone-only internet, most of those non english speakers will actually be using a lot of domains that have english domain names, for instance paypal, google, mpay and so on. A work around that "works" for anglophones, but still allows the remaining 84% of the world to be pwned is not a valid solution.

For instance, a user in India almost certainly would want punycode on for local websites, but they still won't want to go to xn--mesa-g6d.in thinking it is mpesa.in.

4
9
Tom 38
Silver badge
FAIL

Re: an easy fix for firefox

The 5+ billion people who don't speak it as a first or second language can just go get fucked then?

3
10
Tom 38
Silver badge

Re: an easy fix for firefox

This isn't a fix, it is a work around. You fix the problem that you are not mislead by malicious IDNs, but you have a new problem that you cannot see any IDNs.

It's like someone complaining that their editor doesn't work in Arabic, and being told that the fix is to write in English.

8
3

TCP/IP headers leak info about what you're watching on Netflix

Tom 38
Silver badge
Headmaster

Not quite, maths

This test isn't entirely accurate because of the small sample size. 100 titles generated 184 million data points, and under 4 minutes of watching one of those titles can determine which of the 100 titles was watched.

Netflix have quite a bit more than 100 titles, which means a massive increase in the number of data points to consider. Let's be generous, and say their algorithm has reasonable time complexity and can be completely parallelised. What cannot be done is reduce the number of potential matches. With trillions of data points and millions of potential movies, the time that is required to give a definitive match will increase rapidly.

0
0

DevOps, Containers, and three days in May

Tom 38
Silver badge
Unhappy

£900?! How the hell do I sneak that past the PHB?

0
0

Eric S. Raymond says you probably fit one of eight tech archetypes

Tom 38
Silver badge

Re: "There are two more archetypes"

The problem is that each person thinks those two sets are disjunct.

4
0

Ex-IBMer sues Google for $10bn – after his web ad for 'divine honey cancer cure' was pulled

Tom 38
Silver badge

Your book is wrong.

1
0
Tom 38
Silver badge

Re: An interesting paper...

Two things:

1) Why would homeopathic medicine be at all expensive? In terms of ingredients, its a sugar pill imbued with the essence of something that has been diluted to the point it cannot be detected. They should cost about £1/kg.

2) If you are taking diclofenac on a regular basis, your stomach will not be long for this world.

0
0
Tom 38
Silver badge
Headmaster

Given the substance, I'd be amazed to find ONE verified death directly attributed to it, regardless of intake method.

Where did he say anything about dieing, he said you can OD on it. Not at all the same thing.

0
0
Tom 38
Silver badge

ultra-rare herb Soul of Kashmir

I normally buy this in little baggies, I never thought you get just get it in honey and spread it on toast - mind == blown.

6
0

Aviation regulator flies in face of UK.gov ban, says electronics should be stowed in cabin. Duh

Tom 38
Silver badge

Re: That was not unexpected...

The price of freedom is actually that some twat can blow you up or drive a car at you.

The price of security is eternal vigilance, snooping, barriers, restrictions. It is the opposite of freedom.

Do you realise how easy it is to blow up a train (Madrid, London)? There is not a thin blue line protecting us from nutters who want to blow us up, there just aren't as many nutters out there as the security services would like us to think.

42
1

WWW daddy Sir Tim Berners-Lee stands up for end-to-end crypto

Tom 38
Silver badge

Re: Email this to your MP

I applaud the idea, but I can't imagine that it is possible to influence an MP to vote against both their whip and lobbyists because that would require morals.

0
0

Wi-Fi sex toy with built-in camera fails penetration test

Tom 38
Silver badge

Re: Check this out

$145?!

Fuck me

3
0

IT contractors behind IR35 calculator to leave HMRC... because of IR35

Tom 38
Silver badge

Re: TAX CHEAT ALERT!

So you are taking a reduced salary in order to avoid paying tax and NIC on travel loan repayments?

Doesn't that make you a tax cheat?

No man in this country is under the smallest obligation, moral or other, so to arrange his legal relations to his business or to his property as to enable the Inland Revenue to put the largest possible shovel into his stores. - Lord Clyde, Lord President of the Court of Session

Every man is entitled if he can to order his affairs so as that the tax attaching under the appropriate Acts is less than it otherwise would be. If he succeeds in ordering them so as to secure this result, then, however unappreciative the Commissioners of Inland Revenue or his fellow taxpayers may be of his ingenuity, he cannot be compelled to pay an increased tax. - Baron Tomlin, Lord of Appeal in Ordinary

Any one may so arrange his affairs that his taxes shall be as low as possible; he is not bound to choose that pattern which will best pay the Treasury; there is not even a patriotic duty to increase one's taxes. - Judge Learned Hand (what an awesome name), US Second Circuit

4
0

New plastic banknote plans now upsetting environmental campaigners

Tom 38
Silver badge

Re: One fairly serious alternative is ...

suffice to say that a bar full of Mendocino County lumberjacks on a Saturday night can get pretty funny, if a trifle dangerous to onlookers

I'm sure jake is meaning that they are all macho and trying crazy mountain men style pranks, but all I see is...

I cut down trees. I skip and jump.

I like to press wild flowers.

I put on women's clothing

And hang around in bars.

8
0

Uber wasn't to blame for robo-ride crash – or was it? Witness said car tried to 'beat the lights'

Tom 38
Silver badge

but if it is a standard 4 way intersection with traffic lights, what is the issue?

Come to Europe, we don't really have many road junctions like that because of the aforementioned batshitinsanery of them. Far too confusing and slows down traffic flows.

We have roundabouts instead.

2
0

BOFH: The Boss, the floppy and the work 'experience'

Tom 38
Silver badge
Thumb Up

Re: Being on a placement myself...

Most in the IT industry remember that when they left University they weren't instant coding Gods, but unfortunately some belittle students trying to learn.

Oh sure, I know that now. When I actually left Uni though, I thought I could make the world spin in a different direction with my supreme programming skills, and sadly so do most of the graduates that I come across these days too.

But I give them a bit of a break, because I remember how much of a dick I must have been :)

20
0

Ubuntu 17.04 inches closer to production

Tom 38
Silver badge
FAIL

Re: Wake me up when it's .1" from production

Alumoi: (Joke about "inches" being both a verb meaning "getting closer" and a measure of distance)

Hans 1: (Whooosh)

10
0

'Clearance sale' shows Apple's iPad is over. It's done

Tom 38
Silver badge

Re: Education PC seller says Apple is no good in that market

Apple might be big in the USA, but in the educational establishments where I studied / worked, they were pretty much non-existent.

Well, in the UK there is no money left after buying a couple of RM badged beauts. RM: the only company that makes Apple stuff look cheap.

10
0

FYI anyone who codes outside work: GitHub has a contract to stop bosses snatching it all

Tom 38
Silver badge

Re: Alcatel, eh?

As he wasn't employed by them, he didn't have any employment rights.

0
0
Tom 38
Silver badge

Re: Interesting, but..

You would have to find the money to challenge your employer in court, who then may find grounds for discovering that he doesn't want to promote, or even employ, you anymore. So you end up with a huge legal bill and no job.

Is this another US/European difference? Your boss cannot simply decide he no longer likes you and you are fired. You must have a reason for dismissal that amounts to Gross Negligence (so not just "AHA! You are 3 minutes late!"), or the job must no longer exist, in which case the employer must pay redundancy (and the job really has to not exist, not just pretend not exist, or the employer will get reamed in Tribunal).

Also, all complaints around this do not go to court, they go to a time limited tribunal - so your employer cannot lawyer you out of your rights.

2
0

King Battistelli's swish penthouse office the Euro Patent Office doesn't want you to see

Tom 38
Silver badge

Re: "few Greek or Spanish or Italian unemployed"

There's a reason why Battistelli last name looks to have an Italian origin, or something like that. Not a little percentage of unemployed people would like to live out of someone else money like Battistelli does

Nice bit of casual national stereotyping. Unfortunately, he's actually French, so we need to think of him as a beret wearing, cheese eating surrender monkey. Probably smells of garlic.

7
2

Android O my god! It's finally here (for devs)

Tom 38
Silver badge

there for the benefit of Google, not the [..] phone's battery life

I think that partly they are intended to be there for battery life. Instead of one monolithic application that wakes up constantly and checks 400 things, they have 400 things which mainly sleep and only wake up occasionally to do simple things.

idk that it does any good though :)

3
0

Huawei's P10 breathing on Samsung's shoulder

Tom 38
Silver badge

4 pages

No mention of whether the battery is replaceable or not (its not).

4
0

The priest, the coder, the Bitcoin drug deals – and today's guilty verdicts

Tom 38
Silver badge

Re: Not a "priest"

No, that's just the historical etymology of the word. Priest, pastor, cleric, parson - these are all synonyms of each other; the differences that each one can mean within a particular cult are only interesting to the members of that cult.

1
0
Tom 38
Silver badge

Re: Not a "priest"

What makes a pastor not a type of priest?

1
0
Tom 38
Silver badge
Headmaster

Re: Tor?

Same for "priest". Pastor Trevon Gross isn't a priest, he's pastor at the Hope Cathedral, one of the fundamentalist churches that infests the US, mostly in the South.

So what you're saying is, he's ordained by a religious institution to lead the congregation, but that does not make him a priest?

What does he need to do to make "priest" with you? Do we only consider orthodox sky fairy worshippers to be priests?

1
1

Dr Hannah Fry: We need to be wary of algorithms behind closed doors

Tom 38
Silver badge
WTF?

Re: Algorithms that sit behind closed doors

Not at all. I work for a company that uses open source software, but the algorithms I write determine weather or not you get that all important first interview for a job.

If I balls this up I can totally fuck up your career.

PS you as the person trying to get the job have no access to the code or the rules that determine weather you are selected or rejected.

Algorithms are code. Code can be either open or closed source. If the source code is inaccessible, it is closed source code, even if portions of it are open source code.

Presuming this isn't software from somewhere like North Korea, then you cannot "totally fuck up" someones career, because you are not the only people doing this. If your algorithms are bad, then you will be supplying not the best candidates to your clients, and others will able to supply the good candidates your algorithm rejected; your business would suffer, but the candidates you reject will be perfectly fine.

5
0

Europe will fine Twitter, Facebook, Google etc unless they rip up T&Cs

Tom 38
Silver badge

Re: Good luck

All of those companies are located in the United States. Do you really think they won't just cry to Congress and then watch as America craps on yet another treaty. Are you guys prepared for the equivalent of economic armageddon?

We don't really care about the US any more to be honest. We don't get our fuel, food or technology from there, and we're increasingly unconcerned about upsetting a regime that repeatedly tells us that they will use protectionism to stifle our imports.

So yes, if your companies want to operate in our territories, they will do so in the manner that we deem fit or we will fine them.

2
0

Shine on, you crazy Eind minds: Boffins fire out 43Gbps infrared 'Wi-Fi'

Tom 38
Silver badge

@DougS

Rephrase it another way Doug, what problem does this cause you that you can write paragraphs and praragraphs rebutting the usefulness of it. Why *shouldn't* we have faster wifi? Can you think of *no* situation where faster wifi would be an economic benefit?

Here's a hint: its not always about home networking, individual computers or loading a web page. There are people out there who do different things with networks than you! Please don't faint in shock.

1
0

Ubiquiti network gear can be 'hijacked by an evil URL' – thanks to its 20-year-old PHP build

Tom 38
Silver badge

Re: 20 year old PHP implementation?

I wouldn't trust a build of *any* interpreter from 20 years ago doesn't matter what you think of PHP.

I have no qualms still using csh on Solaris 2.5(?), which would be about 20 years old by now I'd have thought.

2
0

UK.gov gears up for IR35 private sector crackdown – say industry folk

Tom 38
Silver badge

Re: I've little sympathy for permies

As a contractor, more often than not brought in to do they work they either should have done, or have loused up so badly it needs redoing, I'm paid only because the work gets done.

You know the opposite is also true right? We had a contractor come in to work on an Alfresco deployment for us, as we had no-one with Java experience. He produced virtually nothing in 3 months, at which point he was ditched and we head hunted someone who could actually do it as a permie.

1
0

Dormant Linux kernel vulnerability finally slayed

Tom 38
Silver badge

Keep reading I will get to a point eventually

BSD commonly has less drivers than Linux, in particular multimedia devices and so on; fewer people using it, who care less about those sorts of things. NIC, HBA etc drivers, no problem - USB webcam drivers or TV dongles, pretty much nothing.

Linux has all these things; we looked on enviously at things like MythTV. Eventually one guy came up with an idea: Why don't we take all those Linux USB drivers and make a compat shim to use them on FreeBSD. The interesting part is how he decided to do it; he wrote a compat library that runs the linux USB driver in userspace. The library co-ordinates with a single simple kernel module, cuse4bsd, which creates nodes under /dev and copies data to/from the user space program.

This means the entire linux driver is running only in userspace, where as on Linux it is all running in kernel space. Any bugs in the driver would cause an oops on Linux, whilst on BSD you can simply restart the userspace program containing the driver.

The only kernel code is simple, easier to test and debug, and is the same for all consumers. Compared to the Linux drivers, which are often written by box shifting manufacturers simply by taking an existing driver and tweaking it, and the surface of code within the kernel is tiny.

Obviously, it's not as efficient, data has to be copied. It's a lot safer and resilient.

10
0
Tom 38
Silver badge
Headmaster

Re: Slayed?

in old English, they did differentiate by putting an accent on the 'e' and pronouncing it differently, so by those rules it would be "the bug was fixéd by the developer"

Should be an e-grave. E-acute would sound like "Fix-ay-d", whereas the archaic form would be "Fixèd", pronounced Fix-edd.

5
0

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

Tom 38
Silver badge

@bazza

You haven't understood either of my posts. I'm not suggesting anyone replace JS, or even think about replacing JS. The discussion was solely, "If JS was no more, what then for Google? Aren't they in shit creek?". Its a thought experiment, not reality.

As for not having dynamic web pages, and remote viewing any interactivity... can you give me the number of your dealer, because you are high.

0
0
Tom 38
Silver badge

Re: "Google may be OK with this but ultimately it's a big risk for them"

There are actually no replacements for Javascript for web applications, being all the others even worse

Right, but we aren't talking about reality at the moment, someone posited the thought experiment "If JS was to disappear, companies like Google would be up shit creek and they don't seem to acknowledge those risks".

It's a bad thought experiment because either there is an equivalent language to replace it, in which case a Dart-to-new lang compiler would remove the risk, or that there are no more browser apps possible, in which case Google write a Dart-to-C compiler and deliver native apps.

0
0
Tom 38
Silver badge

Google may be OK with this but ultimately it's a big risk for them. No Javascript = big increase in costs for Google. If you take Javascript away, what of Google's empire is left?

So if we assume that JS is destroyed and gone, and there is some new super safe way of doing interactive things in the browser, how much would Google be affected?

Very little. All their apps are written in Dart, which is then compiled to JS. They would simply write a different backend to the Dart compiler to compile to NewFancyLanguage.

Of all the examples you could use to demonstrate reliance on JS, google is the worst.

0
0
Tom 38
Silver badge

Re: China

So what, AC? They're still morons to use IE9.

Morons with money. My favourite kind of moron.

0
0
Tom 38
Silver badge

I'm sorry Mr Developer, but since you won't perform straightforward reasonable tasks within your area of responsibility within the company, we're letting you go and hiring someone who will.

4
0
Tom 38
Silver badge
FAIL

Re: Backwards compatiblity

Secondly, all versions below IE11 have already passed end-of-life. Nobody should be supporting or using them on the web.

Spoken like a true zealot. Hey Mr Chinese Man whose company still only uses IE 9, look I really can't accept that huge big bag of cash for accessing our website because AC said you should be using IE 11 already.

You can nudge, you can poke, you can plead, but the only time you can stop supporting shitty old browsers is when the users of your sites stop using shitty old browsers.

10
0

Blast from the past: Mass birth of early supermassive black holes explained at last

Tom 38
Silver badge

Re: @Symon

Ah, I see. I thought you were saying that he was wrong that the universe at 800,000 years was much smaller and dense, but you were in fact pointing out that "size of universe in LY" > "age of universe".

1
0
Tom 38
Silver badge

@Symon

The article you linked to says that

...you have to remember: 13.8 billion years ago, our entire observable Universe was smaller than the size of our Solar System is today!

and then has a chart of universe age versus universe radius size in light years...

I don't see what inflation has to do with this either; inflation lasted for a fraction of a second after the big bang, this is talking about effects well after that.

What am I missing?

2
1

Scott McNealy: Your data is safer with marketers than governments

Tom 38
Silver badge

What if you do want to buy pantihose

What about when your secret hearts desire is to buy all the pantyhose in all the colours and run around the house with them wrapped around your face, but you don't want anyone else to know this?

I'm, er, obviously asking on behalf of a friend..

PS: Pantihose? Pantyhose surely?

2
0

Tech titan pals back up Google after 'foreign server data' FBI warrant ruling

Tom 38
Silver badge

Re: Bullshit

So you think an email only consists of a body and that 'communications' are not metadata?

5
0

Linus Torvalds explains how to Pull without jerking his chain

Tom 38
Silver badge

Re: git shit

OP either doesn't do much change management in git or has never done much change management in other VCS. git is by far the best VCS available. I was going to say "open source" VCS, but I think its better than any commercial one I've tried (Perforce, ClearCase, VSS)

8
1

Force employees to take DNA tests for bosses? We've got a new law to make that happen, beam House Republicans

Tom 38
Silver badge

Re: @Orv

If you had a pre-existing condition, depending on the condition, you may or may not be able to get coverage. The insurance company could write a rider so that you get coverage for everything but your condition.

So if you are ill and cannot work due to a pre-existing condition, not only do you get more expensive insurance premiums, but it won't cover the thing you are actually ill for, what do you do then? Go bust and then die due to inability to pay to treat your treatable condition?

What a delightful country you live in. Your medical insurance companies make more profit than most healthcare systems cost in total. You should be proud of how exceptional America is.

6
0
Tom 38
Silver badge

Re: "They still believe in Social Darwinism of course."

Maybe. But isn't Trump of the finest Teutonic stock? I'm pleased he's not making out that he's got any British ancestry.

Unfortunately...

0
0

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Tom 38
Silver badge

Re: It only makes it easier to crack...

I don't think it necessarily implies the storing of failed logins.

One possible compromise would be that if the login is not successful, just delay the rejection response for a period of time, for example, 10 seconds.

So now you are open to DoS via resource depletion. What's your next plan?

0
0

Get a GRIP! Robolution ain't happening until TOUCH is cracked

Tom 38
Silver badge
Joke

Re: someone somewhere will have to pay the tax

Too right! Smash the looms!

2
0

Forums

Biting the hand that feeds IT © 1998–2017