* Posts by big_D

3190 posts • joined 27 Nov 2009

Cops: Autonomous Uber driver may have been streaming The Voice before death crash

big_D
Silver badge

Yes and no. At the end of the day, the systems are still being tested, so the safety driver should be able to take over if they note the car isn't reacting properly (i.e. hasn't seen an obstacle). If you are just waiting for the vehicle to says it hasn't seen something, you'll be waiting until after the thump, as seen here.

Also, if the vehicle says it can't cope, you need to already be aware of what is going on around you. You can't be distracted, concentrating on something else and expect to react in an emergency.

The driver was paid to do one job and she was loafing off when it counted...

I agree with you about Uber having turned off the on-board safety systems, but she was the driver, so it was still her responbility to react if the car obviously wasn't.

32
2

Pwned with '4 lines of code': Researchers warn SCADA systems are still hopelessly insecure

big_D
Silver badge

Re: Company selling security consultancy find security flaws shocker

I think we have to be careful in separating things like cars and CNC machines, from critical infrastructure. while someone hacking a car is annoying, someone hacking say the electricity grid is far more serious.

So, hacking a car and causing it to swerve off the road (Fiat/Jeep by Charlie Miller 2015) or change the engine management, disable braking/ABS or disable the motor whilst the vehicle is in motion is only annoying? :-O

1
0
big_D
Silver badge

Re: SCADA systems running windows

I don't even want to think what 80-year-old SCADA code might look like.

Where I live is famous for its red cloth. The local museum has several working looms, including an original Jaquard Loom, which they run off several metres of cloth every year during guided tours of the place. Very interesting.

1
0
big_D
Silver badge

Re: Company selling security consultancy find security flaws shocker

My experience so far is that security is still often an afterthought. The other problem is, a lot of the IoT stuff is tacked onto existing hardware, which has often been in the production for over a decade, so it is irrelevant, whether the next generation hardware has some security baked in, the majority of industrial systems are unprotected by design.

I agree, however, that the wording from Godfrey is a little misleading, there is certainly some work going on in this area, but you only have to look at the **** that is coming out today in cars, for example, where they are online, but the CANBUS is still pretty much unprotected! Industrial PLCs aren't much better, in my experience.

But their attack requires local access. Physical security is as important as cyber security in these situations. If you can just walk in and install a box on a critical infrastructure, cyber security is the least of your woirries

We don't know what their remit was. And getting through the firewall and hacking a PC on the network isn't that hard, but might have been outside the remit for the case in question, which would have made it illegal try such a scenario.

It is also not a "local" attack, which means on the device(s) in question, it was an attack within the network, so internal but not local.

And the industrial networks tend to be very fragile. I worked for a company producing vulnderability scanners and they had extra documentation and modes for scanning SCADA and PLC networks, so that you don't bring them crashing down during an initial scan. Their systems started in a "light touch" mode and gradually worked up. It was also recommended that the customer make a replica of their production environment to test on, before scanning the real thing.

6
0
big_D
Silver badge
Facepalm

Re: Bonsai Penguins aren't all they're cracked up to be...

@AC I've also seen companies rolling out new servers (2015/2016) with the software still running under "SUSE 7.0" from the turn of the century, because they had some libraries that "just worked" an no upgrade path, so they carried on with SUSE 7.0 on new production hardware for their customers, until the software stopped working with newer generations of hardware, where the old RAID controllers were no longer available and the drivers wouldn't work with current generation controllers... Then they had to invest in re-engineering the libraries.

But the attitude was "it's Linux, it is secure, it doesn't need patching."

13
1

Apple takes $9m kick down under after bricking iPhones

big_D
Silver badge

@SuccessCase in that case, if they can't guarantee the authenticity of the fingerprint reader, you deactivate the reader, you don't brick the whole device.

13
0

Cardiff chap chucks challenge at chops*-checking cops

big_D
Silver badge

Re: Good Luck

The German states are currently implementing their own version of pre-crime.

They are granting the police the right to listen in on conversations (including implanting a trojan on suspects devices to intercept communications, before they are encrypted) of people who "might" be thinking of committing a crime. They can also imprison suspects for up to 70 days without charge.

Bavaria has implemented it, Lower Saxony is planning on it (law will be refined over the summer recess and voted on when they come back from their summer holiday) and Meck Pomm and a few others are thinking of enacting similar powers to their police forces.

3
0

Microsoft reveals which Windows bugs it might decide not to fix

big_D
Silver badge

Re: Duty of care

And this document explains the rules MS have used since I can remember. You need to then apply that to duty of care.

The process is about using the resources they have to fix the problems that matter in a timely manner. The question is, of course, whether that falls within duty of care. This gives more transparency into the process they use, it doesn't affect the process itself.

And it says that problems that have a high priority will be fixed ASAP and problems that have little or no security risk will be put to one side until there is time to deal with them, or incorporate it into the next release.

6
6
big_D
Silver badge

Re: Pay more, get less

This has been standard practice for decades.

Back in the old Technet CD days, when there were only 10s of thousands of reported issues, you go to see them and there was a report on whether the issue was being addressed or not.

Some bugs have littlle or no security impact. For example an escalation bug that can only be used when sitting at a machine and using a very complex set of criteria would affect practically nobody, but require, say, a few hundred man hours to fix. That isn't something that they will want to fix, as long as no other method is found to escalate the bug to a higher priority. If somebody has physical access to the machine, they probably don't need the exploit anyway. This would then be looked at, as to whether it will be fixed in a future version, because it isn't urgent and there are better things to spend time on, for example, remote execution and drive-by exploits that are serious and likely to be actively exploited.

If MS had an infinite number of developers and infinite money, they could fix every bug. But with finite resources, you need to use the resources where it matters most.

They are just setting out the parameters they use to determine which problems are important enough to fix immediatly, in the near term, in the long term or never so that researchers can understand how the reporting system works - and whether they are likely to get a bug bounty for their work.

17
11

Windows Server 2008 SP2 gets new support model

big_D
Silver badge

Re: Rollups suck...

Yes and no... As a user, I love roll-ups. I've been saying for years that Windows should have them. It makes setting up a new PC much easier - one or 2 patches and you're done, not 150 patches, reboot, 120 patches, reboot, 10 patches, reboot, 20 patches, reboot, 40 patches, reboot... Until all the patches for the last 10 years have been installed.

On the other hand, having the option to go roll-up or individual for machines with a delicate software stack would be better.

6
2
big_D
Silver badge

Roll-ups

are fine for clients or servers, where no additional software is installed.

For production machines with diverse software, having roll-ups can be awkward, as certain updates can break certain software. At least with the individual updates, you can pick and choose the ones that are compatible with your production software. That then leaves you open to chose other actions, if a security patch breaks something, for example, such as segmenting the network and firewalling the server in its own zone.

5
1

That was quick: Seattle rushes to kill tax that would mildly inconvenience Amazon

big_D
Silver badge

In Germany there have been several documentaries about the wokring conditions. The worst is seasonal workers, who are shipped in from other countries on the promise of a good wage, they are then given a contract for much less and told to either sign it or find their own way back home! They also live in winter in overfilled summer holiday chalets.

But, of course, this isn't Amazon's fault, it is the subcontractor they use to provide the staff who is responsible. So, of course, once it came to light, they immediately terminated the subcontractor and found a reputable employment agency... Oh, wait, no they didn't.

14
0

New York State is trying to ban 'deepfakes' and Hollywood isn't happy

big_D
Silver badge
Childcatcher

Re: I know why Disney is against it

Hmm, a deepfake of Disney execs and Mickey in a compromising positions, then ask Disney if deepfaking is ok.

15
1
big_D
Silver badge

Re: Bullshit

Exactly, they aren't banning the use of deepfakes, that are making sure that it isn't abused and people are exploited. I see no harm here...

13
1

EU-US Privacy Shield not up to snuff, data tap should be turned off – MEPs

big_D
Silver badge
Facepalm

Re: Facebook and Cambridge Analytica – are both certified under the Privacy Shield.

No transfer, and no servers owned by US companies or their subsidiaries, because the CLOUD Act means that the US sees the data on non-US servers as being held on US servers, if the company owning the servers (or subsidiary) has a presence in the US.

31
2

Have to use SMB 1.0? Windows 10 April 2018 Update says NO

big_D
Silver badge

Re: Fix it, don't disable it

SMB1 is widely used by legacy NAS devices and most Android clients.

Given that SMBv1 was depricated nearly 20 years ago, maybe you should be using a somewhat newer NAS or Android device - although I wasn't aware that Android was around 20 years ago...

2
0
big_D
Silver badge

Given that the protocol has been depricated for nearly 2 decades, it is astonishing how many products still use it as standard / don't support SMBv2 or SMBv3!

At a previous employer, we had it the other way round, we disabled SMBv1 on all servers, only for the Minolta scanners to stop working, because the scan-to-folder option only supported SMBv1, and they were new (less than 2 years old) printers!

3
0

ICO smites Bible Society, well fines it £100k...

big_D
Silver badge

Re: OK if they pro-rata the fine when its applied to big business

@}{amis}{

My possibly erroneous understanding is that changes to the law cannot affect a running case in the UK at least.

I think so as well. If it was under the new rules, that was a very quick process!

2
0
big_D
Silver badge

Re: OK if they pro-rata the fine when its applied to big business

The fines are now 23,000,000€ or 4% of global turnover, whichever is the larger. That should be a deterant for most.

Whether this was done under the old rules or they were particularly lenient is the next question.

6
0
big_D
Silver badge
Facepalm

Re: How is this helpful?

The same is true of any organization or company... Its money had to come from somewhere, either paying customers, paying supporters or the general population (taxes for governmental departments and institutions).

Using your argument, no company should ever be fined, no matter what they do, because they are not being hurt, because their customers are paying for it...

20
3

Plans for half of Europeans to get 100Mbps by 2020 ain't gonna happen – report

big_D
Silver badge

Too late to edit... I wanted to add, that our Telekom rep lives out in the countryside and gets 1mbps, but has a dual modem, which uses LTE + DSL, which gets him around 20mbps.

Some very rural areas are, naturally, very poorly provided for. But the OP said anyone outside major population areas doesn't get good speed. Ours is a small town (~30,000 people over a very large area).

0
0
big_D
Silver badge

It really depends on where you are. I live in north Germany and we have 100mbps in our small town. At work, we get 1gpbs at one site and 50mbps at the other, plus 10mbps dedicate line to the other site.

The real criteria is who you have as a provider. Although we are rural, a local telco (Osnatel, now part of EWETel) invested heavily in fibre at the turn of the century and laid cable throughout the area. If I stick with Deutsche Telekom, I can get 3mbps, with Osnatel, I get 100mbps. All the other ISPs also use the Telekom lines, so they are also 3mbps.

We could also go cable, which is somewhere between 300mbps and 1gbps. But my other half has had poor experiences with them. In her last flat, she had satellite TV and the cable company came round at least once a month accusing her of stealing cable TV, because the previous tenants had tried to steal cable!

1
0

Monday: Intel touts 28-core desktop CPU. Tuesday: AMD turns Threadripper up to 32

big_D
Silver badge

Re: Gimme speed

@AC I also worked on an early eretail site. It collapsed whenever the eBay newsletter went out. The mySQL database would cease up and the query to get the menu for the homepage would take over a minute to run. They had 4 front end servers and a mySQL database.

I looked at the code and quickly worked out that it was written for humans to understand, not so that a computer could execute it quickly. Changing the execution of IF statements from negative to positive and changing the WHERE clauses to work optimally on the data (different indexes and starting at the highest common denominator, instead of the lowest, which was more understandable for a human, the query time dropped from over 1 minute under load to around 12ms.

The next time the newsletter came out, the servers were doing well, going from 50 users per server and collapsing to 250 users per server and still plenty of headroom.

That was something that could be optimized and showed significant results. But, as I said above, without knowing how much the original 1 month problem has been optimized, it is pointless to speculate about further optimization. If it originally took 3 months and they are now down to 1 month after optimization, you are at the limits of what the hardware can achieve. Maybe more cores or faster storage and memory are needed?

1
0
big_D
Silver badge

Re: Gimme speed

@tfb optimization has always been a problem. We had a demo mainframe delivered and the sales guy gave us a tape with source code for our VAX cluster. He told us how wonderful his mainframe was, and how fast. We should compile the code with all optimization on the VAX and let it run and run the same code on his mainframe. We should call him back in a week, once the mainframe was finished, the VAX would need a month!

There was a note waiting for him by the time he had returned to the office (those were the days before mobile phones). The VAX was finished.

It had taken the source code, analysed it and came to the conclusions: No input, a lot of calculations, no output = nothing to do. The program created a huge multi-dimensional array, filled it with random numbers, performed some calculations on the random numbers and dumped the array, when it was finished. The mainfram dutifully compiled it and executed it, the VAX made a small .exe that finished in a fraction of a second.

8
0
big_D
Silver badge

Re: Gimme speed

On the other hand, GRC's Spectre checker (Inspectre) was written (quickly) in assembler and weighs in at 110KB, 96KB of which is the Windows requirement for a high definition icon.

Some things can be written better in assembler, but very complex tasks are much easier to debug in high level languages. You can still optimize that code as well.

BUT some jobs just take time. We don't know how well optimized that 1 month job is, it could be that they have got the runtime down to "just" 1 month. Speculating on optimizing it, just because it doesn't finish in milliseconds, without understanding what it is doing is tilting at windmills.

I've worked on projects before, where analyses or reports took days or weeks to run. They had been well optimized over the years and the runtimes had come down with successive hardware generations. At some point, you can't optimize the algorithm any further and more processing power (whether raw speed or parallel processing) is the only way forward.

13
0

Continental: We, er, tire of Whatsapp, Snapchat on work phones. GDPR, innit?

big_D
Silver badge

Sorry, that should be yes, GDPR does cover it and it is, within limits, legal.

If it is a company phone, the employer has to have a policy in place allowing the use of contacts on the phone and what limits are applied, ensuring the information is safe (pin code to open the phone, remote wiping etc.).

2
0
big_D
Silver badge

No. Because you are not passing all of their contact information to a third party service in order to send the message or talk to them.

WhatsApp takes the complete addressbook and uploads it to WhatsApp/Facebook servers, which is illegal under EU data protection laws (before GDRP) and even more so now. Other services, such as Signa, upload a hash of the number for comparison with registered users of the serivce and throw it away afterwards; that just about gets around GDPR.

1
2
big_D
Silver badge

Re: This entirely political move

Precisely, either the phone user can access the company groupware solution (E.g. Exchange) or they can use WhatsApp and manuall type in the contact details of people they have received permission from.

Given that the company is probably more interested in people having the groupware contacts and emails available to their users, WhatsApp and Snapchat have to go, until such time as they become compliant.

2
0
big_D
Silver badge

Exactly.

Company devices will usually be connected to the company's groupware service (E.g. Exchange) and therefore have access to the GAL and PAL contact lists of the company and the user. (CRM systems are another possible connection point.)

The company has to ensure that the information is handled within the bounds of GDPR. As WhatsApp currently does not comply with GDPR and is illegal (German ICO for, I believe Baden-Württemburg, pointed out that WhatsApp was illegal under the previous European DP laws, because it uploads all contacts to Facebook's servers).

So, either the user has to disconnect their phone from the company's groupware system and manually enter the phone numbers of contacts who have explicitly agreed to the user passing their contact information to WhatsApp/Facebook, or they have to stop using WhatsApp until such time as it is compliant.

The company would be similarly liable, if the employee started using their private device for WhatsApp and simply copied their work contacts over, or worse, connected their private device to the company groupware system...

Systems like Signal, which just uploads a hash of the phone number, or Threema are a much better alternative at the current time... The problem is, you can't just move over yourself, you need to get all of your current WhatsApp contacts to go with you...

2
0

'Moore's Revenge' is upon us and will make the world weird

big_D
Silver badge

A chip in everything...

The problem is, a lot of those chips are being put into devices that usually last "a lifetime", or at least they used to last a decade or two. Due to the use of chips and being "online", the devices are now dangerous to use after a couple of years, because they no longer get security updates.

That means that these "cheap" chips are causing more landfill or early obsolecense of devices, even though the devices themselves should last much longer... A fridge that costs "real" money, without intelligence, but designed to last 20 years may cost more today, but over its lifetime, it will be cheaper than an intelligent fridge, because it doesn't need replacing every couple of years, because it no longer gets updates.

The same is true of most "smart" devices, the smart functionality doesn't generally bring anything really useful to the table, but makes the device "dangerous" after a couple of years of operation, because it no longer gets security updates. I'll be sticking to non-smart devices for most tasks, thanks all the same.

40
1

Platinum partner had 'affair' with my wife – then Oracle screwed me, ex-sales boss claims

big_D
Silver badge

Re: What a lovely place to work, hey ?

I'm glad there is protection here. It is generally illegal to fire somone on sick leave. There are ways to do it, if somebody is long term sick or regularly takes sick days, but it is complicated and requires the employer to jump through several hoops to actually get rid of them.

0
0

Map app chaps Waze add shout-at-sat-nav support for Ford cars

big_D
Silver badge

Yes, both valid, although the usual "best" route is generally a combination of Autobahn and other roads, but you can usually only set Autobahn or not Autobahn, you can't get them to use the best route using a combination - from here to Magdeburg, the best route is to ignore the Autobahn for the first hundred KM or so, going over land (fewer traffic jams, less fuel, less stress), then pick up the Autobahn just before Hannover and drive the rest that way. The problem is, the satnav either avoids the Autobahn completely or only uses the Autobahn until the last possible second, so you spend the first hour and a half ignoring the Satnav telling you to do a U-turn every 300 meters...

That is why I generally don't use it or only turn it one, once I've reached my destination area and need it to guide me the last few hundred meters.

2
0
big_D
Silver badge

My car has a satnav built in, well since 2004 I've had cars with built-in satnav. I've driven around 500,000 miles since then and probably used the satnav for around 3,000 of those miles. And then, usually, with the sound turned off, because it keeps trying to send me in the wrong direction.

They generally don't know the best routes, locally, and on longer journeys I've also found it will make huge detours (Ford, Toyota, Nissan and Google). They are generally good for the last couple of hundred meters of a journey, although I've still had them send me to the wrong location, given the correct address.

They also seem to get confused a lot. The last time I needed the Satnav, I was driving along and it said turn left in 200M, after 50M it then started re-doing the route, because I had missed the turning! A U-turn later and I took the indicated road, drove 200M, then I needed to turn right in 200M, after 10M it started re-doing the route, because I had missed the turning! I just pulled over, looked at the map and turned off the satnav and drove to the destination without it!

2
1

Three-hour outage renders Nest-equipped smart homes very dumb

big_D
Silver badge
Coat

Poor users

If they were poor, they couldn't have afforded Nest hardware in the first place...

10
0

Trump’s new ZTE tweets trump old ZTE tweets

big_D
Silver badge

USA nothing to give...

That is the problem, over the decades the USA has slowly given up its manufacturing lead, turning to soft industries instead, like finance, IT etc. and even where US companies "manufacture" hardware, the actual manufacturing takes place off-shore, because the US workforce is too expensive to be competitive, or the quality is too poor.

Obviously there are real craftsmen left in America and producing high quality products, but they are niche. Large US companies producing mass-produced goods aren't doing it at home, so they don't have anything to export, to help boost the balance of trade. That is left to soft sectors, like finance, cloud and software - again large swathes of those have also been offshored.

And now Trump is surprised that they have a huge trade deficit, and Europe and China are to blame? No, it is US policies' fault, over the last 40 years or so.

19
0

Google shoots Chrome 66's silencer after developer backlash

big_D
Silver badge

Sorry...

No website should make a gawdammed peep until I say it can!

As long as I can turn sound back on, if I want it, I don't see the problem! Nothing worse than sitting in the office and a site suddenly starts squawking at you!

The worst are sites / apps that are silenced that suddenly display an advert that thinks you need to have audio turned up to the max! If I have said no audio, that should go for the whole site, including any external ad content!

33
2

And THIS is how you do it, Apple: Huawei shames Cupertino with under-glass sensor

big_D
Silver badge

Not seeing it on any of our Hauwei devices (Mate 9 Pro, Mate 10 Pro and P Smart).

5
0

Uber says it's changed and is now ever-so ShinyHappy™

big_D
Silver badge

Do they ensure

that the driver has the correct driving license? That is what got them banned in Germany. They accepted any driver, whether they had a professional driving license or not - a prerequisite for getting insurance for commercially transporting passengers, which meant most of the drivers were driving illegally without valid insurance.

10
0

PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor

big_D
Silver badge

Re: "he upshot of this is that OpenPGP messages are way better protected against

Exactly. email was never designed to use HTML and it doesn't do it properly.

There used to be a saying, if you can't write in in plain text, then email is the wrong medium. That sending an HMTL email was rude and impolite.

Times have changed, etiquette rules are ignored, because, oooh, shiny...

4
0
big_D
Silver badge

Re: Especially stop reading...

It seems to be how the MUAs deal with HTML email and referencing external links. HTML-Email has long been known as a bad thing (tm), or as GnuPG calls it, evil.

13
0
big_D
Silver badge

Re: how bad is it?

The GnuPG people are annoyed, according to a colleague who is on the mailing list. They weren't informed in advance (although Werner Koch managed to view the report). It seems to be a well known problem with HTML emails and clients (MUAs) that automatically deference external links - so the "problem", according to them is with the way the email clients work.

Edit: edited to clean up line-breaks!

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060317.html

Werner saw a preprint of this paper some time ago. I saw it recently. Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of respect for the paper authors I will skip further comment until such time as the paper is published.

It would've been nice if EFF had reached out to us for comment, rather than apparently only talking to the paper authors. We hope they'll reach out next time.

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html

Some may have noticed that the EFF has warnings about the use of PGP out which I consider pretty overblown. The GnuPG team was not contacted by the researchers but I got access to version of the paper related to KMail. It seems to be the complete paper with just the names of the other MUAs redacted.

Given that the EFF suggests to deinstall GpgOL, we know tha it is not vulnerable; see see https://dev.gnupg.org/T3714.).

Here is a response I wrote on the weekend to a reporter who inquired on this problem.

=============

The topic of that paper is that HTML is used as a back channel to create an oracle for modified encrypted mails. It is long known that HTML mails and in particular external links like <img href="tla.org/TAG"/> are evil if the MUA actually honors them (which many meanwhile seem to do again; see all these newsletters). Due to broken MIME parsers a bunch of MUAs seem to concatenate decrypted HTML mime parts which makes it easy to plant such HTML snippets.

There are two ways to mitigate this attack

- Don't use HTML mails. Or if you really need to read them use a proper MIME parser and disallow any access to external links.

- Use authenticated encryption.

The latter is actually easy for OpenPGP because we started to use authenticated encryption (AE) since 2000 or 2001. Our AE is called MDC (Modification detection code) and was back then introduced for a very similar attack. Unfortunately some OpenPGP implementations were late to introduce MDC and thus GPG could not fail hard on receiving a mail without an MDC. However, an error is returned during decrypting and no MDC is used:

gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-01-01

"Werner Koch <wk at gnupg.org>"

[GNUPG:] BEGIN_DECRYPTION

[GNUPG:] DECRYPTION_INFO 0 7

[GNUPG:] PLAINTEXT 62 1526109594

[GNUPG:] PLAINTEXT_LENGTH 69

There is more to life than increasing its speed.

-- Mahatma Gandhi

gpg: WARNING: message was not integrity protected

[GNUPG:] DECRYPTION_FAILED

[GNUPG:] END_DECRYPTION

When giving a filename on the command line an output file is even not created. This can't be done in pipe mode because gpg allows to process huge amounts of data. MUAs are advised to consider the DECRYPTION_FAILED status code and not to show the data or at least use a proper way to display the possible corrupted mail without creating an oracle and to inform the user that the mail is fishy.

For S/MIME authenticated encryption is not used or implemented in practice and thus there is no short term way to fix this in S/MIME except for not using HTML mails.

The upshot of this is that OpenPGP messages are way better protected against such kind of attacks than S/MIME messages. Unless, well, the MUAs are correctly implemented and check error codes!

29
0

Make masses carry their mobes, suggests wig in not-at-all-creepy speech

big_D
Silver badge
Big Brother

The family went out for a meal together yesterday. As everybody was there that we would want to talk to, nobody took a phone with them.

That would probably come under organized crime under any new legislation...

54
0

US Congress finally emits all 3,000 Russian 'troll' Facebook ads. Let's take a look at some

big_D
Silver badge

SCL/Cambridge Analytica and this are symptoms of the same problem.

9
1
big_D
Silver badge

It isn't fake news, it is a real problem, although, looking at the analysis so far, it probably didn't have much influence on the outcome.

Regardless of its effect, it is a serious problem and the Internet companies need to be taken to task for it. Traditional media is already held responsible for such advertising, so why should the biggest advertising companies in the world (Google and Facebook) be exempt?

20
7

Windows Notepad fixed after 33 years: Now it finally handles Unix, Mac OS line endings

big_D
Silver badge

Re: Don't like Unix text handling - not happy MS

The printer itself and the OS didn't do page numbering or anything like that. The printer "driver" was simply an RS-232 port and the "driver" part was the configuration of the baud rate and flow control.

Some wordprocessing packages managed page numbering and programs that generated reports kept track of how many lines had been output and how large long a page was and they put a form feed in at the right time and printed the header for the next page, including page number.

And somewhere along the line, you would always miscalculate something and end up going one line over the length of the page and form-feeding a page with just one line on it. And then going back, going through the code one line at a time, trying to find out where you miscalculated - ususally because on one of the sub-sections you forgot you added an extra heading or blank line to separate it. Then recompile and try again...

And if you were feeling particularly clever, you would embed a couple of escape codes, if your printer supported them, to make it print bold or to re-type a line to make it bold or to underline it. There were no "drivers" for doing such things, the printer printed exactly what your program sent to it.

Even with MS-DOS that was the case, each application, like WordPerfect, Lotus 1-2-3 etc. came with their own printer drivers, which allowed them to compile a program and use parameter files to adjust its output to the type of printer connected.

It was only when Windows and X came along that this started to change and your program could start chucking out standardized codes for bold, italic, line feed etc. and the system interpreted what to do with it. But you still needed to work the pagination for yourself, which is where tools like Crystal Reports started to crop up, you gave them a template and then just bunged the data at them and they took care of the formatting for you.

0
0
big_D
Silver badge

Re: Vi

Many BASICs, actually.

0
0
big_D
Silver badge

Re: Don't like Unix text handling - not happy MS

But... You could simply cat the file to the screen or teletype (there were no printer drivers for them) and the file would be correctly represented.

If it just has LF, you need to "interpret" the end of the line and add a CR as well (a lot of serial terminals needed both). Also, what if the output actually "needs" a LF as a LF and not as a CR?

For a script or source code, not a problem, but for "formatted" output, using an LF could be simpler than CR/LF + Tab + Tab + Tab (or God forbid dozens of spaces) to get the cursor back to the correct position.

And see my anecdote on the first page to see why LF without a virtual CR can be useful!

3
0
big_D
Silver badge

Re: Notepad++

We use Debian and Gentoo. The default installation is just vi, in Debian you need to "apt install vim" after the install is finished.

1
0

Qualcomm, Microsoft drag apps for Win-10-on-Arm into 64-bit world

big_D
Silver badge

Re: Why didn't they require ARM64 from day one?

The OS is 64-bit, but UWP was limited to 32-bit at first.

Possibly something to do with developer tools and timescales?

3
0
big_D
Silver badge

x86?

Up until now WoA has used 32-bit ARM "native" applications and x86 Win32 32-bit emulation. So, both the ARM and x86 code was similarly limited in memory use.

The 64-bit ARM was always on the cards and should allow for larger datasets. Although x64 emulation is, AFAIK, still not going to happen.

1
0

Forums

Biting the hand that feeds IT © 1998–2018