* Posts by flibble

20 posts • joined 28 May 2010

Dropbox would rather write code twice than try to make C++ work on both iOS and Android

flibble

The qualifiers in the original sentence are I believe important; it's not that Swift generates more efficient, compact code than C++, it's that it's far easier to do so in Swift and that Swift has far fewer ways for junior to mid-level devs to shoot themselves in the foot. Swift I believe also has a much richer set of standard libraries than C++, which removes lots of need for pulling in third party code - e.g. Swift has a built in for handling URLs, I'm pretty sure C++ still doesn't.

If you're writing high frequency trading code, C++ is definitely where it's at. If you're writing run of the mill mobile apps, you'll get far more done with fewer bugs using Swift. Automatic reference counting is a massive improvement manual memory management - less code and less bugs, and wins over GC on performance, peaks, efficiency, etc.

Even on mobile, there are cases where C++ makes sense. It's all about using the right tool for the right job. The original article from Dropbox makes a number of very good points.

(Aside: I'm unsure if by 'compact' the OP meant 'small compiled binary' or 'without unnecessary boiler plate in the source code'.)

World's favourite open-source PDF interpreter needs patching (again)

flibble

Re: I ain't afraid of no ghosts

Which one exactly are you suggesting people use that's preferable?

e.g. the gnu fork doesn't seem to have changed since 2014, so I would presume is exploitable using the majority of the last 5 years of bugs found: http://git.savannah.gnu.org/cgit/ghostscript.git/commit/

Upgraders rejoice! The 2018 Mac Mini heralds a return to memory slots!

flibble

That's a SATA SSD though, and a 7 year old one at that.

Mac's use PCIe connected SSDs these days, as do most other laptops. A 480GB corsair MP510 has 3480MB/s read, 2000MB/s write, and at £118 quid (according to scan) is less than a third of the price of the 512GB *upgrade* for the Mac mini (which will set you back £360).

I'd be quite happy with a Mac mini that used a standard PCIe flash card. It's not clear why Apple feel the need to solder the flash storage to the motherboard on desktop PC's.

When something's weird in your ImageMagick upload, who ya gonna call? Ghostbusters!

flibble

Re: This cannot be good

I don't know if it's the case or not, but your post makes it sound like you're running ghostscript on essentially untrusted input and that you're giving it significantly more permissions than it needs to perform the conversion (ie. it has permissions to access other data on your system).

ghostscript may have bugs in it's implementation, but if the above is true then in my opinion you have an issue in your architecture. Isolating the conversion into a service that has no more permissions than necessary would make a lot of sense to me - i.e. the 'screambox' anonymous coward suggests in the next post.

That said, my understanding is these exploits apply to postscript interpretation, so if you are correctly invoking ghostscript's PDF engine then these bugs may not affect you.

GDPRmageddon: They think it's all over! Protip, it has only just begun

flibble

HSBC not wanting to comply with GDPR

I've already made my first GDPR data portability request, to HSBC - requesting nothing more than all the readily available transaction data from my current account. The GDPR requires them to supply this in a 'structured, commonly used and machine readable format' - I suggested csv.

They've replied saying I have to either sent the request via snail mail to their DPO or make the request whilst physically in a branch - whilst the ICO is quite clear you can make your request in any fashion (including via social media!), and other than verifying your identity a company must accept requests made in pretty much any fashion. (I made my request via secure messaging after logging into HSBC's online banking portal including 2FA, so my identity is in no way in doubt.)

I've replied pointing out that their attempt to delay my request is contrary to the law, and eagerly await they next delaying tactic.

All I want is my transactions in a way I can put them into Excel so I can search/filter them, as that makes it simpler to complete my tax return. If the banks hadn't insisted on almost completely crippling midata then I'd have been able to get this data without a battle. There's so many different ways that banks could have easily make customers data accessible that they just have themselves to blame if they receive many GDPR related fines over the coming months.

BT plots to slash pension benefits for 32,000 staff

flibble

Re: "making sure they remain affordable to the company"

"Ahhhh, screw the workers then"

Well yes and no - what do you think happens if the scheme becomes unaffordable to the company? I'm pretty certain it means that the workers get screwed, just in a different and less expected way - ie. mass redundancies, or the company ultimately going bust and the pensions ending up in the Pension Protection Fund.

It's a difficult balancing act. Have BT management got it right? No idea, there doesn't seem to be anywhere near enough data published to make a judgement on that, but I'm pretty certain they're right to consider whether the scheme is affordable to the company in the medium-long term, and I hope they and the unions have a proper balanced discussion about how to ensure that.

flibble

Well, here's the thing - you're welcome to make that offer to pay a fraction of what BT is asking, and they are at liberty to decline it and cancel your service.

Employees of BT have that same choice - if what BT are offering in terms of pay and benefits doesn't properly reflect your value, you have the right to find an employer that does correctly value you. (It's also important to note that all the benefits already accumulated, and those accumulated up until any changes come in, are not going to be changed - as I understand it, this is about how future benefits are earned.)

If BT are undervaluing their staff, then this may come as quite a shock to them if a significant percentage ups and leaves....!

flibble

Woah, BT still had an open defined benefits pension scheme?

Frankly I'm astonished that BT still has such a scheme that (apparently?) was/is still open to new joiners?

These must be as rare as hen's teeth these days - certainly I've never worked at a company that has one, and there's absolutely no way my current company could even come close to affording to set up such a scheme.

I'm sure it won't be a popular opinion, but with ever increasing life expectancies keeping such a scheme open (on the same terms/benefits/payments as historically) would have essentially been a huge pay rise for the staff and some very quick back of the envelope calculations pretty strongly indicate that BT has no choice but to change things if they want to remain competitive. They've already effectively admitted that they need to build out a full fibre network and retire their copper network - and that puts them in direct competition with new comers like cityfibre, hyperloop and so on that are building full fibre networks and have none of the historical baggage or regulatory constraints that BT has.

From the union's statement, it's unclear if they actually recognise the reality of the situation and are prepared to make compromises to ensure the long term survival of BT.

Payroll glitch at DXC leaves former staff in employment limbo

flibble

Payments in lieu of notice would (I would think) be deemed payable on the day employment ended, and hence taxable then. The tax treatment of PILONs is even more complicated as they can sometimes be tax free.

If you instead remain employed for your notice period, the pay would (as you say) be taxed in the new tax year, and it would extend the period you were employed by the company, and legally you generally couldn't start a job with a new employer till the end of the notice period (unless you arrange with them to leave earlier, in which case they may well argue they don't need to pay the rest of your notice pay).

Employer's generally do the former as they'd rather just end the employment relationship asap.

flibble

Redundancy pay (upto £30K) is tax free; the article seems to be referring to amounts that were taxable but were taxed at a potentially incorrect rate - ie. other amounts like notice pay, pay for holidays accrued but not taken, and so on. If your employer is well organised and the amounts are due before your leaving date these are often/usually taxed on a normal tax code rather than an emergency one.

flibble

I don't remember that being mentioned in the article - is there more details somewhere?

I think this is where it gets complicated, and goes slightly beyond what I've experienced (as a business owner that has to deal with all this paperwork from the other side).

It's not that unusual for a P45 to be issued in a different tax year to the leaving date; it's the leaving date that's important rather than the issue date. (Issue date is at the lower right of Part 1A, the leaving date is in box 4.)

Is there any discrepancy between when the pay was *due* and when it was paid? It sounds like (given the leaving date was March 31 according to the elreg article) the payments may have been due then, so should (probably) be taxed when they were due, ie. the previous tax year, regardless of when they were actually received by the ex-employee.

In theory some of this should be less of a problem now that historically, as RTI means information is sent to HMRC in real time. In practice I'm not sure it's actually playing out like that.

flibble

So whilst this sounds like a disorganised clusterf*ck, based on my understanding the P45 situation and tax situation sound correct. It's perfectly legal to issue a P45 before all redundancy payments are made, and any payments made after the P45 is issued must be taxed on the emergency tax code (0T). The employer MUST NOT issue more than one P45, and the timing the P45 should be issued with depends on when the employment legally ends (which again, may well be before all payments are made).

The employee can reclaim any overpaid tax (due to the 0T code) from HMRC.

I'd suggest the affected people get advice from ACAS.

UK.gov departments accused of blanket approach to IR35

flibble

Re: Stop taking the p***

If the permie salary is exactly the same as the contractor would take home for the same work, then you're better off taking the permie role! IT contractors usually attract a higher rate of pay than permies, for various reasons.

The key point however is that none of the items you mention (holiday pay, sick pay, pensions) are funded from taxation (sick pay use to be state funded, but for many years now it's been a cost to the employer in almost all cases).

The state pension is different of course, and most IT contractors will be entitled to a full state pension due to the quirky way National Insurance works.

(For completeness, there are a couple of minor quirks, eg. paternity pay, though the amount the state pays is trivial compared to an IT contractors rate so it's essentially inconsequential.)

The question then becomes: why should a contractor pay less tax than a permie, for the same take home pay, when the contractor is actually getting essentially the same benefits from the state as the employee does?

The generally trotted out answer is because the contractor is taking more risk; but that's why they charge more than permies.

I've been on all three sides of this (ie. an employee, an employee and an IT contractor); my main conclusion is the income tax system in this country needs to be massively simplified. National Insurance is now basically nothing more than a tool used by politicians to keep people in ignorance of the real tax rate they're paying.

Ofcom wants automatic compensation for the people when ISPs fail

flibble

Ofcom really seem to have missed the mark on this one.

The ISPs are at the mercy of either BT Wholesale or OpenReach, and there is nothing in this proposal that will force those two companies (both of whom have a pretty solid monopoly) to change their behaviour or actually allow the ISPs to negotiate fair contracts.

Yes, there's the occasional case where the ISP themselves make a mess of things, but compared to the mess OpenReach make it's incomparable (not to mention the amount OpenReach/Wholesale charge for fixing faults that should not even be chargeable).

The best laugh is the £30 compensation for missed appointments. Even if you're just on the living wage, a day's holiday essentially has a cash cost to you of over £60, and an actual value of far more. Conversely, if BT OpenReach turn up and you've popped out, they charge you/the ISP (IIRC) £130+VAT. That kind of asymmetry is a sure sign of an abusive and unfair monopoly.

(Yes, I've responded to the consolation to say this. I'd implore everyone else to do so too.)

D-Link sucks so much at Internet of Suckage security – US watchdog

flibble

Re: WTF

"Complaint is not on CVEs. Complaint is regarding misrepresentation"

The complaint does (essentially) cover CVEs /as well as/ misrepresentation.

To quote 'Count 1' from the actual court filing (linked from the article):

"In numerous instances, Defendants have failed to take reasonable steps to secure the software for their routers and IP cameras, which Defendants offered to consumers, respectively, for the purpose of protecting their local networks and accessing sensitive personal information."

Google's Grumpy code makes Python Go

flibble

Re: Yes, its you.

"Is using pthreads REALLY so hard?"

From my experience of reviewing code other people have written that uses pthreads over the last 18 or so years: Yes.

pthreads has the building blocks there, but they're error prone, poorly though out, and use concepts that are too low level to be directly useful.

An example: condition variables. Almost everyone that uses them wants a process-scope semaphore (unix semaphores are an optional part of POSIX iirc, and certainly NOT part of pthreads). Almost everyone that uses gets the implementation details wrong, by either handling the related locking wrong, or not correctly dealing false wakeups, or not holding the lock whilst signaling, etc, etc.

pthread_detach is another example of a tool that's often welded but ends in tears half the time.

The sad fact is, the majority of software developers out their can't use pthreads correctly. When that many get it wrong, the problem is IMHO not the developers.

In its current state, Ubiquiti's EdgeSwitch won't have much of an edge on anyone

flibble

Firmware/reliably issues put me off ubiquiti kit

This seems to be a bit of a theme with the ubiquiti kit; decent hardware (for the money) but overall difficultly getting things actually working properly. It's disappointing to hear these issues spread out to the switches too.

I have a single unifi WAP and it appears to work great - significantly more reliable than the built in wifi on the Vigor which it replaced. I've been hugely put off deploying anything further though as it seems unifi have persistent issues with firmware, where things frequently only work in beta firmware, but often the beta breaks other things.

Roaming seems to be a particular issue that unifi simply haven't been able working reliably; there's a ton of complaints out there including this sequence:

http://www.revk.uk/2016/08/iphone-unifi-dhcp-issue.html

http://www.revk.uk/2016/08/maybe-it-was-unifi-after-all.html

http://www.revk.uk/2016/09/unifiapple-getting-worse.html

If someone with the experience & connections of revk can't get roaming working reliably in a pretty simple domestic environment, what chance do the rest of us stand?

I'm still looking out for a reasonably priced range of WAPs that work reliably and actually roam properly (suggestions welcome).

Nuisance caller fined a quarter of a million pounds by the ICO

flibble

According to the statement of affairs on companies house, the company also owes £75K in VAT to HMRC, approx 8K in PAYE and various other amounts including apparently business rates - and has absolutely no assets.

It smells like there's an awful lot more to this story. The law allows directors to be held personally liable for company debts - without more details it's hard to see if those fully apply, but it would seem the small number of cases where the ICO or HMRC actually try to hold the directors personally liable is not a sufficient deterrent prevent behaviour like seen here.

Doc develops RSI-reducing rolling mouse

flibble
Unhappy

Doesn't seem to ship to the UK

If there's a UK shipping option on their website I can't see it - I get sent to amazon.com, which refuses to ship the mouse to a UK address.

iPad queues worldwide

flibble

queues in Glasgow? er no...

Not sure when that Glasgow photo was taken, but at 9:30AM there was no queue and you'd be in and out with an iPad in 5 minutes. There were a few bemused looking photographers at the store entrance though.

Biting the hand that feeds IT © 1998–2019