* Posts by AdamWill

995 posts • joined 4 Nov 2010

Page:

Seven pet h8s: Verity is sorely vexed

AdamWill

Re: I'm not surprised most commenters against Unicode are anglophones

Um. No. Aside from Latin characters, Greek and 'Asian languages', you've got Cyrillic, Hebrew, Arabic and several different Indic scripts. Pre-Unicode, each of these had its own encoding - or multiple encodings - most of which didn't really take any account of how the others worked.

Unicode is massively, hugely better than the 'everyone gets their own encoding! You get an encoding! You get an encoding!' world we had before. Claiming that it only exists for Chinese (you know, that ridiculous little niche case, it's only *literally the world's most commonly spoken language*) is ridiculous.

(Also, it's rather silly to talk about 'write something in Mandarin'. Mandarin, Cantonese etc. are the *spoken dialect* variants of Chinese. There are two major written variants of Chinese, Traditional and Simplified. There's no 'written Mandarin Chinese', and there's no direct correlation between which spoken and which written variant you use, many combinations are possible).

6
0
AdamWill

Re: I'm not surprised most commenters against Unicode are anglophones

As someone who started writing stuff in Python a few years back, and read up on all the unicode stuff as a part of that, I have to say I think the Python developers are broadly correct: Python 2's approach was bad, and Python 3's approach is better. You can see why the Python 2-era designers thought it was a good idea to fudge everything so developers never 'had to worry about' the distinction between strings of bytes and text, and didn't have to care about the various ways of interpreting the former as the latter, In A Time When it was still kind of okay to pretend you only ever had to care about ASCII. But it really *isn't* a good idea, and any time you have to deal with anything but ASCII, it really does tend to lead to difficulties. I think they're right that it's better to explicitly acknowledge the difference in the language. And if you're writing pure Python 3, it's really not that hard to work with - it's not rocket surgery, just encode() and decode() as necessary. (Especially since the default encoding for Python 3 is UTF-8, which is going to be the one you want about 99.99% of the time anyhow).

The reason people hate it so much, I think, is that it becomes unfortunately *much* more of a minefield if you want to write or maintain code that works with both Python 2 and Python 3. Which many many people do. Doing that in itself immediately gives you many, many more edge cases and headaches to deal with. (I've lost count of the number of times I wish I could go back in a time machine and change Python 2's default encoding to be UTF-8, for a start). It gets even worse if you're not starting from scratch - so you can just `from __future__ import unicode_literals` and get rid of quite a few of the issues, making at least *your* code behave quite a lot more similarly under the two interpreters, but are stuck with older code where you can't just do that because of existing assumptions about the way the code will handle strings on Python 2. If you're in that situation, it can be a bleeding nightmare.

It's definitely a shame, and I think some of the Python devs at this point wish they could do the whole thing over and try to somehow reduce the problems. But I don't think it's because the Python 3 design is wrong, or because the Python devs are arrogant, or anything. It's just one of those things that happens because this stuff is hard.

I don't think all the coders who complain are just knuckle-dragging Americans or Brits who refuse to believe that anyone really needs more than the sacred ASCII character set. You *do* get those types, but I think they're a minority. It's just that dealing with this stuff can be a pain even if you honestly do understand and accept the importance of handling ALL THE CHARACTERS.

5
0

Google loses Android friends with Pixel exclusivity

AdamWill

Re: Given most OEMs' approach to Android updates,

Mozilla already gave up on Firefox OS anyway.

1
0

El Reg drills into chatbot hype: The AIs that want to be your web butlers

AdamWill

Why?

This whole thing seems like such a bizarrely flawed idea.

Computers are computers. People are people. Conversation is a communication method for people, it's not a communication method for computers. Does anyone actually *want* to have a 'chat' with a computer? Does anyone actually *want* to 'build a rapport' with one? Am I way off base here and everyone else really is just waiting for the day when they have to keep up a witty and amusing back-and-forth with their house AI every day just to get at the goddamn news? I dunno, I feel like I must be missing something here.

0
0

Put down the org chart, snowflake: Why largile's for management crybabies

AdamWill

Re: The truth.

" In one hilarious case, the end users (help desk staff) persuaded the coders that the requirement (from the help desk management) for a module to gather stats on their performance was not needed! You can probably guess how well that went down when the management sat down to do final acceptance testing."

These people are heroes, and will live forever in the Call Centre Drone Hall of Fame.

They were also correct: all systems for 'gathering stats on their performance' are crap and ultimately counter-productive (as they invariably wind up inducing the drones to care more about getting people off the phone as quickly as possible than about solving their problems).

Good story, though :)

0
0

Well, that sucks: China's Tencent so sorry after vid emerges of faux blowjob office game

AdamWill

yikes

"Your humble Reg hack is old enough to remember when such games – usually involving balloons or bananas being passed intimately between coworkers at staff parties – were commonplace, but time has since moved on, it seems."

Well thank Christ for that, because that sounds awful.

5
9

It's now 2017, and your Windows PC can still be pwned by a Word file

AdamWill

Re: Meanwhile, Adobe is updating blah de fucking blah

TicketMaster's 'choose your own seat' thing still, bizarrely, requires Flash.

But who are we kidding. The real answer is "porn". It's *always* "porn".

4
0

Amazon files patent for 'Death Star' flying warehouse

AdamWill

Re: So, Amazon is really SkyNET?

Well, that's what we *used* to think, but modern tech companies (i.e., Uber) are kindly opening our eyes to the apparent truth that laws are really just sort of mild suggestions...

3
0

Dear hackers, Ubuntu's app crash reporter will happily execute your evil code on a victim's box

AdamWill

Re: eval is evil

FWIW, they fixed it by switching to ast.literal_eval, which seems reasonable.

https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3114

2
0
AdamWill

Er. No 'smart Python coder' should ever miss any call of eval(). Calling eval() is a gigantic code smell and absolutely any linter will complain very loudly about it. There's basically almost no good excuse for ever doing it. Doing it in a crash handler is...well...yikes.

13
0
AdamWill

Re: Confuzzled Researcher

Apport is not some random upstream project, though. It's a Canonical project specifically written for Ubuntu.

7
0

Not OK Google: Tree-loving family turns down Page and pals' $7m

AdamWill

you're not going to get anywhere *close* to living the rest of your life off half a million dollars, unless you're very old or extremely frugal.

7
2

Climate change bust up: We'll launch our own damn satellites if Trump pulls plug – Gov Brown

AdamWill

Re: Idea

Sure, he's done nothing except demand a list of all the employees of the Department of Energy who have worked on climate change related projects. Nothing suspicious about that, nosirree.

2
0

Disney sued in race row: Axed IT workers claim jobs went to H-1B hires

AdamWill

Re: Disney is depicable

That would be why this suit is trying the somewhat-long-shot 'racial discrimination' angle, presumably - racial discrimination being illegal trumps the 'can fire someone for any reason' clause.

0
0

systemd free Linux distro Devuan releases second beta

AdamWill

Sorry, but no. I've been on the receiving end of enough of the same kind of crap, and it screws up your day no matter how 'sensible and reasonable' the rest of the post is. It's just not necessary.

Lennart isn't some cartoon devil. He's a guy who writes code. He's a perfectly nice guy with a family, and he doesn't let it show, but the eternal shitstorm he lives under weighs on him really quite a lot. He wrote some stuff he thinks is an improvement on what we had before and put it out there. It's a lot of hard work; a hell of a lot harder than writing nasty internet comments, for a start. You can't personalize every freaking issue you have with systemd into some kind of nastygram to the person most associated with it.

I don't like everything about systemd. I've been known to write people pointed emails about it at times. But this kind of crap is just wrong and I really hate it; people who are trying to do good work don't deserve it. Period. If you don't like systemd, fine: advocate against it with your OS or distribution or whatever. Or, more productively, help improve it - it's an open source and fairly well documented project, which takes pull requests frequently. Or write something better. But I'm so goddamn tired of this 'f**k Lennart' crap. It's lazy, stupid, hurtful and wrong. Do something better.

4
6
AdamWill

You do realize Lennart's a real person, right? Like, an actual flesh-and-blood person. In the real world. With bowels, and everything. He's not a Silicon Valley squillionaire, either. He's just an engineer. You can go to conferences and have dinner with him. Whatever you think of his code, he does not deserve to have people casually talking about disembowelling him. Jesus. Put a lid on it.

11
12

Debian putting everything on the /usr

AdamWill

Re: only thing I ask

Citation needed? Oh, that's an easy one. Say we fail to mount /mnt/encryptedpartitionfullofsecretdata , and instead create /mnt/encryptedpartitionfullofsecretdata as a plain old subdirectory of unencrypted /mnt and start writing all that secret data to it. Whoops. Probably didn't want that, did you?

"systemd systematically(d) tries to outsmart the sysadmin" - I'm sorry, what? This is exactly the *opposite* of being smart. Trying to make decisions about what mount points it's OK to boot without versus what mount points it's not OK to boot without is *exactly* what would constitute 'trying to outsmart the sysadmin'. What it's doing in this case is exactly *not* trying to be smart, but simply providing settings with very concrete behaviours and respecting them. You can mark a mount point as required for boot or not required, and the default is the choice considered safest. What 'outsmarting', exactly, do you think is going on there?

0
1
AdamWill

Re: only thing I ask

I know you're being sarcastic, but actually, *yes*. systemd isn't only used to boot conventional Linux distributions, note. If all it knows is that some filesystem can't be mounted but it has no information about how critical that is, just going ahead and booting the system anyway might be a *really bad idea*. The behaviour of an operating system if some of the filesystems it expects to be there are *not* in fact there is certainly not something anyone's defined. It could do anything, including something really bad that you didn't want to happen at all. Refusing to boot until the problem is fixed or systemd is told that it's OK to boot without the filesystem seems like a perfectly sensible choice to me.

0
1
AdamWill

Re: only thing I ask

[adamw@adam quick-fedora-mirror (client-filter *)]$ man systemd.mount

...

nofail

With nofail, this mount will be only wanted, not required, by local-fs.target or remote-fs.target. This

means that the boot will continue even if this mount point is not mounted successfully.

just give your non-critical mount point the option 'nofail' and systemd will happily continue if mounting it fails. It is, however, not in the business of trying to figure out whether mounts are critical or not, because it's a bit of a mug's game.

0
0
AdamWill

Re: only thing I ask

Or from the initramfs environment, these days. You can do most anything from there.

0
0

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

AdamWill

Re: Signed updates

Most distros are a hell of a lot better at update security than Wordpress was, if the description here is accurate. At least we sign our goddamn updates.

0
0
AdamWill

Not quite 'all' wordpress servers

"Attackers that used the exploit could then send URLs to the WordPress update servers that would be accepted and pushed out to all WordPress sites."

Well, not quite all. If you're using an OS distribution's wordpress package, it probably has the auto-update mechanism disabled, so you won't be vulnerable to this. I'd think.

0
0

Has Linux got OpenStack licked? The Vanilla 'Plus' strategy

AdamWill

Re: Canonical's JuJu charms...

unless it's your job, you *really* don't want to know.

3
0

Gone in 70 seconds: Holding Enter key can smash through defense

AdamWill

Re: break=overthere

Having thought about it a bit more, really the only plausible case I can come up with is if you decided you wanted to prevent unauthorized folks accessing your system but you didn't want to lock the whole thing up, so you just locked away the main system but left the monitor and keyboard on your desk. Then you misunderstood the purpose of disk encryption and decided to use it as an access control mechanism, believing that the decryption prompt on boot would effectively prevent anyone accessing the system at all (assuming you always locked the screen or shut it down when walking away). And, probably (I'm still thinking about this bit) realized you had to set a bootloader password for this approach to be 'effective'.

Of course, what you should actually have done is set a firmware (BIOS) password.

0
0
AdamWill

Re: break=overthere

Well, you could theoretically have set up a bootloader password to try and prevent people fiddling with the boot process. Anyone who doesn't do that, though, certainly doesn't have any kind of increased attack surface due to this so-called "vulnerability".

1
0
AdamWill

Re: Missing item in the series?

Yeah, I'm not sure I'd describe this as a 'vulnerability' at all. Storage device encryption is not supposed to prevent people accessing a rescue shell on the system the encrypted storage device happens to be sitting in at that point in time. It's intended to prevent people accessing the *data on the encrypted device*. This 'attack' does nothing particularly significant to help you with that, except perhaps make it a bit easier to try a brute force attack.

Even if you do consider this a 'vulnerability', the authors of the article are *massively* overplaying it.

2
1

The Reg seeks online community manager

AdamWill

Re: A bridge too far

Most of the commenters != most of the readers.

1
1

Run a JSON file through multiple parsers and you'll get different results every time

AdamWill

Re: Welcome to the Internet

Exactly this. I mostly work in Python and came to the same conclusion: the worst failure for both Python 2 and Python 3 parsers was a failure to parse (not surprisingly, unicode shenanigans - probably not even specifically to do with JSON parsing), and this is only a problem if you're parsing untrusted input (or trusted input which might include one of the problematic values). Which I'm not. JSON's perfectly fine if you just want a quick, simple way to serialize data in a pretty well-known format. Fr'instance, I wrote a few trivial lines the other week to have a script which fires up when a certain event happens check if the same event has happened before (to a reasonable limit of previous events it cares about), and bail out in that case. I had it store the list of the last few known events as JSON, because it's right there in the standard lib and using it is like two lines of code. It would be absurd to drag pyasn1 into the code (which fits on one page) just to store a small list of strings, which originate from a trusted system and which I know aren't going to include anything but ASCII characters.

0
0

Lenovo downward dogs with Yoga BIOS update supporting Linux installs

AdamWill

Re: Not all Lenovo's fault

Intel have in fact contributed fixes for this now:

https://marc.info/?l=linux-ide&m=147709610621480&w=2

with those patches, you can install to the affected systems even without updating the firmware and changing the controller mode.

2
0

New MacBook Pro beckons fanbois to become strip pokers

AdamWill

Lenovo

So, like that thing Lenovo did for one generation of the X1 and everyone hated it so they stopped?

https://gizmodo.com/lenovo-just-made-the-x1-carbon-even-cooler-1494984619

only now it's world changing, I suppose.

1
0

SUSE: Question. What do you call second-place in ARM enterprise server linux? Answer: Red Hat

AdamWill

What happened...

"Whatever happened to peace and love in the free software world?"

We hired PR departments. We have to let 'em get it off their chests sometimes. The engineers all get together and have a laugh about it later.

7
0

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

AdamWill

Routers etc. e tc.

"Unfortunately, builds of the vulnerable kernel at the heart of countless millions of routers, Internet-of-Things gadgets and other embedded devices remain vulnerable"

meh, I wouldn't worry too much about those in this case. They don't really do much meaningful privilege separation anyway, and you're usually not going to have remote access as an unprivileged user enabled. Local root privesc bugs are most important on systems with lots of stuff running unprivileged and remotely accessible...

0
0

Oh Snap! How intelligent people make themselves stupid for Snapchat

AdamWill

Re: Optic nerve taps

One of William Gibson's recent novels came up with a t-shirt (IIRC, anyway) designed to screw with video compression algorithms and stop the wearer being trackable via security cameras...neat concept. (I may be misremembering the details a bit, it's a couple of years since I read it, but that was the basic idea).

0
0
AdamWill

It's the end of the new.

0
0

Unimpressed with Ubuntu 16.10? Yakkety Yak... don't talk back

AdamWill

wat?

I dunno if Ubuntu is doing something weird to it, but vanilla systemd doesn't change your sysv init scripts in any way. On Fedora, it runs them perfectly well. If Ubuntu is doing something weird/wrong, that's on Ubuntu, not on systemd.

2
1

HPE sells off 'non-core' software assets

AdamWill

not quite

"HPE gets $2.5bn in cash and a 50.1 per cent ownership of the new entity, which will continue to be called Micro Focus."

This isn't quite right (as I understand it). HPE's *shareholders* get a 50.1% stake in Micro Focus. *HPE* does not. Basically what's happening is that Micro Focus is buying a bunch of HPE's (as you say) 'non-core software assets', but because the deal is so large, they can't just pay for them in cash; so instead, they compensate HPE's shareholders for the purchase with MF stock. But it's not HPE *itself* which gets the MF stock, it's HPE's shareholders directly. Rather than owning a stake in HPE which now owns a stake in MF, HPE shareholders directly become MF shareholders as well.

2
0

HP doorsteps Apple shoppers at the altar of dreams

AdamWill

Re: Hey, we still innovate!

Sony was doing slim stylish highly portable laptops when Apple was still making Fisher Price toys...

0
0

Delete Google Maps? Go ahead, says Google, we'll still track you

AdamWill

Re: eh?

Whether you have GPS on or not doesn't matter much any more, at least not in any relatively well-populated area. Now they've built out their wifi access point location database, Google can locate you extremely accurately in any place where there are more than a couple of wifi access points in range whether you've got GPS on or not. Android can use wifi-based geolocation even if wifi is 'disabled'. I think there's somewhere you can 'turn this off', but of course, you're relying on Google's goodwill, I've no idea if that really works or not.

23
1

Crash test dummy? Love the excitement of breaking an OS? Fedora 25 Alpha has landed

AdamWill

I probably shouldn't say this, but...

...most of the bugs you linked actually exist in stable release too. Yes, including the OS X partition resize one. Just, er...don't do that.

Most weirdness people encounter in 25 Alpha Workstation will likely be related to Wayland, which is the default for Workstation now; we know about quite a lot of the issues, but we'd certainly welcome reports of any problems people run across. Other variants (KDE, Xfce, Cinnamon etc.) still use X by default.

and thanks for the article, it's nice to get press on pre-releases so we get more feedback!

0
0

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

AdamWill

The real skinny

If you'd like an accurate technical write up of *exactly* what happened here, don't read this article, read this one:

https://mjg59.dreamwidth.org/44223.html

1
0

Smartphones aren't tiny PCs, but that's how we use them in the West

AdamWill

Re: unique

Well, I mean, nearly everyone has a phone everywhere. But we *don't* generally walk around with it unlocked and the banking app loaded.

0
0
AdamWill

Re: unique

Or compared to:

1) take card from wallet

2) tap card

done. NFC is not particularly secure (though if you're worried you can always buy a lead-lined wallet or whatever), but it sure *is* incredibly convenient. And I dunno about 'the West', but in Canada it's more unusual to find a place which *doesn't* accept contactless payment than one which does, now.

0
0

London's contactless ticket payment system for sale in £15m deal

AdamWill

Re: A good thing

I think the capping is a policy thing, sadly. The Vancouver system is not set up to do it; if you do ten regular journeys in a day you pay for ten regular journeys, even though there's a flat-rate all-day fare that's much cheaper. If you want the all-day fare you have to know about it and specifically load it onto your card before you make a trip. Which is really pretty crappy, and they don't have a good excuse for it, so far as I can tell, especially since by all accounts the system is basically the same as Oyster so it certainly ought to be capable. http://askcompass.ca/?QuestionID=1387 (same applies for day pass).

1
0

Linux letting go: 32-bit builds on the way out

AdamWill

Re: Third Party Software

It's not just third-party software. It's stuff like, well, the kernel. Upstream kernel developers are less and less interested in keeping i686 codepaths working, and they frequently just don't any more.

1
0
AdamWill

Re: Thinks Bubble

The last vaguely mainstream 32-bit CPU Intel released was in, I believe, 2006. There were 32-bit Atom CPUs up to 2010, by the looks of things, but those were pretty niche-y and you're probably not going to have an awesome experience running a full-fat modern distro on one of those in any case. Almost any 32-bit x86 system you have, in other words, must be at least 6 years old and is far more likely to be over 10 years old. That's really pretty old.

The weird Atom tablets / convertibles from the last few years have 64-bit CPUs but 32-bit firmwares; they don't actually need 32-bit distributions, it's possible for 64-bit distributions to run on them with a bit of nifty bootloader footwork.

4
0
AdamWill

Re: Netbooks

"Ubuntu developers are saying that people with old hardware that they do not wish to upgrade or who cannot afford to upgrade are no longer worthy of consideration."

No, they're saying that they no longer want to consider them, in order to devote their limited resources to 'considering' larger user bases. In an ideal world full of rainbows and unicorns OS distributors would be able to make things work perfectly on all hardware ever. In the real world this is not the case, and deciding what hardware to support to what extent is a constant question of making trade-offs, and people getting all irate and stroppy and insisting on taking those decisions excessively personally ('worthy of consideration'? really?) doesn't really help.

There's *always* still some working example of old hardware somewhere. People have working 8088s and Commodore Pets and lord knows what else. That doesn't oblige all OS vendors to keep supporting them. We (I work on Fedora, which stopped considering i686 a release-blocking arch with Fedora 24) have generally decided there's a point at which supporting old hardware is more trouble than it's worth; this is why we no longer actually work on i386s, or i486s, or (for most distros) i586s. That point is coming up fast for i686.

If there's enough demand for it, there'll be niche distros that support these old systems; heck, you could create one. But the mainstream distros, as the name suggests, are there to support *mainstream* hardware. We have to make cost/benefit decisions at some point.

21
1

Let's Encrypt in trademark drama

AdamWill

Re: Oh, they've replied now.

Wow, an expiry time is a business model now? yeesh.

8
0

In obesity fight, UK’s heavy-handed soda tax beats US' watered-down warning

AdamWill

Re: "Lessons from the war on tobacco"

Er, why would your lesson from the "war on tobacco" - which has been probably the single greatest public health success story of the 20th century - be to fight it?

7
0
AdamWill

Re: Aspartame

Heck, you don't even have to believe aspartame is definitely safe for it to be the logical choice. It's simple: we know for a copper-bottomed *fact* (very rare when it comes to nutrition) that sugar is extremely damaging. We don't know for sure that aspartame is. So, go with the aspartame!

That's really all you need. It's not even necessary to note that the balance in the sweetener debate is rather strongly in favour of the 'well, we did a bunch of trials and none of them showed any negative effects except at a level of consumption that in humans would translate to drinking sixty cans of Diet Coke a day forever' side, rather than the 'some nutbag on the internet said it would give me cancer' side...

7
2

GNU cryptocurrency aims at 'the mainstream economy not the black market'

AdamWill

Re: Expect a trademark infringement claim

Why would that mean you couldn't trademark it? There's no rule that trademarks have to be 'original' words, most aren't.

2
0

Page:

Forums