* Posts by ShelLuser

2494 posts • joined 19 Dec 2010

Massive US military social media spying archive left wide open in AWS S3 buckets

ShelLuser
Silver badge

@WashingtonWetneck

"And this is by firms that make computer security their business"

Has the possibility ever occurred to you that those businesses could also be doing a terrible job? And then obviously blame it on something else.

0
0
ShelLuser
Silver badge
WTF?

The hypocrisy is astonishing...

"which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism."

An "influencing campaign" huh? Didn't I hear major outcry's a few months ago that the Soviets might have influenced the presidential elections through some posts on social media? That was obviously not done because how dare they try to influence stuff by sharing "false" information.

And here we are, the US doing exactly the same thing. Oh, sure, this time it's different because you're trying to "help the children". Well, bollocks. Everyone will have their reasons, depending on your point of view, but that doesn't change the fact that the hypocrisy is shining. When someone else does something it's foul play and actions need to be taken, but if you yourself do the exact same thing it's suddenly "different"?

I don't think so.

0
0

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

ShelLuser
Silver badge
Pint

All of a sudden...

Remember GitLab? That "we want to be like GitHub but you'll have to pay us to keep your stuff safe"-company which utilized 6 ("six"!) different backup strategies to keep your data safe, but then never bothered to check on any of them so that in the end they ended up empty handed when they actually needed their precious backups?

I don't know about you, but all of a sudden they seem pretty harmless right now.

Because let's be honest: most of us have been there, the moment you notice that your backups are crap is when you actually need 'm.

But that really fails in comparison to what we're see happening with AWS (and now Github) as of late. Don't the "IT professionals" these days understand the difference between public and private repositories anymore? Are they really that stupid that they don't realize that private keys which are even referred to as that should be kept private?

From the 'req' OpenSSL manualpage:

-pubkey

outputs the public key.

-newkey arg

this option creates a new certificate request and a new private

key. The argument takes one of several forms. rsa:nbits, where

nbits is the number of bits, generates an RSA key nbits in size. If

nbits is omitted, i.e. -newkey rsa specified, the default key size,

specified in the configuration file is used.

How obvious do they have to relay any of this information?

Oh wait... do these guys actually read manualpages or have they become too "special" for that?

And on that subject: do you really have nothing to hide anymore? If "IT professionals" are this careless with their own data, then what do you think they'd do with data which doesn't really matter much to them. For example yours?

6
0

Microsoft touts real-time over-the-network pair programming in Visual Studio, GitHub ships it

ShelLuser
Silver badge

Stupid idea, coding isn't writing a novel!

It becomes obvious that the commercially exploited development tools have reached their current limit if companies suddenly try to sell us this kind of crap. Because who in their right mind would use anything like this?

It's already difficult to administrate a larger team project because although you expect every programmer to do their best to send in flawless code, the reality shows us that everyone can make a mistake. The larger your project grows the more important quality checking will become. And even then most project developers prefer that others (so devs. other than the coder(s) themselves) go over the code manually because humans can often spot certain hiccups better than automations.

This is also one of the reasons VCS can be so extremely invaluable because it allows you to pick out every single commit to check it out, and also apply full control over it. Something tells me that this kind of failsave won't be part of this monstrosity. At least not the first releases because... If you sell people a fully working product then what's left to sell them at a later time?

Sure; if you use this system to get someone else to go over your code to spot mishaps then I'm confident that it'll work and can become a valuable tool. But that's not pair programming, one person wouldn't be programing but merely quality checking.

But to actually program on the same thing together both participants would have to know exactly what the goal is. So: the initial programmer would first have to explain the goal, how to reach it, what to do and what not to do (for example: with Java you'd either want getters and setters or not, or you want private's because this will be stand alone or you recon that it might become part of something bigger so lets go for protected instead) and then also you'd have to divide your tasks. Who does what?

So my dilemma: wouldn't all that time spend on getting the coding strategy explained be much better spent on the actual coding?

I wonder how long before we can see this scheme used to excuse ones coding mishaps.. "Yes, the code was crappy as heck but it wasn't my fault. My coding pairing buddy made a mess, not me. So you shouldn't be criticizing me (even though I sent in the code in the first place)...".

I'll stick to vim for now :P

3
0

The Quantum of Firefox: Why is this one unlike any other Firefox?

ShelLuser
Silver badge

@Jim

"Off topic, but I'm not sure why Firefox has lost so much ground to Chrome in recent years."

I do. And so do you, I mean, if you run Firefox today then it almost feels as if it was build upon Chromium. Do note that I'm not necessarily talking about this version but about 56.

But it shares so much resemblances. The command scheme (about:plugins), the speed dial screens, the right menu in the settings pages, using only 1 menu "button" vs. a regular menu, the tab style, the search engine shortcuts...

Thing is: at one point (when Chrome started to take off) they went even so far as to make the browser look and feel as if it was a Chrome copy (which was the reason why I stopped using it myself because I actually liked the regular menus and icons and buttons). If a browser starts to copy its competitors right up to a point where it shares a striking resemblance, then isn't it kind of obvious that it's bound to lose grounds? Why settle for a copy if you can have the original?

15
0

It's 2017 – and your Windows PC can be forced to run malware-stuffed Excel macros

ShelLuser
Silver badge

@Version 1.0

I fear it goes much, much deeper than that.

Because what does a generic programmer often use? And not just Microsoft, but also on Linux, FreeBSD and any other given platform will you see this happening? Libraries and/or API's. Sometimes up to such ridiculous points that you can get multiple versions of the same library onto the same system (now hinting at BerkeleyDB). Dozens of programmers these days don't necessarily build all their stuff themselves, but also rely on libraries to fill in some of the blanks.

Now, don't get me wrong, that by itself isn't a bad thing. But many library programmers do exactly the same thing, which can easily in the end lead to cascading effects. Because if there's an issue with a library then all the software which compiled against it will also be affected.

And things can go only worse from here. Because what would happen if there were any bugs discovered in your average compiler? Even compilers use libraries these days, and libraries which by themselves rely on others.

I believe that this is one of the reasons why we seem to live in a time where software gets an ever lasting stream of updates and patches. Sometimes it's not because of the programmer, but because of the tools and externals they chose to use.

15
1

DXC spills AWS private keys on public GitHub

ShelLuser
Silver badge
Pint

Massive regulations and no qualified staff?

This is what you get if you cater to less qualified people and then try to make up for all that by enforcing a massive list of regulations. So massive that I honestly can't blame some for not fully following up on it (did they even understand the whole thing?).

My stance is to get people qualified for the job, but unfortunately that often doesn't work. Because corners need to be cut. You can get a 30 - 40 year old veteran who is worth their money and would never make mistakes like this (for starters because they understand the concept of a public repository) but it also means their paycheck will be a little bit higher than the rookie you can get for less.

And instead of training said rookies you just make them feel important and lay out a whole list of do's and don'ts for them to follow, sometimes (more than often) not even bothering to ensure that they understand why you laid out those rules and why they matter. Because... You need to feel important too of course and your will is law. So they have to comply because "you told them to" and that's all they need to know.

That's not exactly creating a healthy working condition, and then this is often the result.

Makes you wonder how much you could have saved if you had hired more qualified yet a little more expensive developers / engineers. Can't be more than this.

9
0

Munich council: To hell with Linux, we're going full Windows in 2020

ShelLuser
Silver badge

Just get the best tool for the job...

The problem, as I see it, is that their goal was never to get the best tool for the job but to go "open source", Linux in specific. That's the wrong mindset. Linux, or any other open source solution, should be a means but not a goal in itself. That alone is bound to fail.

Look, "open source" can definitely work, and it can do an amazing job as well. For example: my company replaced all our (3) Windows 2003 servers with FreeBSD, powered by Apache, mod_mono, Samba and PostgreSQL and we never ever looked back.

But our client side has remained on Windows 7, Visual Studio and Office 2010 for quite a long time. Simply because that was the best and easiest solution to get the job done at that time. Sure it'll cost you (more) money than picking up a free solution. Or so you think... See: company time is also very valuable and should also be accounted towards the eventual costs. If you need to retrain all your staff to work with Open / Libre -Office while they're already fully familiar with MS Office then going open source might not be the best of ideas for that specific part.

Also important is to keep in mind that some projects have been going through some very drastic changes and improvements over time. Libre Office 5 is a seriously better competitor to Microsoft Office than its predecessors, let alone the pristine fork from Open Office back in the days.

Heck, it's only recent that Thunderbird started to include calendar and appointment features by default, thus placing it pretty well in direct opposition of Outlook. But back in 2014 / 2015 that was a completely different story.

11
2

ZX Spectrum Vega firm's lawyers targeted by empty-handed backers

ShelLuser
Silver badge
Mushroom

Is there any Indie project which did work out?

So far all I've seen about Indie Go Go projects in the past is one thing: people taking money and not delivering the stuff which was promised. Not even giving you an honest "sorry, it didn't work but..." but just nothing, often mixed with completely changing their original story.

Waterseer started out as a 'magical' product which would easily condense water from the air around it and by doing so collect / produce water. The first models shown in the advertisements were totally unrealistic (for example: a model which was attached to a bike (between the legs) and was supposed to collect energy through solar panels), and worse yet: if you did the math (first degree physics) you could conclude that this design could never work.

In the mean time they managed to produce a prototype which is basically nothing more but a water condenser, like the ones already available in stores today. Of course, in the electronics store you pay around $75 - $100, a 'Waterseer' costs you approx. $773,-.

The reason I mention them: check the comment section, notice anything familiar?

Heck, just go to a random happening and you'll probably notice "weird stuff".

I just discovered the "dBrand phone case", a "revolutionary" product: never drop your phone again. Once again, check the comment section. Some people started wondering: "how do you get the right GRIP when you can't even mention what type of phone you have?".

Seems pretty important to me that you'll know the size of a phone before deciding if your casing can fit. But I guess that company only sees 1 'case' which is revenue and everything else doesn't matter.

So yeah, anything on Indie Go Go which did work? To me it looks like one huge collection of snake oil merchants who walk a fine line between being a con artist and a plain out scammer.

6
0

Brace yourselves, fanboys. Winter is coming. And the iPhone X can't handle the cold

ShelLuser
Silver badge
Pint

Technology goes forward, usability goes backwards

Why is it that we have devices right now which won't be able to operate on items from the past yet still fail to give us any significantly better performance or experience?

Sure, don't get me wrong: some features we have now are better than what we had before, but at what costs I ask? See.. this isn't something solely applicable to Apple here but it happens all over the place. Companies try to feed us with less options for the same (if not higher!) prices.

Windows 2008 / 2010 "modern look" everyone? A dull, flat and almost colorless interface which would remind anyone who lived it of Windows 2 with the major difference that we actually had resizeable windows (not so much with Metro though). And guess what: you can't run that on your 286 hardware even though functionality-wise the two weren't that much different.

Before you go at me: yes, things changed. Yes, we can do more. But... In most cases we can't do more, we can only do so easier. Generally speaking several features have become easier to use but that doesn't mean the feature was new nor was it some new functionality change.

This is no different. I had an old Samsung Jet which had this awesome touchpad interface, a small square which would display different icons based on the function. Of course, in the end all it registered was up/down/left/right but heck: it was cool because it was new.

... yet that never failed me with -20degrees celcius.

Newer isn't always better.

13
0

Microsoft president says the world needs a digital Geneva Convention

ShelLuser
Silver badge
Facepalm

Instead of more regulation...

... try to get hold of people who actually know what they're doing to get the job done for you.

And also listen to them. If some co-worker warns you about the fact that the IOT stuff you sell is pretty bogus then don't fire them because of bad motivation, but listen to what they have to say so that you can work a middle ground to actually improve on your product.

But as long as money is more important than quality then this is what you get. And when you produce crappy software then it's only a matter of time because someone is going to try and abuse it. No shit sherlock!

14
1

WikiLeaks drama alert: CIA forged digital certs imitating Kaspersky Lab

ShelLuser
Silver badge

HTTPS much?

Some people want you to believe that when HTTPS is used you're fully secure. Guess not.

This is exactly one of the reasons why I believe that the pressing for HTTPS by browsers only works counter productive: it creates a false sense of safety while in fact there's no added security at all. In most cases someone already needed physical access to intercept your web traffic, and if they got that then even HTTPS doesn't have to stop them, as we can see here.

0
4

Credential-stuffing defence tech aims to defuse password leaks

ShelLuser
Silver badge
Pint

Seems very counter-productive to me...

The main problem is that the whole thing works after the facts. Not only that it also introduces a whole new heap of possible security risks. After all: for this to work a company would have to send them their collected data. Here's hoping that they don't hire a secretary using a Windows 95 machine who gets charged with "sending the zip file over". Yah, just too bad that the machine suffered from a DNS spoof.

But as said: this works after the facts. So someone registered, their password matched, then what? Asking the user to change their password next time they logon? It's most likely already too late by that time (depending on the kind of service of course). Or what if this service got it wrong? Then you're basically scaring your potential customers over nothing.

Yet most of all I can't help think that this only provides a security ruse. After all: more sensitive data gets transmitted which opens more room for abuse, and the end result is practically neglectable.

The only thing which helps is to get users to stop re-using their passwords. But good luck with that!

0
1

ICANN gives domain souks permission to tell it the answer to Whois privacy law debacle

ShelLuser
Silver badge

@Doctor

"Generally speaking, law overrides contract terms. If the ICANN contract requires the other party to do something illegal then surely that clause would be unenforceable."

They can easily make it legal. It all boils down to consent. So what would be easier than to add a checkbox in the domain registration process: "I give consent to add my details to the ICANN database". Problem solved.

I don't have an opinion of good or bad here, but seriously: this law isn't going to change anything because it's so horribly easily diverted. Our tax dollars hard at work indeed.

3
3

Mozilla devs discuss ditching Dutch CA, because cryptowars

ShelLuser
Silver badge
Megaphone

Advancing our civilization into less a democratic state...

This law, in Dutch nicknamed the "sleepwet" (sleep = drag, wet = law, so the "dragging law" somewhat), has already triggered a protest in which several organizations filed a petition for a referendum. Probably not much to anyone's surprise the referendum easily reached the required thresholds and we're looking forward to a referendum in the making. Unfortunately not a binding referendum but only an advisory one.

But during these times you really get to experience democracy at its finest. Because some of our politicians are already discussing the possibility to remove the right to petition for a referendum. Because it's obviously such a drag for our politicians to actually get confronted with the real opinion of its civilians.

You can say about Russia what you want but at least they didn't try to uphold a facade by calling their country a democracy but kept calling it communism. Over here we're supposed to have a democracy, but every time the civilians call out for that they more than often get stonewalled. And maybe worse in the future.

Such a wonderful world...

20
0

Why are we disappointed with the best streaming media box on the market?

ShelLuser
Silver badge

@NonSSL

"I really don't see why the Roku has such a following beside being available to buy in the high street shops."

Have to agree with you there. I just checked out their website and from what I read it can't even access media from your local LAN. Which, for me at least, is a must-have feature in a mediabox.

Think about showing some of your vacation pictures or movies to your friends; I usually do that using my TV and the trustworthy AC Ryan mediabox.

9
1

Whois? No, Whowas: Incoming Euro privacy rules torpedo domain registration system

ShelLuser
Silver badge

I doubt this will change anything...

"Put most simply, GDPR requires businesses to get the consent of people to gather, store and process their information."

So next in the domain registration process: "by registering this domain you give your consent for us to put your data into the ICANN WHOIS database for all to see". And if people don't check the box they won't be able to register the domain.

2
1

NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky

ShelLuser
Silver badge
Facepalm

<facepalm>

"Users can configure Kaspersky's software to not send suspicious samples back to Mother Russia for scrutiny, however, in this case, the NSA staffer didn't take that option, allowing the highly sensitive files to escape."

And these are the people who are allegedly keeping the world safe from criminals? Do you really want incompetents like that snooping around your data?

10
0

Dell forgot to renew PC data recovery domain, so a squatter bought it

ShelLuser
Silver badge
Facepalm

Here we go again...

Yet another company which is way more busy doing "important stuff" than looking after their customers. But, uhm, who do you think brings in your paychecks?

14
1

Family's legal battle over YouTube's role in Paris terror murders is paused

ShelLuser
Silver badge

Of course it's everyone elses fault

... except the actual terrists. Why? Simple: because you can't sue them to try and get your greedy hands on a large sum of money.

And lets also not stop to think about the people who actual suffered from all this (you know, the people living in France who's relatives got involved?) because... yah, who cares about them, right? I mean, these nutjobs live in the US and those "dudes" live in France out of all countries so obviously the US "victims" are far more important than those "weird French people", right?

Now, I know not every American behaves in this manner and I also realize like no other than there are plenty of "Yankies" (no sneer!) who also can't stand idiocy like this. I really do.

But sometimes I can't help wonder if they shouldn't apply laws which forbid certain US people to try and get involved over actual issues which hurt actual people. Because my heart can only go out to those families who get reminded and re-introduced once more to all the horrors of having to lose their loved ones.

And all courtesy of some <self-censored> nutjob which thinks it's a good idea to try and use real problems to satisfy their own greedy and selfish ambitions.

Disgusting.

10
4

CEO of $300m-a-year ad upstart Vungle cuffed for allegedly sexually abusing toddler son

This post has been deleted by a moderator

Hackers can track, spoof locations and listen in on kids' smartwatches

ShelLuser
Silver badge
Joke

These things ARE safer!

Only problem is that no one bothered to wonder "Safer for who?".

Welcome to modern day design: where you simply assume that others think about things in the exact same way as you do.

5
0

The age of six-monthly Windows Server updates starts … now!

ShelLuser
Silver badge
Meh

I'm still indifferent...

I don't think this has to be a bad thing to be honest, as long as it is optional. To be honest I'm a bit confused because it almost sounds as if MS will drop support after one year or so, forcing you to upgrade no matter what.

Even so, I'm still indifferent. We replaced our Windows server with FreeBSD, Samba, Apache, mod_mono and PostgreSQL several months ago and so far so good. Heck, instead of having to get extra (heavier) licenses in order to utilize a VPN all we had to do was "make -C /usr/ports/security/openvpn install clean", configure the whole thing and wham.

Of course the downside to all this is that hardly anything exciting happens anymore during updates :P

7
3

Linux kernel community tries to castrate GPL copyright troll

ShelLuser
Silver badge

@Lee

"He owns the code.

He therefore has the right to sue if you're not compliant with the license."

He may own part(s) of the code, but he doesn't own nor control the entire project. And I think that's a very important detail in this case because his work is a small part of a bigger project. Which I think is a very important detail here, because his actions seem to suggest that he's trying to act on behalf of the entire project, only to try and gain personal financial gain from it.

That doesn't seem right at all.

Of course it does raise another question: how well the project has thought about all the legal aspects. It's not uncommon for a project to request that contributors agree to waive / transfer their rights onto the project. In other words: agree that once they commit their code the intellectual property also transfers onto the project itself. Not that I think it would have changed much though, not too many people fully understand what is going on here, and I think that aspect got carefully targeted here.

Can't help wonder if some companies would consider a counter-claim. I mean, it has become plain out obvious that he's no longer representing the project in any way, as such all his claims seem to have been undermined as well. Time for some popcorn perhaps ;)

33
9

Facebook, Twitter slammed for deleting evidence of Russia's US election mischief

ShelLuser
Silver badge

So let me get this straight...

Posting stuff on Twitter and Facebook now accounts for "influencing the presidential elections"? And that's illegal (or controversial)... how exactly?

11
4

Open source sets sights on killing WhatsApp and Slack

ShelLuser
Silver badge

Not too sure about this...

Granted: I don't really keep up with all the details involving every open source project I use, but mostly focus on whether I like it or not. And I couldn't help notice that recent Dovecot upgrades didn't exactly go as smoothly as I wanted to; most specific some massive changes in the configuration files for example. Instead of one you now get dozens and often have to hope that you'll pick the right one for the right setting; it's not always as logical as it could be.

For example: I used to rely on Dovecot providing Postfix with a socket for authentication. This made it quite easy to administrate one dedicated mail related user databases for all mail related software (Postfix / Dovecot). Usually found within the auth default {} structure. So here I was assuming I'd find this in conf.d/10-auth.conf but no... That would obviously be much too logical. Instead we're going to include even more config files making the whole process much too tedious than I care for.

Sure, once you realize as much it's easy, and it's also not that hard to figure out. But "figuring out" is also time wasted on something trivial which could have been better spent on actually configuring all the options I needed.

So yeah, if I read this; them planning to add even more stuff into Dovecot which I totally don't care for then I'll probably be re-evaluating my pick for POP3/IMAP really soon. Although I appreciate the integrated Postfix support, but having both environments perform lookups in a (PostgreSQL) back end database should serve my needs just as well. And then I'd rather use something small and to the point, instead of something which has dozens of options I don't need nor care for.

4
0

Q. Why's Oracle so two-faced over open source? A. Moolah, wonga, dosh

ShelLuser
Silver badge
Stop

They don't love open source

... but they really go wild for free labor!

14
0

Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

ShelLuser
Silver badge
Facepalm

c'mon...

Everyone (should) knows that opening attachments within e-mails that originate from unknown sources are best left unopened. So what could possibly go wrong here? :)

Even so... GPG4Win FTW. That's GnuPG for Windows (uses Kleopatra) and much to my first surprise it can hook directly into Outlook as well. And I'll take GPG over S/MIME any day of the week.

9
0

Let's go live now to Magic Leap and... Ah, still making millions from made-up tech

ShelLuser
Silver badge
Mushroom

@pravvy

"Many, many credible people have posted publicly about having experienced a working, delightful Magic Leap demo."

The same could be said for Waterseer yet after years of "research" and "development" all they managed to produce was a rough beta model which was basically the exact same thing as an average water condenser which can already be bought in stores right now.

A more recent example would be Hyperloop, many "credible people" (mostly journalists seem to speak up though) are raving about that and seem quite excited about the current test pipe which is being build right now. Many have made reports about it and seen the pipe from the inside.

However, much to my surprise, no one has ever mentioned the enormous amounts of rust which can be seen inside. If you look at the edges in almost any video shot from the inside the tube you can easily spot that for yourself. How is a rusted up pipe a good thing for a test track? What kind of engineering skills, or lack thereof, does that demonstrate? I mean, it only costed them a million or so....

Solar 'freakin' roadways anyone? Lets make glass roads (that is going to be so much fun in the rain) and place solar panels inside the roads. You know, the area where cars actually pass over and by doing so will block out the sun so prevent the panels from producing any energy at all. That too got massively positive media coverage. Well, as you might know they actually made a test model which was build for real.

Totally invisible during day time, several panels already broke, the whole thing even caught fire once and most of all: it doesn't collect any energy. It's by far capable of even sustaining itself right now.

In this day and age "credible people" means nothing anymore.

In a totally unrelated example: Last week in the Netherlands a company was going to build on a stroke of land and as determined by national law a group of professional archaeologists screened the area and eventually gave the go for construction because there was nothing there. After the 'go' a group of amateur archaeologists set to work and what do you know?

Those "amateurs" found what could very be the greatest archaeological discovery for the Netherlands in a long time. Hundreds of items and several complete ships were restored. Complete, intact, ships.

You can read the full story (Dutch) here.

Had it been for the "professionals" then we would have missed out on an enormous historical treasure.

SO yeah.... credibility really means very little in this day and age. Because people get often credited for who they are, not for what they did or have done.

1
1
ShelLuser
Silver badge

@Mr. K

"But isn't this how technology companies have always formed?"

No. Because back in the days people would come up with a design or a plan for a design which was really feasible. Meaning: they actually studied on their ideas, they could back up their claims with factual arguments and (and this is the most important part!): they could also recognize and discuss the negative aspects of their plans (for example: "It costs too much right now, but part of the project is to do research in order to cut down the design costs").

These days you see companies (mostly American for some reason?) which don't even mind totally ignoring 1st degree laws of physics and still try to pursue their ideas, while anyone with a bit of common sense can see (or reason) that it simply can't work. Take Waterseer. A project which was to condense water out of air so that you would end up with drinkable water whenever you're in an area which has less.

After years and years or marketing, trying to obtain more funding, and doing "stuff" (mostly marketing) they eventually managed to build a prototype which is basically not much more than an average condenser which you can pick up in a store right now. Of course, in the store it'll cost you much less money. Investors are likely to end up having spend approx. $200 in order to get a machine which 1) Totally doesn't match the original marketed product. 2) Is basically a much more expensive version of already existing machines (approx. $50 - $75).

In my opinion the whole thing is very close to plain out scamming.

5
0

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

ShelLuser
Silver badge
Windows

Not an Apple fan at all but...

I do have to admit that OS X starts to look more and more appealing every week. It doesn't have all this FUD nonsense which Microsoft provides us with, to my knowledge it doesn't try to coerce or force you into upgrades you don't want and best of all most of the software I use also runs on Apple (as far as I know).

As said I'm not a fan, I still think that in many cases Apple is pretty overpriced for what it can do, but I'll also be the first to admit that I don't have full hands on experience. Even so... In 3 years from now I wouldn't be too surprised if I would indeed jump ships, simply to put an end to all this intrusive and oppressing madness.

And the worse part? I actually like Windows. The environment as a whole is impressive, it definitely has a solid hierarchy and administrative structure build into it. Of course I also think it's kind of bloated, but that's another story.

How many more people would feel this way when nonsense like this keeps popping up again and again?

11
3

FreeBSD gains eMMC support so … errr … watch out, Android

ShelLuser
Silver badge

@Infnords

"I don't care if they have to wrap windows device drivers as a stopgap solution, it should just work."

That's what they once said about Linux when it came to several common tasks.

4
0

Oracle VP: 'We want the next decade to be Java first, Java always'

ShelLuser
Silver badge

Loving Java, hating Oracle

I think these could become interesting times. The thing is: I seriously enjoy the Java programming language because of what you can do with it. However I don't particularly enjoy all the bloat that seems to be getting into it or shipped with it, with this I specifically refer to several new frameworks.

Earlier this week I was checking out "DukeScript"; a scripting environment running on top of the Java JVM which is said to be a "nice and clean architecture". Obviously the runs-everywhere applies because you should be able to produce stuff which can run on a variety of environments: from Android to your webbrowser. Well, I gave it one try and stopped bothering the very same day because man... I was using NetBeans and before I knew I was looking at 5 automatically created projects which tons of stuff assigned to it, saw a 4 - 5 minute (Maven) download session running to grab tons of supporting libraries and in the end I was looking at a webpage with a logo on it. That was the demo project. One (virtual) project consisting of 5 projects in total and TONS of XML control files.

Things like that may make it "easier" to create stuff (a few lines of scripting) but I always wonder: at what costs? What underlying pile of bloat does it need to work? I know most people don't bother to think about that because storage space and computing power is cheap these days, but I don't like that.

Quite frankly I think these could be dangerous times for Oracle. As much as I like Java I also seriously dislike Oracle. And I think there are plenty more who feel this way. The reason I still stick with Java myself is mainly because I'm not a full time programmer, and because I enjoy the environment. But it always makes me wonder: how many people would pick up on environments such as Python purely out of mistrust of Oracle?

7
0

Computers4Christians miraculously appears on Ubuntu wiki

ShelLuser
Silver badge

Are you sure?

"Ubuntu's wiki page was temporarily taken over by religious group Computers4Christians this morning"

Or an anonymous troll who was trying to put the project into a bad spotlight.

This kind of project is something I prefer to steer clear from because I can't help spot a bit of fanaticism. Doesn't have to be that, but that's my impression. But the thing is: if you look at their website you'll notice that they do seem to respect copyright and everything else. All their work has proper mention of credits, links to other works, licenses are made clear.

Although they definitely look a bit fanatic to me I don't think they'd stoop this low. Seems a bit out of place and character to me.

18
0

Introducing EE4J – Java EE's fling with the Eclipse Foundation

ShelLuser
Silver badge

Focus on key strengths...

The problem with the whole EE approach - in my opinion - is that Sun tried to push Java into every imaginable direction, even if that meant turning it into something it's actually not. One of the main problems which the whole approach is that the environment can be tedious in comparison to the other alternatives.

If I want to program in PHP then all I need is the Apache webserver with the PHP plugin. If I want to program in ASP.NET (my personal favorite) then all I need is either IIS ("one size fits all") or Apache with the mod_mono plugin (and Mono of course). Although this setup does use Mono as a backend (or separate application service) it's still a "one size fits all" kind of solution because I don't have to tinker with any backends, Apache is mainly calling the shots so to speak.

Java not so much. Now, I can utilize Tomcat or Glassfish for all my contents but seriously... That's not even remotely usable as a webserver, because it lacks a lot of things which you'd normally expect to find there. So you're more or less forced to using 2 environments. Your webserver and the application server backend. 2 environments to maintain, tune and optimize.

My other gripe is that a Java environment isn't really very flexible when it comes to webdesign. It heavily relies on frameworks to get the functionality onboard, but in the end it still feels somewhat of a hack to me. For example: I can't easily set it up that one webpage should be considered a master template of some sort which should always be included by everything else.

That is: you can easily include extra contents, but its always pretty static. You can work your way around all that (session beans come to mind) but if you compare that to the ease of use which both PHP and ASP.NET can provide here then Java gets a bit mediocre.

Now, that's not saying it's all bad, which is also why I mentioned key strengths. I think Java can seriously excel when it comes to building webservices. You don't have to worry about design, you don't have to worry about contents too much but mostly usability and remote access. Thats a Java concept I actually do heavily enjoy using.

And I think that might be their best bet: start by focusing on the things Java is currently good at and try to work around it.

2
5

Commodore 64 makes a half-sized comeback

ShelLuser
Silver badge

Better alternatives..

Just pick up Vice and find yourself some rompacks on the Internet (there are plenty freely available thanks to retrogame websites) and after you did that you can soon play dozens of retro games free of charge.

Heck, I even managed to copy my Final Cartridge using a small basic program, send that to my PC and right now I'm using that image in Vice as well. The whole setup can really take me back to those good times :)

Seriously though: the graphics maybe far less than what we're currently used to, but some of the gameplay we had back then was really way ahead.

6
0

Forget the 'simulated universe', say boffins, no simulator could hit the required scale

ShelLuser
Silver badge

What if it isn't a simulation but reality?

Einstein once said that "The micro cosmos is the macro cosmos". What if that were true? It would basically refer to the fact that we're not inside a simulation but that our universe is part of something much bigger, something not easily comprehensible.

We already know that although the knowledge about atoms and electrons is mostly correct there's much to them than simply a nucleus and electrons spinning around them, thanks to the expanding knowledge on quantum mechanics. We also know that some things cannot be destroyed, energy can't just "disappear" for example. If you burn a piece of paper then all the basic elements which made up the material are still there, but in a completely different form. Effectively maintaining those basis aspects which made up for the piece of paper or which were 'inside' them.

If we are part of something bigger, why can't it be something which is pretty common in the grand scale of things? So basically theorizing that we, in comparison, are so small that our universe can't "just" be destroyed by any external events.

1
0

Man with 74 convictions refused permission to fling sueball at Google

ShelLuser
Silver badge
FAIL

Shoot the messenger syndrome?

Even if Google had done this then what about the websites who initially shared that content to begin with?

People seem to forget that all which Google does is collect that which has been publically shared by others. Instead of suing Google he should target the source of this material. Of course then he'd probably risk getting laughed out of court.

26
1

Java security plagued by crappy docs, complex APIs, bad advice

ShelLuser
Silver badge

General issue

"They found that many developers don't understand security well enough "

Shocking news, devs. who copied code didn't understand it enough.

Seriously though, this is a common issue which can be seen throughout all areas.

My favorite: Minecraft. "How do I summon a zombie with a wooden sword?". And in come the answers, just too bad that most of them used a so called 'command generator' and said generator hadn't upgraded to the latest version...

The problem: people take things for granted. They hardly question anything these days!

How else do you explain people rooting and donating to projects where you can easily establish that the idea will never work by following up on a 1st class degree physics book?

Coding is no different. Once people find out something works they'll copy it and share it claiming it was their own, even though they have no clue how things work. The worst part:this copying includes flaws.

But how gullable do you have to be to use this stuff without actual testing?

14
0

Nadella says senior management pay now linked to improving gender diversity

ShelLuser
Silver badge

Quality over quantity...

Within the field of technology shouldn't you be focusing on qualifications over gender? It doesn't matter if the person is a male, female or AI as long as he, she or it is qualified.

Which is another thing: people keep talking about the "Technology sector" and all but in the end it's still evolved around commercial companies which try to make money. And in order to do that they hire the people which they deem fit for the job. Their company, their environment, their payroll, their jobs.

And with that also comes their right to include or exclude certain people I think.

27
0

EU tells Facebook and Twitter: Obey us or we'll start regulating

ShelLuser
Silver badge

@dave93

"Personally, I believe that compelling companies to be responsible for their content, and to pay tax on profits made in the EU is a good thing."

It's not, it's the easy and plain out lazy way out. Merely done with dollar signs in their eyes.

Think about it: it's not the companies who wrote that stuff. How does fining the companies actually change anything when it comes to radicalization and terrorism threats which surround the author(s)?

People should be held accountable for their own actions, and when companies are operating as the messenger then they should be treated as such.

When you get a nasty e-mail are you going to complain to your Internet provider?

When you're being harassed through snail-mail are you going to tell your lawyer to sue the postal service?

Because that's exactly what the EU is trying to do here.

3
1

My name is Bill Gates and I am an Android user

ShelLuser
Silver badge
Windows

@L05ER

"The only winphone issue with any real weight behind it was lack of apps..."

Eehm, no.

I'm a first generation Windows Phone user and I still enjoy the environment (a bit). Right now I use Windows Phone mostly because it's not Google, but that's another topic.

The issues with Windows Phone are much bigger than you claim. However, you're partially right that the first generation also had application issues. For starters it didn't have a todo list, something a bit trivial for a business phone I'd say. But that wasn't even half of it.

It took Microsoft a while but eventually we got an update and what do you know? Finally a todo list. Yeah, about that... If you had Outlook you could synchronize basic appointments and gain access to e-mail, but synchronizing todo items with Outlook has never worked on WP 7. You couldn't even reliably synchronize them with Hotmail!

And WP 7 was also a problem in itself. See: when it hit the shelves Microsoft made very strict and tight demands to hardware producers. You were not allowed to make "low end" phones, the specs had to match the minimum requirements, otherwise you were not allowed to call it a "Windows Phone". That made many users believe that Microsoft was adapting the same strategy as they did for Windows: long term support. Surely they did this with updates and upgrades in mind, right?

Nope! Only a few months later WP8 got announced and roughly 1 year later (granted: a little more life span than your average mobile phone) WP 8 got released. Leaving many first-gen users frustrated, because apparently we bought into a beta run. While Microsoft did their utmost best to make it look as if they were really putting weight into Windows Phone. Turns out they did, but preferred WP 8.

"Bought a Windows Phone? Cool, get ready as we're about to release WP 8 so you can buy into it AGAIN!"

Then, developers... They were very keen to promote Windows Phone and provide SDK's (which were pretty good in my opinion). I also installed the stuff into Visual Studio and started working. Then eventually I felt confident enough to try and hack my own phone. Well... I got an error: it was locked, you couldn't do anything unless Microsoft unlocked it. Which they would only do for approx. E 110,-.

Paying E110,- only for getting the right to mess with my OWN phone? Later on this got lowered through some weird "refund actions" (as if anyone would trust Microsoft at this point) and a little more later things were free. You had to register and then you could enjoy your phone.

But can you imagine how many geeks (so: pretty devoted fans) already got massively disappointed and decided that it might be more fun to jump ships?

Can it get any worse? Of course it can! Just when people finally got around WP8 a little bit the next generation was announced.

And that's not even mentioning all the obvious weird stuff us users had to endure. I mean.. so here I have a Windows Phone with wifi and bluetooth support. So why can't I access my Windows clients (and/or server) shares over the network? When I have a file which I want to put on my phone I have to upload it to SkyDrive (oops, sorry: OneDrive), then my phone has to access that and if I'm lucky and the filetype gets recognized I can actually copy it to my phone. Or not.. Sometimes it also insists that it would only access the file online.

Now, a lot of this stuff got fixed over time, and the latest Win10 version also improved a lot. Absolutely no denying that.

But it doesn't solve the problem: after all this misery happening, how many users / geeks / fans do you think still cared? Plenty of users got upset and decided to bail out or simply not get a new Windows Phone but sit it out to see what might happen.

So many things went wrong that it's not even funny anymore :/

7
0

More than half of small firms plan on using Privacy Shield – survey

ShelLuser
Silver badge

So what I'd like to know...

We hear constant stories about how the EU is required to share / provide data about its citizens to the US, because in the US you're obviously guilty until proven innocent. But we never get to hear details when US citizens visit the EU... How does that work these days?

I have a hunch why this is so of course, because last time the EU carefully raised a demand to acquire information about US citizens all of a sudden hell broke lose because that request was obviously an blatant intrusion of privacy.

6
0

Java SE 9 and Java EE 8 arrive, 364 days later than first planned

ShelLuser
Silver badge

@James

Why would you want to upgrade ASAP anyway?

Besides: as others already said, this has never been a problem on Java. One of the reasons I appreciate the language so much is because it's mostly backwards compatible. There are tons of Java applications out there which don't even use the specific features which Java SE 8 has to offer (new in comparison to SE6 for example).

Quite frankly I think this is one of Java's key strengths; the risk of having to re-design your software whenever a new version hits the shelves is usually neglectable. Which can't be said for a ton of other programming languages (PHP being the most notorious for that).

Maybe also good to know: most Java IDE's provide support for managing multiple build targets. In other words: using multiple JDK's next to each other (I only have hands on experience with NetBeans, but I know at least 2 other IDE's which also support this). You can easily have a Java SE8 environment while you're still building stuff for Java SE6.

2
0

Black screen of death after Win10 update? Microsoft blames HP

ShelLuser
Silver badge
WTF?

HP maybe the source, but Microsoft is still to blame

Simple reasoning: what moronic programmer parses and "just" applies properties without checking if their values are actually within the right limitations?

And the reason I use the word 'moronic' is because this is a classic example of how backdoors and exploits come to life.

15
1

Downloaded CCleaner lately? Oo, awks... it was stuffed with malware

ShelLuser
Silver badge

Avast is bloated itself...

In my opinion Avast went downhill the very moment they stopped being an anti virus program and insisted on becoming an "Internet protection suite". Their firewall was horribly bad, it had a major problem when it had to cope with many parallel connections (passive FTP anyone?) and would often put the whole OS to a grinding halt because it simply couldn't keep up.

If they're that bad with a simple firewall, then what would their other be like? That's what I wondered about anyway, and got rid of the whole thing. Never looked back.

26
0

The developers vs enterprise architects showdown: You shall know us by our trail of diagrams

ShelLuser
Silver badge
Pint

Awesome article

First off: I'm a huge advocate of modeling languages such as UML / SysML / BPMN and even though I realize not everyone values those standards I do think they're sometimes under appreciated. However...

"EAs are infamous for not having touched a line of code since, well, that time way back when they did all this DevOps stuff on mini-computers but didn’t call it “DevOps”."

I think this really nails the main problem.

I've been following a few seminars in the past and I'm (somewhat) active on a few fora dedicated to modeling practices and if there's one thing I can't help but notice it's that a lot of data analysts seem so stuck up with their rules ("guidelines") that they'll often spend more time debating (or researching) modeling standards than actually addressing the (theoretical ?) problems they're trying to solve.

And one reason for that, in my opinion obviously, is two fold. There's a huge difference between theory and reality. So having some kind of hands on expertise with the way things are done can seriously help to understand the reason for any possible caveats and/or problems. Yet most analysts will approach all this purely based on their precious modeling standards, thus theoretical.

Which is in my opinion another major problem within this field of work: the standards should be a means, not a goal. When it comes to modeling languages (such as UML / BPMN) I always try to draw parallels with real (spoken) languages. Despite the official rules (as laid out in the dictionaries) we often use the language in the way which works best for us. And sometimes the language changes and adapts a bit. So why can't the same thing apply to modeling languages?

I think that's a major caveat sometimes... I know of situations where people tried to change the way a company worked based on a pre-determined ruleset instead of basing themselves on what would be the most optimal way for the departments to work. Said company dumped this way of work within 2 months or so and then went back to their old ways. And I think that fuels the ideas of those 'weird diagram packed guys' who can recite a lot of theory but don't seem to fully understand how things work.

4
2

WordPress has adverse reaction to Facebook's React.js licence

ShelLuser
Silver badge

Very odd decision I think...

Note that I don't oppose the decision but I don't understand why it's being taken. Because I seriously doubt that the Apache ban will affect WordPress in any way. Thing is: Apache banned use of the library for all their new projects. But WordPress isn't a project hosted by Apache last time I checked.

The Apache decision also doesn't concern end users. After all: you pick up the software based on a license (an Apache license in this case) which doesn't forbid you to use any kind of library if you want to. That's also not the point, from what I understand the point is to forbid inclusion of the library in any of the Apache projects. So any new software project hosted on Apache can't have this library included. But that's all there is to it.

Like I said, I don't oppose the decision but I do think it's odd that WordPress thinks that this could ever affect their end users.

0
16

Homeland Security drops the hammer on Kaspersky Lab with preemptive ban

ShelLuser
Silver badge
Pint

I wonder who the real oppressor is here...

First of all this brings me back to the news surrounding the 50's and 60's. You see; although the US claims to be the "land of the free" it really should be mentioned that this is "the land of the free to do as we tell you". Back in those days, the days of the cold war, the US disliked everything even closely related to communism. But worse: plenty of innocent people (from civilians to more well known people) saw their careers and reputation getting ruined because... .. the government suspected that they might be sympathetic towards communism. In other words: thought crimes. They didn't condemn people for the way they acted and/or behaved, nope, but for what they might have believed. Of course this backfired eventually and many "high class" politicians were forced to step down, but the damage had been done nonetheless.

The witch hunts all over again.

Isn't this a bit of the same? See, there's another thing I have a problem with:

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks"

Doesn't the same apply to US laws? I mean... just look at the NSA and Apple encounter, Apple was pretty much forced to comply to their wishes and only after Apple went public with the whole thing and still stood their ground things went sour for the US (after which even the president started mentioning stuff like "unpatriotic acts").

Can we now conclude that it is official then? So it's down to "Do as we say, not as we do"?

There's a word for that... when you uphold double standards and double morales....

36
2

Another reason to hate Excel: its Macros can help pivot attacks

ShelLuser
Silver badge
Windows

Nothing to see here...

So a student found out that if you're a local administrator you can access a machine remotely. No shit sherlock.

There are also some serious flaws in his argumentation. For example the part where he demonstrates remote access through PowerShell. For starters: WSMan:\localhost\Client\TrustedHosts. Good luck creating instances through PowerShell remotely (or even starting new sessions) when the remote host isn't in the list of trusted hosts. Any remote access attempts would be rejected.

Maybe also interesting to know: this setting can only be changed locally by the administrator.

You can see the whole thing if you check his script on Github.

This is a non-issue.

9
5

Forums

Biting the hand that feeds IT © 1998–2017