* Posts by DougS

12863 posts • joined 12 Feb 2011

Rust in peace: Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives once again

DougS Silver badge

Re: C / C++ compilers and libc could do this too

Because inserting a sizeof() check is too terrible to contemplate, since it might be redundant? It isn't like that will slow things down at all, since the generated assembly can easily fit in unused execution slots.

If you know the size of a & b at compile time you can use a pragma that will cause the compilation to abort if it isn't satisfied, then it won't add a few bytes to the code footprint (something I'm sure we should all be gravely worried about, in an age of 250MB smartphone apps)

Or, and I know this is crazy, simply use strncpy() which will work just fine if your belief that the destination is big enough is still true. Because no one will ever try to maintain your code, and you won't ever come back to it a couple years later and not remember that a and b need to be of identical size. Because you're perfect and have memory like an elephant, and safe programming techniques are for all the stupid people who aren't you.

DougS Silver badge

Re: Rust compile time speed

If you care about "iteration speed" it pegs you as a very careless developer who relies on the compiler to catch typoes (too bad if instead of typoing a variable name and getting an error you typo it as ANOTHER variable name and leave a hard to catch error behind) or to slam out minor variations and move on the minute you get something that "works" (in your 15 seconds of testing you'll allow before it is time to move on to the next problem)

DougS Silver badge

Re: use ADA !

That has nothing to do with Ada, and everything to do with having an idiot colleague who thinks fancy constructs are better. Not only are they a great source of bugs (especially if you use them where behavior is undefined) but they make code harder for others to understand and don't result in the compiler producing better code. It is ALWAYS better to take the simple path.

I'd go so far as to advocate against ever using autoincrement or autodecrement anywhere except maybe in for (;;). There may be other places where most people can follow what is going on, but the compiler produces the same code whether you use a=b[x++] or a=b[x];x=x+1.

DougS Silver badge

Re: Safer Languages

What qualifies as a "microcontroller" in 2019 would have been a supercomputer when Ada was invented.

DougS Silver badge

C / C++ compilers and libc could do this too

You don't need to rewrite everything from scratch in a new language, use a compiler that sanity checks things and won't allow e.g. strcpy(a,b) and inserts run time sanity checks where possible, inserts code to zero memory on the stack before allocation and so on. Libraries like libc etc. could add some sanity checking of arguments, system call stubs could do - not only catch security issues but crash issues.

I'm not saying you can make C as safe as Rust, but you can damn sure make it WAY safer than it is out of the box, with no perceptible performance penalty. 30 years ago you wouldn't want to do the stuff I'm suggesting because every cycle mattered. A lot of run time checks wouldn't slow down anything at all, since the code can be placed so it uses otherwise unused execution slots. Even if was a few percent slower if it is safer who cares? Rust isn't as fast as C, either.

Less and less code is performance sensitive every year as CPUs get faster and faster, and stuff that is (i.e. games and HPC) are not something where you care about security holes too much. Compile those with --safety-off.

We don't mean to poo-poo this, but... The Internet of S**t has literally arrived thanks to Pampers smart diapers

DougS Silver badge

Sleep reporting for infants?

So it is another thing for parents to worry needlessly about, and ask their doctor for recommendations about and get angry when their doctor can't provide any help beyond "make sure the temperature in the room is right" and such fluff.

DRAM, is it cold in here? Semiconductor market expected to shrink 12% in 2019

DougS Silver badge

No

This is SOLELY due to greater supply in the DRAM/NAND markets leading to lower prices. When measured by number of wafers consumed, number of bits of DRAM/NAND etc. the market is still growing.

If you sell 10% more of something at a 20% lower price, the revenue for that market will shrink.

Qualcomm fined €242m over 'predatory pricing' that helped to knock off British competitor Icera

DougS Silver badge

This fine is over 3G?

Talk about delayed justice!

Microsoft demos end-to-end voting verification system ElectionGuard, code will be on GitHub

DougS Silver badge

Paper ballot fraud is difficult

At least as voting is practiced in the US, where every state manages its own elections and the winner of the presidential election is determined by the number/size of the states won not by total votes cast.

That means that even if you had a corrupt governor in one state and could totally control its results, you can only affect that one state's outcome, and if that state was already going to swing that way (which it probably is if it can vote in a corrupt governor) you have accomplished nothing, at least not as far as the presidential election.

With electronic voting machines, the software could be corrupted either in the counting or the tabulation process, and affect all the states those machines are used in. You could easily swing an election if you had a popular brand of voting machine. If there's no paper trail you can't even go back and audit the process to find out there was fraud, unless they do something really stupid and have more voters than there are registered voters.

What's worse, that software could be corrupted by the company that supplies the machines, by the a subcontractor (how carefully do the check the Microsoft updates they apply?) or by hackers either foreign or domestic. So even if you can prove fraud, you might not be able to prove who was responsible.

Elon Musk's new idea is to hook your noggin up to an AI – but is he just insane about the brain?

DougS Silver badge
Terminator

Musk's strategy is now clear

This is how he plans to have autonomous cars by next year. He's going to offer these implants for "free" in exchange for an hour or two of slave labor per day driving an "autonomous" Tesla as a robotaxi. Everyone wins, at least until the implant becomes sentient and Skynet is born.

Fresh stalkerware crop pops up on Google's Android Play Store, swiftly yanked offline

DougS Silver badge

Re: Monopoly!

where no compation is allowed to anything that Apple makes

Utter bullshit, unless you think Spotify and WhatsApp and any number of email apps and so forth don't exist on Apple's app store.

Don't give it away, give it away, give it away now, bot busting biz tells reCAPTCHA data serfs

DougS Silver badge

Re: PageRank algorithm

Pages were ranked that way until SEOs appeared on the scene gaming the system. Since then they've been layering hack upon hack to try to correct the SEO abuse and get the "pure" page rank.

Since the patent for page rank is expired, someone ought to introduce a 'pure' page rank search engine. It would probably be pretty good, since SEOs have long moved on from optimizing for the Google of the early 2000s, so long as it didn't get too popular and flew under the SEO radar.

DougS Silver badge

Re: Perverse Incentives

I immediately thought of this. A CAPTCHA before every post, even if you are logged in. A CAPTCHA to view the next page.

And not just one, Google already pushes it by making you solve more than one. A couple years ago I started deliberately poisoning their data set by taking 30-60 seconds to deliberately click on a bunch of wrong things, before eventually giving in and getting it right.

So if you're in an autonomous car in 2030 powered by Waymo and it fails to recognize a traffic light or parked car and it kills you, I'm to blame. Sorry about that, but it was your fault for trusting your life to Google's crowdsourced technology!

Ex-Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury, Feds allege

DougS Silver badge

Re: Typically they require

Any judgements against him for remaining amounts will remain in force, so he can't simply wait until he gets out of jail and then spend the bitcoin. If he starts 'living above his means' he'll be noticed, and back in front of a judge pretty quickly. It is no different than if he'd buried $1 million in cash in some secret place, and bought himself a new car shortly after getting out of prison.

But your post is further proof that bitcoin is basically only useful for crime.

DougS Silver badge

Typically they require

Repayment of the proceeds from all ill gotten gains, and any fines are paid after. Even if you for instance bought $1 million worth of stock that went up to $2 million you have to give up the full $2 million. So goodbye Tesla, goodbye house, and goodbye all bitcoin he may have whether they've gone up or down in value since he bought them.

2019 set to be the worst year yet for smartphone market as lack of worthy upgrades dents demand

DougS Silver badge

Re: 5G around the corner and nothing very compelling to upgrade to.

If they do, it will be because that's what people want. You can argue that when Apple does things they are going against what consumers want, because if you want an iPhone you have to buy what Apple sells. But when most Android OEMs do the same you have to accept that what YOU want isn't what most people want, otherwise there would be more thick Android phones with gigantic batteries for sale.

DougS Silver badge

Re: 5G around the corner and nothing very compelling to upgrade to.

Yes, because all those phones with the door that wouldn't stay put or batteries that would pop out every time you dropped the phone are what we should go back to!

I guess you also want to go back to plastic screens so you don't have to worry about them breaking, and liked the dull surface due to scratches from pocket lint, and the inevitable specks of dust that would make their way underneath the plastic screen?

There are still phones out there with removable batteries for the minority of people who want them, so buy one of those and quit complaining about the phones that don't have what you want. The market has spoken, this isn't something very many people care about.

DougS Silver badge

Re: 5G around the corner and nothing very compelling to upgrade to.

Are there ANY phones that require a "soldering iron" to replace a battery? It is simple to do on an iPhone, I've done it on several for my girlfriend and and nieces. Takes about 10 minutes, and there is no mucking about with glue let alone soldering irons.

iFixit sells kits for popular phones both iPhone and Android and has instructions including pictures, anyone able to install a CPU in a PC motherboard (which I'm guessing is well over 90% of El Reg's readership, but probably only a few percent of the general population) can replace a phone battery. Heck, installing the CPU takes more time actually, once you faff about with the heat sink compound, the tension clips on the cooler, etc.

DougS Silver badge

Re: 5G around the corner and nothing very compelling to upgrade to.

So you're saying people would buy new phones more often if they had replaceable batteries so they could keep them longer? Logic fail.

The Empire Strikes Back: Trump discovers $10bn JEDI cloud deal may go to nemesis Jeff Bezos, demands probe

DougS Silver badge

There's a technology you may have heard of

Its called encryption. They aren't going to be putting plaintext anything on the cloud, and no doubt these systems will be physically separated with private network connections and so forth in addition to the military grade encryption on all the data.

Which is more likely do you think?

1) breaking through the security to gain access to the Pentagon's cloud, THEN knowing which blob of data (out of a total stored that will be almost incomprehensible) is what you want, THEN breaking the encryption on that data.

2) finding a corruptible colonel with security clearance to access what you are you looking for, and give him a suitcase with a few hundred thousand dollars in cash?

DougS Silver badge

Re: Here is a first

When the commander in chief is more corrupt than the congresscritters and even the lobbyists, I'm not sure his getting involved improves the situation.

I guess the best outcome is that the whole JEDI procurement is delayed a couple years, when there will hopefully be someone else in the White House. In the meantime regardless of his motives, having extra time to be sure that the decision to go with a single provider is the correct one is not a bad thing. We know this project will end up years late and over budget no matter what, so a couple years delay in procurement isn't a big deal.

Boris Johnson's promise of full fibre in the UK by 2025 is pie in the sky

DougS Silver badge

Re: Ambulances and costs

They'll use one of Elon Musks Robo-ambulances

Then the problem will sort itself out, as they die off when the robo ambulance crashes into a truck at full speed on the way to the hospital.

Chrome on, baby, don't fear The Reaper: Plugin sends CPU-hogging browser processes to hell where they belong

DougS Silver badge

How about

An extension that automatically kills Chrome anytime it violates your priva

Google nuked tech support ads to kill off scammers. OK. It also blew away legit repair shops. Not OK at all

DougS Silver badge

Re: More Google algorithmic bollocks

Well of course, they have to automate it and despite all the lofty claims 'AI' is the first but definitely isn't the second.

I mean, you don't expect them to hire actual humans to oversee the decisions made by machines and overrule them when they screw up, do you? To their engineers who believe everything is an algorithm, that would be admitting failure.

Awkward! Bernie tells Bezos-sponsored event he'd break up Amazon and other tech titans

DougS Silver badge

He isn't 'leading' with that theme

It isn't like he's running ads with that as a message. I presume someone asked him a question about it and he answered. If someone asked him about the China/Japan dispute over that fake islands and he answered it wouldn't mean that was what he was going to run on.

Bulb smart meters in England wake up from comas miraculously speaking fluent Welsh

DougS Silver badge

I'm a Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch denier

If people can claim the Moon landings are fake, I can claim Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch is not a real place. Just because someone can produce links to websites with pictures of a place claiming to be Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch or people who claim to have been there doesn't mean anything. The same is the true about the Moon landings. Its all a Welsh conspiracy!

DougS Silver badge

Who defines a "niche" language?

You?

If fewer languages is better isn't one language the best of all?

Quick, everyone quit speaking English and use Mandarin instead. That's what we're going to settle on (since it is the most spoken language in the world) thanks to Craig 2's brilliant insight!

Think of all the time smart meter vendors would save having to program in only one language instead of the dozens it must support today! We could sell it as a boost to economic growth, so it is patriotic for all those gun-toting rednecks in the US south to learn Mandarin.

Farewell to function keys and swappable SSDs in the new two-port MacBook Pro

DougS Silver badge

Re: Why not remap something else?

I don't know what are these "confirmation popup for unwanted action" you are talking about? I use Fedora, maybe it doesn't have them to the degree your distribution does, or I have things configured so I'm not constantly seeing such? Can you provide some examples of what you're talking about?

DougS Silver badge

Re: Why not remap something else?

Hardly the same thing. The space bar is the steering wheel of a keyboard, the escape key is the radio volume knob of a keyboard. You can remap with the heater control knob to be your volume control without too much difficulty.

I mean seriously, unless you are a developer exclusively using vi 40 hours a week it isn't like you hit escape all the time. I have a Linux desktop and do I actually DO use vi to edit files rather than a GUI tool but I still go days without touching the escape key.

DougS Silver badge

Why not remap something else?

Surely there are some less used keys, like ~ that you could remap to escape, and make fn-~ or ctrl-~ produce a ~ when you actually need to type it.

Cough up, like, 1% of your valuation and keep up the good work, says FTC: In draft privacy deal, Facebook won't have to change a thing

DougS Silver badge

Re: Probably about as good as the government can do.

Which is why government regulatory bodies need some space between them and the executive and legislative branches, along with strong laws about revolving doors, to prevent regulatory capture. Of course then people whine about the "career bureaucrats" when they don't like their decisions.

PC shipments back in black: Desktops to the rescue, aided by Win10

DougS Silver badge

I wonder if some purchases were moved up

Over fears of the China trade war getting worse and moving up to the 25% tariffs. We might see purchases continued to be pushed forward where possible, but when its resolved and that's no longer necessary sales could plummet as they snap back the standard timeline.

We have the best trade wars: US investigating French tech tax plan over fears it unfairly targets American biz

DougS Silver badge

Re: Stupid idea

The "better solution" requires every country in the world to cooperate, or businesses can play shell games using the ones who don't play ball in exchange for extracting a small amount from them (like Ireland did for Apple, and Caribbean countries do for everyone) I guess you don't recognize the truth of the statement 'perfect is the enemy of good' and will wait until the heat death of the universe for 'perfect' to arrive.

Taxing on revenue is basically sales tax, and so long as they limit it to only revenue earned in the country in question I can't see a reason why this is a bad thing, especially since they have limited it to ephemeral goods like advertising or software intermediaries so it is a level playing field.

If you think a 3% tax on sales is a bad thing in France, what about the much higher VAT EU countries all charge for all goods and services? What about the sales tax that most states in the US charge?

'It’s not a surveillance program'... US govt isn't going all Beijing on us with border face-recog, official tells Congress

DougS Silver badge
Coat

"why is it always the evil people who have the best system?"

And the volcanic lairs?

DougS Silver badge

Somewhere, there's someone in the TSA who is dumb enough to have an idea after reading all about the deepfake nudes thing: Hey we can stop using those expensive privacy violating scanners the public doesn't like if we take pictures of them with clothes on and let that program tell us what they look like without clothes. Then we can see if they have any hidden bombs under their clothes!

DougS Silver badge

Re: It's not a surveillance program

Homeland security may not be spying on US citizens (except where they accidentally do, which is a given) but that doesn't mean they don't share their information with other government departments that do, or various state organizations.

But I'm not taking the word of a "deputy executive assistant commissioner" (which has too many qualifiers to be anything but a low level position) at border control! He has no fricking idea what the rest of the Homeland Security is doing, like the FBI or DEA. If they have a classified program I'm sure someone with a title that long and meaningless doesn't have clearance to know about it. Plausible deniability FTW!

They might as well ask me to speak for all white men that we are sorry for all the raping and lynching over the years, but don't worry we've stopped now.

How an ace-hole AI bot built by Facebook, CMU boffins whipped a table of human poker pros

DougS Silver badge

Re: "learned how to play the popular card game by playing trillions of games against itself"

No, I think you'd be locked up in an asylum after going crazy due to boredom before you could get a fraction of the way there. Being able to do the same thing over and over again without complaint is a big advantage of a lack of consciousness.

DougS Silver badge

Re: Of course online poker is ruined

Playing multiple hands simultaneously sounds like WORK to me, and making only $10 to $20 an hour at it sounds like a big pay cut over what I make now.

But if I have a machine making it for me, I don't care how little it earns so long as it pays for its running cost. Then its just a passive investment like a house I'm renting or a owning a dividend stock.

Not sure how a poker site would be able to tell it is a bot, well other than the 24x7x365 thing. Have it quit for 8 hours after every 10-12 and it'll seem like a real but addicted player who is grinding out the money. Didn't think about the angle of playing multiple hands, even if it is only playing half the possible hours if it plays 4 hands at once that's $160K a year it can earn on one site. Maybe you could have it randomly skip a hand like a real person would have to do to go the bathroom, etc. to make it seem more 'real'.

DougS Silver badge

Of course online poker is ruined

The people who own this code aren't going to deploy it when they could earn $1000/hr (or more, since most online poker contents don't have the best players in the world at the table)

Even if they were too pure to do this, someone else will get a bot that does the same. Heck, if you had a bot that could only win $10/hr that's still $80,000 a year for the cost of electricity (or paying AWS to run it) And there are a lot of online poker sites, so you can have more than one. I'd set a dozen of them running and retire, thank you very much!

Facebook: The future is private! So private, we designed some handy new fingercams for y'all!

DougS Silver badge
Thumb Up

Finally a way to show my Facebook friends

What other drivers look like when I give them the finger!

Thumbs up, because close enough.

London cop illegally used police database to monitor investigation into himself

DougS Silver badge

Talk about a slap on the wrist

I wonder what an ordinary citizen under the same computer misuse charges for hacking into the police database into an investigation into them would get? Probably years in jail, not a tiny fine and a few weeks of community service.

300,000 edgy folk pledge themselves on Facebook to storming supposedly UFO-tastic Area 51

DougS Silver badge

If 300,000 truly determined people really did show up there

They'd be unable to stop them from storming the base. Sure they have armed guards etc. but they have enough ammunition to put down 300,000 people. Of course you'd need some sort of mass hypnosis to convince that many people to be willing to sacrifice their lives to storm Area 51, but it would be interesting to see what happens (from a safe distance)

Apollo at 50? How about 40 years since Skylab smacked into Australia

DougS Silver badge

"Successfully sent back to earth without injuring a soul"

Sounds like they never had proper control of it, and the fact that it didn't injure a soul was more due to the EXTREMELY long odds of it falling on a populated area.

Tesla’s Autopilot losing track of devs crashing out of 'leccy car maker

DougS Silver badge

Re: Really?

Including the cliffs they drive over and bridges they drive off when you let not ready for prime time self driving cars drive on roads they've never seen. They have to have safety drivers the first time - plus maybe more times in some cases to try it in the dark, rain, snow etc.

DougS Silver badge

Re: I'm guessing you live somewhere without weather

How many trillions are you going to budget to upgrade every mile of road in the country with this?

DougS Silver badge

Re: Autonomous driving is months, years, or decades away

Probably, but it will be a nightmare for traffic if everyone taking trains to work starts having their car drive them.

DougS Silver badge

Re: Autonomous driving is months, years, or decades away

I've driven those one lane roads in Ireland. At least I didn't have to worry about driving on the left :)

There aren't any around here, but I've driven on some in Nebraska. They are not uncommon rural areas where paving two lanes isn't worth it where traffic is a few dozen cars per day.

We'll know true (i.e. level 5) self driving cars are about ready for prime time when they can handle these without breaking a sweat. When they can handle driving on them when they have a couple inches on snow covering them and no tracks to follow, then we'll know they ARE ready.

Wondering how to whack Zoom's dodgy hidden web server on your Mac? No worries, Apple's done it for you

DougS Silver badge

Which is probably why Apple treated it as malware

And removed it from all Macs. Then users who installed it but rarely use it won't have a web server written by a company that doesn't understand security running on their computer, and users who want to keep using Zoom can simply reinstall the newer fixed version.

Investor fires shot at 'sinking ship' Google in battle over privacy-menacing Google+ bug

DougS Silver badge

Good idea, I think I'll sue Microsoft over Zune and Apple over Ping

Seriously, what's the point of suing over a dead product?

Biting the hand that feeds IT © 1998–2019