* Posts by dajames

1073 posts • joined 20 Mar 2011


The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

dajames Silver badge

Re: Devuan user here

... Bro/Sis (is there a gender-neutral term here? ...


(Short for "sibling", of course.)

This is the final straw, evil Microsoft. Making private GitHub repos free? You've gone too far

dajames Silver badge

Re: Not impressed

'Viri' would be the Latin plural anyway, not 'virii'.

The Latin word Virus is neuter, so it's plural would be expected to be vira

And even more pedantically, the Latin virus, meaning slimy liquid, doesn't have a plural.

That's right, the word virus is uncommon in Latin, being found in only a few texts, and only in the singular form. Cicero used it, incidentally, to mean "venom", which is probably where the current use in biology and IT originated.

When writing in English "viruses" is the least controversial option.

dajames Silver badge

Re: That didn't take very long.

Microsoft seem to have silently revered that policy...

I take it that "revered" was a typo for "reversed" ... the resultant inversion of meaning is delicious!

Bish, Bash... gosh! Good ol' Bourne Again Shell takes a bow as it reaches version five-point-zero

dajames Silver badge

Bourne Again Shell (Bash – geddit?)

Methinks that if there is humour here it is in "Bourne Again", rather than in the abbreviation that is "Bash", and to understand that you need to know that Bash was the successor to the Bourne shell, which was named after its creator, Stephen Bourne.

2018 ain't done yet... Amazon sent Alexa recordings of man and girlfriend to stranger

dajames Silver badge

Re: Always identify the spokesperson

To stop companies giving stupid PR answers to your questions, always report the name of the spokesperson who gave you the answer. After a while they will get so embarrassed that they start giving proper answers to your questions.

They will, of course, reply truthfully.

Some years ago I did some programming work for a small software company -- let's call them ITCo -- that was small enough that the telephone support was handled on a rota basis by developers. In order to stop callers asking for specific developers by name (some of us were much more tolerant of the support role than others) we always replied "Dr. Itco" when callers asked for our name.

Microsoft flings untested Windows 10 updates to users! (Oh no it doesn't!)

dajames Silver badge

Re: Firefox

...they are determined to self-destruct what was once a great achievement.

Methinks I've never sees "self-destruct" used as a transitive verb, before. It rather defies common sense, and doesn't seem to mean quite what the writer probably intended.

[Unless it was a Fascinating Aida reference, of course]

In 2018, Facebook is the villain and Microsoft the shining light, according to techies

dajames Silver badge

Re: Legislate, regulate

Any company allowing user data to be compromised will be fined ...

No. Don't fine the company. Make the directors of the company personally liable. Send them to prison for the worst violations so they can't just pay off the penalty from the vast fortunes that they will have accumulated by violating others' privacy. Make it hurt.

Then you stand a chance of making a difference.

It's official. Microsoft pushes Google over the Edge, shifts browser to Chromium engine

dajames Silver badge

Re: The passing of an age

Who in their right mind wants to run Java in a browser ?

Running applets in a browser was one of the primary uses for which Sun introduced Java, back in the day. The browser was supposed to contain a bytecode interpreter (NOT a JIT compiler) that could check the Java code for correctness as it ran (rather than making vague guesses about what the code would do at JIT time and then letting it run natively without a sandbox), and this was supposed to lead to a more secure (and platform independent) way of delivering active content than the alternative technology available at the time -- ActiveX.

The reason nobody in their right mind runs Java in the browser today has more to do with the terrible quality of all the implementations of Java in the browser than any inherent unsuitability of Java for that purpose.

I'd certainly far rather see Java running in a good, secure, bug-free implementation of a browser-based JVM than active content delivered using the train-wreck that is JavaScript!

Java's not the problem here -- it may not be the language that does the most to encourage safe programming, but it'll do -- the problem lies in its implementation.

Awkward... Revealed Facebook emails show plans for data slurping, selling access to addicts' info, crafty PR spinning

dajames Silver badge

Re: Riddle me this?

The claimed reason for collecting users' personal data is targeted advertising. But has ANYONE ever received a truly targeted advert?

The point about targeted advertising isn't that the advertisers will actually show you only advertisements that are relevant to your future purchasing needs -- that would truly be a neat trick!

No, the point is for the data gobblers to be able to persuade the advertisers to whom they sell your data that this will enable them to target their advertising more effectively, and so to charge more for the data.

Apple in another dust-up with its fans: iMacs, MacBooks lack filters, choke on grime – lawsuit

dajames Silver badge

Re: BullMerde

... 2012+ iMacs have the glass bonded to the LCD to allow the machines to be thinner ...

So, once again, the quality of the product is sacrificed on the altar of "thin".

Blockchain study finds 0.00% success rate and vendors don't call back when asked for evidence

dajames Silver badge

Re: This story reminds me about the "Cold Fusion" hipe of the '80s

I'm trying to work out whether your writing "hipe" instead of "hype" was a clever pun that has sadly eluded me completely, or just a spelling error?

...but to answer your implied question: The difference, of course, is that cold fusion would have been enormously useful had it been real, whereas blockchain is real, but isn't particularly useful.

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)

dajames Silver badge

Re: Javascript

Could hit Perl, perhaps, but in the case of C (or C++) there is no tradition of automatically pulling dependencies off the web whenever you build.

... and even if that were the case a developer might be expected to do some testing and measurement of the program once it was built, and would stand some chance of noting that something was not right.

Because Javascript is interpreted (OK, JIT-compiled, let's not split hairs) the problem is even worse: a Javascript program running in a webpage may pull in dependencies from the web whenever it is run. There is no opportunity for the developer to notice any errant behaviour, and little chance that the user would recognize it until it bit him.

Office 365 Exchange enjoys a less than manic Monday. Users? Not so much

dajames Silver badge

Re: All eggs, one basket.

got Libre Office?

Unfortunately LibreOffice doesn't include a mail client ... it should -- it'd be a winner -- it's not like there's much competition!

Consultant misreads advice, ends up on a 200km journey to the Exchange expert

dajames Silver badge

When I was about 12 my parents bought me a cheap tape recorder for my birthday (this was a couple of years before cassette recorders became ubiquitous, so it was a bit of a rarity). I bounced down to breakfast to find the gadget positioned beside my place at table, not wrapped or even in its box, but with the instruction booklet on top.

Wasting barely a moment on the Book of Words I pressed the "Play" button and my father's voice emerged from the small loudspeaker saying:

Read the Instructions FIRST!

dajames Silver badge

Re: Bad advice

I'd be highly skeptical of ingesting anything from Russia, given recent events.

Ooh, a lovely box of Novi Chocks .. how nice!

dajames Silver badge

Re: Spoilers in Tech Docs!

You select YES, you don't click on YES.

"Click on YES" is shorthand for "click the (primary) mouse button while the pointer is over the "Yes" button on the screen". As English Usage it's not lovely, but it's pragmatic and most people -- most people who know what a mouse is, anyway -- know what it means.

Note that you can "select YES" by moving the focus to the button control with the caption "YES", but that doesn't activate it, you have to press the space bar or Enter key as well to do that.

... and "buzz saw" - what the hell is a buzz and why and/or how would I want to be sawing it?

A "buzz saw" is a kind of saw. What kind of saw? The kind that buzzes. "Buzz", here, is used as an adjective to describe the kind of saw being mentioned, and will be understood by anyone who knows what a buzz saw is.

If you expect every adjective+noun pair to work the same way as "fly trap" (a trap for trapping flies) as you seem to expect "buzz saw" to do, then you will find many common phrases -- such as "hot tap", "front door", and "light bulb" -- rather confusing!

Groundhog Day comes early as Intel Display Drivers give Windows 10 the silent treatment

dajames Silver badge

Re: Win10 telemetry had one job. And it failed.

Why do you asume that it's for quality control?

Microsoft have always claimed that quality control was part of the reason for having telemetry in the first place -- it's their excuse.

While most people recognize that Microsoft may have other reasons for spying on their users, it's reasonable to hope -- not assume -- that there may be a bit of quality control going on as well.

Influential Valley gadfly and Intel 8051 architect John Wharton has died

dajames Silver badge

Re: 8051

I remember hand-assembling 6502 code for my VIC-20 because I didn't have an assembler.

A real geek would have written one ...

OnePlus 6T: Tasteful, powerful – and much cheaper than a flagship

dajames Silver badge

Quite nice ...

... but rather a lot of money for a phone that's too big, isn't weatherproof, and has no removable memory, no removable battery, and no analogue headphone option.

Even so, the promise of regular updates is tempting.

A new Raspberry Pi takes a bow with all of the speed but less of the RAM

dajames Silver badge

Is the Pi supposed to be a low cost computer, or just a small one?

... or just a computer that doesn't run x86? There are plenty of applications for a Pi for which the alternative would be an Atom or low-end Celeron, or maybe an AMD APU, and I for one am glad to see an ARM-based option too.

Sudden Windows 10 licence downgrades to forced Xcode upgrades: The week at Microsoft

dajames Silver badge

Just because its a dumb idea doesn't mean that MS won't push it and push it and push it.

... and just as it starts to gain a little acceptance they'll drop it like a hot potato and replace it with something even less useful.

At least, that's what their past form suggests.

Web Foundation launches internet hippie manifesto: 'We've lost control of our data, it is being used against us'

dajames Silver badge

Re: We already have the solution

Two words: self hosting.

That's only a thin slice of the solution. I have a website and I host it myself (or rather, I pay someone else to host it for me, but I think that's still what you mean by "self hosting"). That doesn't solve the problem.

The first thing it doesn't solve is accessibility. If I want people -- people I don't know -- to be able to look at my hosted material then they have to be able to find it. This they can do by using a search engine ... but as soon as a search engine becomes part of the solution it isn't all "self hosting" any more; you (and your site's users) have to trust the search engine company, and the search engine company is in a position to monetize your data.

The second thing is exclusivity. I may publish the things I want to publish on my own site -- and only on my own site -- but that doesn't stop other people from putting information about me (or other information I'd like to keep under my own control) on their sites ... and they may not be self-hosting, so that information may misused, monetized, and otherwise abused in all the ways you hope to prevent by self-hosting your own site.

So, you're only partly right. Putting the information you wish to share on a website on a server over which you have some degree of control is certainly better than putting it on a bunch of pages on some social media site, but it doesn't give you all of the privacy or the control that one ought to be able to demand for one's online presence. Not nearly.

... but I don't think there is a solution, as such. There's no way that you can stop other people scraping a public website and correlating the data there with data from all the other websites in the world and making connections and drawing conclusions. Big Data analytics is getting to be scarily effective technology, and facial recognition of any photographs you post means that your un-named friends and family will be identified pretty quickly.

The only solution that stands a chance is not to have an online presence at all, and to ask all your family and friends to refrain from posting about you, or posting your photograph, anywhere that they have a presence ... and even that doesn't have much of a chance.

Macs to Linux fans: Stop right there, Penguinista scum, that's not macOS. Go on, git outta here

dajames Silver badge

Re: Great plan Timmy.

>> Still, if a user can configure it so, then presumably malware could (in principal) do so also as a prelude for some kind of boot-time attack.

> I guess a hardware switch or jumper could allow a user to do things that malware can't. Still, as you say, it's not worth the effort.

It's not a matter of not being worth the effort. The main reason for Secure Boot is to prevent the user from hacking the OS to circumvent DRM, not to stop malware. A switch or jumper such as you suggest is the last thing they want.

Which scientist should be on the new £50 note? El Reg weighs in – and you should vote, too

dajames Silver badge

Re: One problem with this

I think you mean a Big Mac, not a Mars bar.

No, it has to be something edible.

Boom! Just like that the eSIM market emerges – and jolly useful it is too

dajames Silver badge

Re: And jolly useful it is too....???

... an esim will be much more easily hacked if it's incorporated into the OS ...

Is wouldn't (shouldn't) be done by the OS.

To be secure an eSIM needs to have dedicated secure storage hardware in the device. Provisioning the eSIM would need an encrypted exchange whereby the carrier sent sensitive data to the device, and the device stored the data in a protected area of the phone. The supplier of the device would have to be involved in this exchange in order to enable the device to write the data to the secure area.

I can't see the hardware vendors and the carriers actually getting their acts together sufficiently well to enable this to happen, though.

dajames Silver badge

Re: pick a side

Hell a carrier could instantly reprovision an eSIM to your number adding extra security over a physical SIM, without having you wait for a replacement physical SIM.

Yes, a carrier could do that. It wouldn't add any more security than a physical SIM -- and would only add as much security as a physical SIM if the phone had a secure storage area in which to hold provisioning data securely -- but it could be done ... if the carrier wanted to do that.

The problem with eSIMs is a lack of support from carriers. Carriers already support physical SIMs, and it would be extra work for them to offer eSIMs as well.

Carriers are also generally distrustful of anything that might lead to their having to share their customers' business with anyone else -- which is why (in the UK, at least) the major carriers don't offer dual-SIM phones. An eSIM system is just another way of providing dual (multiple!) SIMs, and carriers see that as a way of forcing them to share their business, possibly with other carriers who will undercut them. They see a loss in revenue.

The great thing about physical SIMs is that all phones need them. You can go anywhere in the world (with the exception of a few countries where you need to, e.g., prove residence to have a mobile at all) and buy a PAYG SIM that gives better rates for data (especially) and local calls than your own SIM from home; you just pop that SIM into your phone and go. You don't need to negotiate with a carrier who doesn't want to know, you just do it.

A Physical SIM in the hand is worth more than any number of hypothetical eSIMs that you can't actually get. eSIMs will never really take off until every carrier offers them routinely to anyone who wants one.

dajames Silver badge

Re: All SIMs are reprogramable - you just need the right GlobalPlatform keys..

Excatly. You wouldn't be able to transfer your phone number otherwise. It would require a new sim.

No, the SIM doesn't know what its number is. Some networks program the phone number into a SIM when it is provisioned, but if you buy such a SIM and then port your number to it the number stored in the SIM doesn't change (doesn't have to change - some networks may change it, mine didn't). The network manages the relationship between the SIM's identity and the number associated with it, not the SIM itself.

'Pure technical contributions aren’t enough'.... Intel commits to code of conduct for open-source projects

dajames Silver badge

... the arrangement of their genitalia and what they like to do with that genitalia ...

At risk of offending anyone who has only a single genitalis, ITYM those genitalia.

Planet Computers straps proper phone to its next Psion scion, Cosmo

dajames Silver badge

I can't find any sensible reason for 8 plus core processors when you're driving a small screen and a supposedly "mobile" OS...

Part of the point, of course, is that you are not limited to the supposedly "mobile" Android OS, but can use Sailfish (which is also "mobile") or Linux, or whatever else you can build for it ...

... as long as you can get the information you need to write drivers for all the hardware in the thing, that is. At least with Linux you may be able to use the Android drivers even if some of them are only supplied as binaries.

Top AI conference NIPS won't change its name amid growing protest over 'bad taste' acronym

dajames Silver badge

Re: It was a fair vote!

... I wish the representative from the coup ... a safe journey home.

I know this was supposed to be humour, but it falls flat.

The thing that chickens may be housed in is a coop, not a coup ... a coup is a "blow", which might be what the foxes have achieved by winning the vote. The misspelling ruins the point.

Add to that the fact that chickens are far from vegetarian -- they eat grubs and worms ... as will foxes, if it's all they can get -- and the point is almost entirely lost.

Shame, because otherwise I quite enjoyed the comment.

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

dajames Silver badge

Re: Reason for disabling IVP6

You can use NAT with IPv6.

You can, but why would you want to.

NAT is schtick for connecting a whole LAN to a WAN using a single IPv4 address (useful with IPv4 because most ISPs don't give you a /24 when you sign up). If you have a native IPv6 address you'll have something like 2^64 addresses, so machines on your LAN can have an actual WAN-visible address of their own without needing a trick like NAT.

Using NAT with IPv6 is just missing the point.

From today, it's OK in the US to thwart DRM to repair your stuff – if you keep the tools a secret

dajames Silver badge

DRM is always bad

DRM is a good as a concept, ...

Oh, no it isn't!

... but when badly implemented (which seems to be most of the time) is more of a hindrance then a benefit.

he thing about DRM is that it is almost impossible to implement in a way that actually works -- there always seems to be some loophole that lets it be circumvented.

Even if it worked as designed it would prevent legitimate licensees of copyrighted data from using the data in any way other than those supported by the licensor -- which would be limited by the licensor to the ways on which the DRM could be made to work, regardless of the desires of the licensee.

DRM needs to be outlawed, pure and simple. Copyright violators can always be prosecuted after the act.

dajames Silver badge

Re: But how are...

... I like your odds in a collision, if you keep surrounding yourself with strawmen like that.

Yeah, straw men provide a little cushioning, but catch fire really easily!

IBM sits draped over the bar at The Cloud or Bust saloon. In walks Red Hat

dajames Silver badge

That's all very well, but ...

Will IBM scrap systemd?

If so it'll all be worthwhile.

Is this cuttlefish really all that cosmic? Ubuntu 18.10 arrives with extra spit, polish, 4.18 kernel

dajames Silver badge

Re: Modern Interface, and other stupid comments

... the appearance of WIPs (Windows-Icons-Pointers)

Don't forget "Menus", menus are important, too (even if dysfunctional 'modern' GUIs do keep trying to hide them from us in ever-more-annoying ways) ... or did you think the 'M' in "WIMP" stood for "Mouse"?

dajames Silver badge

Re: "the system has a more modern and 'flatter' look"

It was "... windows and controls gain a lighter feel." that caught my eye. I have absolutely no idea what it means, and the rest of the article failed to enlighten me.

Are we talking about "light" as opposed to "dark", here, or "light" as opposed to "heavy"? I'm not sure that either means any more than the other, in this context, anyway.

Does Google make hardware just so nobody buys it?

dajames Silver badge

Re: But muh headphone jack!

As someone who is probably one of the older and stodgier greybeards in this forum, even I'm confused about the bitter clinging to the headphone jacks.

When I'm travelling, and realize that I've forgotten to pack any headphones, it's much cheaper to pick up a pair of wired earbud thingies that will tide me over than to have to buy yet another Bluetooth headset. This happens to me often enough that it's significant.

Having the 3.5mm jack doesn't prevent one from using high-quality Bluetooth headsets, but it provides the ability to use cheap and readily available earphones in an emergency. (Emergency? Ha! Talk about First World Problems.)

dajames Silver badge

Re: ChromeOS Pyrrhic victory

Yes, but this one is an Intel and that means emulation for Android for ARM apps. And that's assuming Intel is maintaining the transpiler.

Most Android apps are platform agnostic. They're written in something (usually Java) that generates a bytecode image for the Dalvik runtime or for ART, and will run on any Android device. No emulation is required.

Some Android apps are written either in C++ or some other native-code language, or are built with some component written in such a language for speed. Those apps are usually built in ARM and Intel (and other?) variants, and the right version for the target hardware must be downloaded (Google's store does this automatically, I believe). Again, no emulation is needed.

I'm honestly not sure what happens if you have (say) an Intel x86 Android device and want to run a native code app written for ARM. I'd guess it probably doesn't run, because I'm not aware of the availability of any emulator for Android targets (there is an emulator for PC-hosted debugging in the Android SDK, but that's clearly different).

So, no, I don't think it means emulation. You just download the Intel version of the Android app.

dajames Silver badge

Re: you can't make a Veblen good out of a dumb computer terminal

A typical dumb computer terminal is a "green screen".

I remember those days.

These days a typical "dumb computer terminal" is a PC running some kind of thin client under Windows 10. The device is capable of so much more ... but that's not how it gets used.

Take my advice: The only safe ID is a fake ID

dajames Silver badge

Re: Aliases are fun

One site even accepted 5th Nov 1605 as my DOB....

... and yet, strangely, some sites don't accept a DOB of 1st January 1970 -- that's a Unix date value of 0, and the site complains that I haven't filled in the date.

Actually, that's not so strange, is it, given the quality of most websites? I wonder what people who really were born on that date do ...

Samsung Galaxy A9: Mid-range bruiser that takes the fight to Huawei

dajames Silver badge

Check the facts?

Further down the scale the Galaxy J6 [snip link to Carphone Warehouse page] ... dispenses with the traditional microSD card slot

That surprised me, so I checked ...

Samsung's own product page says the J6 can take a micro-SD card up to 256GB.

Probably still comes with Bixby and a ton of other non-removable crap, though.

Microsoft Surface Pro 4 owners: So, about that other broken update…

dajames Silver badge

Re: Come on...

It's not like there are a zillion different hardware configurations...

Indeed -- and Microsoft control the hardware, so they (should) know exactly what's out there. It's the easiest upgrade scenario you can imagine!

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

dajames Silver badge

Re: Enhancement?

Does it still attempt to back everything to the cloud... ie the Adove servers?

It seems to, yes ... though I only use the Android version (because I haven't yet found time to locate an Android PDF viewer that isn't worse -- suggestions please!).

On a recently reset tablet I reinstalled Adobe Reader and was horrified to be confronted with a screen that invited me to sign in to the Adobe Cloud (using a Google, Facebook, or Adobe ID). It took me a while to notice a small, subtle, cross in the top corner of the screen that let me bypass that crap and open the PDF.

That scary old system with 'do not touch' on it? Your boss very much wants you to touch it. Now what do you do?

dajames Silver badge

... “six Rs” that ... remains (sic) useful when considering migrations. What are those Rs? Retain, retire, rehost, replatform, refactor, and rearchitect.

What happened to Retest, or for that matter Redocument, and Retrain (assuming those things were ever done in the first place)?

Brexit campaigner AggregateIQ challenges UK's first GDPR notice

dajames Silver badge

Re: So this is punishment for supporting Brexit

Is it just me or does GDPR sound like a German state security service?

Nah ... stands for German Democratic People's Republic, dunnit?

Isn't that what the old East (or was it West) Germany was (nearly) called?

UK getting ready to go it alone on Galileo

dajames Silver badge

What do you do when it's raining / cloudly

Stay indoors, where it's warm and dry!

Huawei elbows aside Apple to claim number-two phone maker spot

dajames Silver badge

Lifetime ...

It's hard to justify splashing out on a high-end smartphone when you know that it will need replacing in two or three years time. If the non-replaceable battery hasn't failed then the software will be obsolete, buggy, and unpatched (even if Google have issued a patch for any bugs in Android you can't rely on the OEM to have applied that patch to the firmware for your handset -- that problem's not so bad in the Apple world, if you can live with the view from their walled garden).

The mobile phone has, unfortunately, to be seen as a consumable, disposable, device that needs to be replaced every couple of years, and as such it's not worth paying more than a couple of hundred each time.

dajames Silver badge

Re: One idea

Maybe they'll sell more phones if they start spelling Honour correctly...

Methinks that if they named the phones after Honor Blackman (and why not?) then the spelling is already correct ...

Go Zuck Yourself: Facebook destroys patent suit over timeline

dajames Silver badge

Re: None of these patents should ever have been granted

I think there's a simple thing that could be done to do away with patent trolls : tie the awarded amount to the revenue generated by the troll with the patent.

Well ... no.

I might have an idea, and patent it. I might then spend a lot of time and money working out how to get my idea to market -- developing the tech that's based on that idea, looking for backers to help put it in production, and so on. I might easily have to do that for a few years before I could bring a product to market and start to make money.

Now, imagine that in that period someone else with more money and more experience than I has the same idea and rushes it to market. What can I do but sue him?

At this point I'll have spent all my savings and a few years of my life pushing forward an idea that might one day have made me rich beyond the dreams of avarice, but to date has given me debts and an ulcer. You think it's fair that the only recompense I'd be entitled to in law would be bigger debts and another ulcer?

If you want to assess the value of the invention why not see how much the other guy has managed to make from it, since he's the one who's actually selling it.

Or turn the whole thing around, maybe. Give Zuckerberg the debts and the ulcer. He might find them ... broadening.

[I agree that patent trolls are pond-slime, I just want to point out that not everyone who holds a patent but isn't actively marketing a product based on that patent is a troll.]

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway

dajames Silver badge

Re: Oops

Although plod might not have known about this I expect the spooks did, and are probably not very happy it's gone public.

On the other hand, it enables them to argue that off-the-shelf solutions are not sufficiently secure for their own use, and they should have a bigger budget to enable them to specify their own systems and have them built ...

... and it enables them to argue that there is a vast untapped ocean of information about the movement of others that they are not yet tapping, and they need a bigger budget for that too!


Biting the hand that feeds IT © 1998–2019