* Posts by DrXym

4336 posts • joined 18 Jul 2007

We fought through the crowds to try Oculus's new VR goggles so you don't have to bother (and frankly, you shouldn't)

DrXym Silver badge

The really odd part

What really surprises me is why Oculus are actually releasing TWO headsets - Oculus Quest is a portable headset with a mobile CPU and mobile games, and Oculus S that attaches to a PC. They cost $400 each. They might share some games, but not all of them and I doubt many people will want to buy both headsets.

Aside from confusing everyone no end, it just fragments and splits an already small market. Why not just a single headset that can be plugged into a PC, or unplugged for mobile gaming? It could have a connector outlet for that purpose. Even better yet if Oculus sold a wireless transmitter accessory for the PC so it could be used untethered. Now THAT might indicate some joined up thinking. For the time being it seems like Oculus is trying to converge a little but just can't quite manage it. Maybe next time around.

Wondering why 'Devin Nunes herp-face' was trending online? Here's the 411: House rep sues Twitter for all the rude stuff tweeted about him

DrXym Silver badge

But in fairness

Nunes deserves to be hauled up in front of his colleagues in congress and censured several times over for his stunts and highly questionable activities. At best he is an incompetent, political hack, at worst he is compromised.

Uber driver drove sleeping woman miles away from home to 'up the fare'. Now he's facing years in the clink for kidnapping, fraud

DrXym Silver badge

Re: And he would have gotten away with it too

I'm sure there are problems with taxi regulation. It doesn't excuse even worse, zero regulation which is what Uber entails. Almost anybody can be a driver and there is little redress for complaint either.

Most UK councils will at least require you present your medical history, criminal and motoring convictions. And if you operate a taxi without a license, or fraudulently obtain a license you could end up being convicted.

Personally I think having councils do this vetting is highly inconsistent. Even if the councile issues the license, the actual vetting and standards applied should be consistent across the board with databases that track applicants trying to game one authority against another.

DrXym Silver badge

And he would have gotten away with it too

If not for the electronic record demonstrating exactly what he did.

Seriously though, this is why private services like Uber are so horribly dangerous. Licensed taxis drivers generally undergo greater background and "good character" checks, usually by the police, because the public's safety is a priority.

Take your pick: Linux on Windows 10 hardware, or Windows 10 on Linux hardware

DrXym Silver badge

Re: How about neither

I wouldn't blame anyone in particular. Windows grew up on x86 architecture, built up a wealth of software compiled for that architecture and despite efforts by Microsoft to diversify to MIPS, ARM, PPC, Itanium etc., they all flopped.

The floppage is simple - companies have finite resources to develop software and they're not going to waste time and money cross-compiling, testing and supporting an architecture nobody uses.

If Microsoft had any sense they would have built UWP around LLVM to alleviate devs from needing to make this choice. Devs compile to LLVM and the OS does the final step during installation.

DrXym Silver badge

How about neither

Windows on Arm is as useful as a chocolate teapot.

Boffins debunk study claiming certain languages (cough, C, PHP, JS...) lead to more buggy code than others

DrXym Silver badge

C++11, has unique_ptr / shared_ptr templates in the standard lib which reduce the risk in using raw pointers. But they're not inherent to the language nor is any form of automated memory management. Libs like boost, QT etc have analogous wrappers, e.g. boost::scoped_ptr, QSharedPointer. But this is still an opt-in to safety, not safe by default.

The language itself has new and delete operators but they must be called correctly. Omit the delete, and it leaks. Delete an invalid pointer and the heap corrupts. Delete an array without the [], and only the first element's destructor is called. Call an invalid pointer and it crashes, or worse, doesn't.

It's certainly advisable to use smart pointer classes where possible but they are still not mandatory.

And screwups are still possible. I reviewed some code that assigned on shared pointer to another. The shared ptr on the left was typedef'd to a base class, the one on the right was typedef'd to a child class. Since the typedefs were not the same, the right hand side implicitly fed its inner raw pointer into the constructor of the left hand side and both smart pointers came away with a reference of 1. The first var out of scope deleted the object and left the second looking at garbage.

The point being none of this is even an issue in Rust. The compiler will insert the memory allocation / deallocation for you and will kick your butt if you violate object lifetimes rules. The result is software that doesn't suffer from an entire category of common programming fault.

DrXym Silver badge

Re: Rust

If you think they're unheard of you're living in cloud cuckoo land. Go to a CVE database, pick a C++ project and see what comes up. For example QT has 9 CVEs in the last month, many of which are overflows and NULL pointer issues. And that's an open source project that has many eyeballs looking at it.

Clearly some people are incredibly defensive about C++ (and C) for reasons that are hard to fathom especially when the flaws are obvious.

DrXym Silver badge

Re: strNcpy is also buggy

Lucky you. Perhaps you are in the unique position to only work on your own code and have a perfect grasp of every particular of it. Or perhaps you don't need to worry about a malicious user feeding garbage into your code which can potentially exploit a single error to great effect.

In the real world, code is touched by a variety of hands, some skilled, some not so skilled. Even the skilled developer can easily forget to include a check, or make an assumption that doesn't hold for some reason. And if you doubt this, I suggest you go look at CVEs for some of the most popular open source products. This software was written by knowledgable, competent people and yet it still contains bugs.

DrXym Silver badge

Re: Rust

"I'd think it would be worse. Because there are lot more kinds of bugs than the ones Rust (or any language) can protect against. And a false sense of security is, well, false."

Here are some bugs you CANNOT write in safe Rust:

* Null pointer exceptions

* Dangling pointers (calling a pointer which is no longer invalid)

* Double frees (freeing same memory twice, trashing heap)

* Data races

* Buffer over / under flows

All of these plague languages like C and C++. If you look at CVEs for the Linux kernel (for example) then these issues account for 50% of the bugs. If kernel devs, generally regarded as highly competent coders can have these issues, then what do you think it says of the more garden variety C or C++ code?

Rust eliminates them by design in the language, or complains at compile time and it doesn't incur any runtime / performance penalty from doing it either.

That doesn't mean Rust is impervious to other kinds of bug. I could still write code which lowers the garage door when I ment to raise it. I could still write a couple of threads that deadlock on each other. I could still append to a vector until I run out of memory. But I'm still writing safer code than if I wrote it in C/C++.

Nor do I think Rust devs are lulled into a false sense of security by having a language which doesn't let them write brain damaged code. It means they have more time to focus on application bugs.

You got a smart speaker but you're worried about privacy. First off, why'd you buy one? Secondly, check out Project Alias

DrXym Silver badge

I've yet to see any purpose to thse things

I'm no luddite and have plenty of gadgets but Alexa, Google Home et al simply mystify me. Why do I need to talk to a device to turn on my lights when it is less effort to simply turn on my lights with a switch. It's an unambiguous, binary action that takes less effort than actually saying the words and hoping they're recognized. Not only less effort, but less electricity, clutter, expense, intrusiveness, configuration and things that can go wrong.

"Ah but they do so much more!" someone might opine. I'd argue that so does my phone / computer and if I need that "do more", then it's as easy or easier to just use that device.

Seagate punts external PS4 drive at the millions who uninstalled their game libraries to fit Red Dead Redemption 2

DrXym Silver badge

Re: Replace it

It's trivial to replace the drive. It still requires you have a USB drive at least as big as the one you're replacing.

It's too bad you can't plonk the replacement drive into a cradle, connect the cradle via USB and tell the PS4 to prepare and copy all the data from the existing internal drive to the new one so it could just be swapped in.

You like JavaScript! You really like it! Scripting lingo tops dev survey of programming languages

DrXym Silver badge

Re: Javascript is a horrible language

Personally I have no problem with some formatting being part of the spec. Even if compilers don't enforce it, IDEs could and it would make code more consistent.

BUT the way its done in Python seems dangerous to me. Indentation is to save enclosing a code block with a { } or BEGIN / END, or something similar. Instead you indent the bits that are part of the block and there is no explicit end statement.

That makes the code more terse (most of the time), it adds danger that the code will screw up because the developer inadvertently gets the indentation wrong. It also looks weird.

DrXym Silver badge

Javascript is a horrible language

The NULL pointer has been described as the billion dollar mistake. Javascript says "hold my beer" as it introduces undefined, multiple definitions of equality, weird ass rules for this, scope, hoisting etc. Then we have multiple frameworks that add fundamental functionality, and cosmetic languages like typescript / coffeescript that try to take the worst edges off writing code, but it's still an exercise in turd polishing.

The only reason we're talking about it is because every browser supports it. I suspect that as webassembly takes off and software can be developed in more appropriate, typesafe languages, that JS will revert somewhat to its original purpose - scripting glue.

Apple: Trust us, we've patented parts of Swift, and thus chunks of other programming languages, for your own good

DrXym Silver badge

Re: probably a misguided move against GCC and GPL

"The main motivation behind LLVM was a non-GPL compiler with non-GPL runtime libraries."

In fairness, Clang + LLVM has become popular because it's a more modern toolchain than gcc and it shows in many scenarios. The C++ compiler produces WAY better and more meaningful errors (it's even used as a linter in some IDEs like QT). And LLVM is a JIT runtime as well as emitting machine code to a variety of backends and object formats.

DrXym Silver badge

These patents are gibberish

What are they actually claiming which is novel and unique?

Raspberry Pi Foundation says its final farewells to 40nm with release of Compute Module 3+

DrXym Silver badge

Re: Good & Bad news

Here is one example of a product built around these:


These modules have industrial housings and specialised inputs, and there is a CM1 / CM3 inside which they're hooked up to. They go in factories using a standard 24V input and allow people to write gateways, servers etc. Since it's just a Raspberry Pi under the covers you can cross develop software relatively easily over Debian or Yocto.

I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all

DrXym Silver badge

So the moral here is

Don't recommend weird libertarian books, don't ask for help setting up your criminal enterprise, don't operate your empire from a public wifi spot, don't operate from a jurisdiction that frowns on these kind of things, and don't put all the evidence that will put you away for life onto your laptop.

We all love bonking to pay, but if you bonk with a Windows Phone then Microsoft has bad news

DrXym Silver badge

Re: NFC? No fucking chance.

I don't mind contactless payment with a credit card. I see no reason at all to use a phone or other electronic device to do the same.

At the end of the day it just adds layers of uncertainty, complexity and middlemen into the transaction and is no more convenient than waving a card.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

DrXym Silver badge

There is a trivial solution for this

"Plugin X wants to modify or block a network request xxxx, do you wish to allow this action yes/no", where there is also a "remember this decision" checkbox.

It's the sort of thing that would be trivial to add to Chrome.

Ever feel like all your prayers go unheard? The Catholic Church has an app for that

DrXym Silver badge

Your piousness is all gone!

Wait for 8 hours for it to replenish or use Hail Marys to boost it now -

A Hail Mary - $1.99

A confessional of Hail Marys - $4.99

A church of Hail Marys - $19.99

A cathedral of Hail Marys - $59.99

A Vatican of Hail Marys - $99.99 BEST VALUE!!!

What a cheep shot: Bird sorry after legal eagles fire DMCA takedown at scooter unlock blog

DrXym Silver badge

Re: Who remembers the cue cat?

"I don't think this is cost-effective. What Hackaday reader doesn't have a set of security-screw bits? [...] And if the case is filled with resin, just chuck the case with the board and fit a new case."

Have a look at how the board is housed - https://boingboing.net/2018/05/25/drinkbot-anyone.html. Pour epoxy into that thing and some special screws for good measure and you've easily created 10x as much effort for an attack. Someone would have to hacksaw the box off, drill out sheared heads, splice wires and replace it with another unit. Nothing will stop a determined attack but it would definitely put off casual attempts.

Personally I don't understand how this business stands to make any money and I don't care if they get hacked or not. It's just an easy and cheap way to mitigate an attack and I wonder why they never bothered.

DrXym Silver badge

Who remembers the cue cat?

The cue cat was a barcode reader that was given away below cost with the expectation people would order stuff from magazines. Instead people hacked it for their own purposes, bankrupting the company and its dumb idea.

This has shades of that. Especially if they're so laissez faire to leave these things laying around the place. They could possibly mitigate against this attack by pouring epoxy into the case that houses the board and using non standard screws. At least that way anyone expecting a cheap scooter has a lot more work on their hands to make it work.

Of course, thieves might not be interested in the scooter anyway, so much as for the parts it contains - battery, motor, wheels etc.

World's first robot hotel massacres half of its robot staff

DrXym Silver badge

Next week on "Some things are bleeding obvious"

"We ask if self driving cars are the wave of the future. Also whether kazoo marching bands are an effective way of being lulled to sleep"

No plain sailing for Anon hacktivist picked up by Disney cruise ship: 10 years in the cooler for hospital DDoS caper

DrXym Silver badge

Judges always question defendents who say they want to represent themselves and lay out the likely consequences of doing it. Even the US allows people to avail of a public defender if needs be. And even if they represent themselves, the judges tend to give them a little more slack and assistance in making their defence, providing they don't go all sovereign citizen or something equally insane.

DrXym Silver badge

What a hero

Launching a DDOS attack at hospitals caring for sick children. That's pretty low by any standard regardless of what contorted, ego driven reasoning made him do it.

Linux reaches the big five (point) oh

DrXym Silver badge

It's normal development practice because Linux kernel doesn't have an ABI. Changes to the kernel source can and do break modules including drivers.

The easiest way to mitigate that is to ship the module / driver source code as part of the kernel package so that when you build the one, you build the other and they remain compatible.

Encryption? This time it'll be usable, Thunderbird promises

DrXym Silver badge

PGP is better than the alternative

In the early days of Outlook / Netscape Navigator, they adopted S/MIME for encrypting messages.

Sadly this doomed encryption almost from the very beginning because:

1. The user interfaces for using encryption were awful, barely afterthoughts

2. S/MIME uses certificates with rsa asymmetric encryption and it was SLOW

3. Obtaining a new cert/key was a massive pain in the arse and usually involved paying money. A tax on security.

4. Keys expired every year, compounding the pain.

So it was a garbage implementation of a garbage crypto mechanism.

By contrast most PGP extensions to email apps were relatively sane by comparison - create a key for free, use it as long as you like, add other people to your web of trust. It all fits relatively naturally with email but as extensions the experience never felt fully integrated (despite being easier than the built-in crypto) so few people bothered. And using crypto always felt like standing above the parapets - you must be up to something to be using crypto rather than it being the default for everyone.

And these days with webmail, any chance for secure encryption by default is long gone. Even if the transit of email is secured, even if the viewing of the email is secured, the actual email itself isn't. Google (for example) can and do read emails, ostensibly for beign reasons, e.g. so they can remind you about your upcoming flight or whatnot, but who knows what else they do or who else they allow to see it.

Found yet another plastic nostalgia knock-off under the tree? You, sir, need an emulator

DrXym Silver badge

Re: Seems a bit odd

My point is the one product should contain both ROMs and sets of workbench disks rather than splitting it out like that.

DrXym Silver badge

Seems a bit odd

Splitting the product into two editions like that - a 1.3 and 3.x kickstart version.

I would have thought it better to sell one product for a low, impulse purchase price especially since they're competing against free. After all it's not hard to download ROMs or workbench disks, or dists like Amiga In A Box which simplify setting up WinUAE.

Nobody in China wants Apple's eye-wateringly priced iPhones, sighs CEO Tim Cook

DrXym Silver badge

Surprising people still buy iPhones at all

They were never good value and at this point they're so far out of whack with what people would consider affordable that it must be impacting on sales.

Unless somebody is locked into the Apple ecosystem, the price must be a strong disincentive especially when Android phones retail for a fraction of the cost and even flagship models are distinctly cheaper than Apple's offerings.

A few reasons why cops haven't immediately shot down London Gatwick airport drone menace

DrXym Silver badge

Looking forward to seeing who gets arrested

I bet when they arrest whoever it is, it'll turn out they have some long standing grudge against the airport. Maybe they're a local farmer unhappy with a compulsary land purchase, or somebody aggrieved about the noise of aircraft, or someone who missed their flight. I expect the police are already sifting through the crazy files looking for potential suspects.

I hope it was worth it for their safe because given the scale of the incident they'll be in prison for several years at least.

Corel – yeah, as in CorelDraw – looks in its Xmas stocking and discovers... Parallels

DrXym Silver badge

Not surprising

Corel has always been the final resting place of the also-ran software that they acquired from some failing business.

I still recall installing Corel Office on a PC a very long time ago and being confronted with an eclectic mix of rebranded Borland, Wordperfect Corp and other random software. Each with its own look and feel, support tools and quirks. Naturally this involuntarily mashed together budget suite ran as seamlessly as you might expect.

Virgin Galactic test flight reaches space for the first time, lugging NASA cargo in place of tourists

DrXym Silver badge

The Ryanair of space travel

When they say they'll fly you to space they actually mean 20 miles away.

Razer offers freebies to gamers who descend into its coin mine

DrXym Silver badge


So the deal is people use their hardware and their electricity to generate wealth for others and in return they receive "points".

Ecuador says 'yes' to Assange 'freedom' deal, but Julian says 'nyet'

DrXym Silver badge

Ecuador should show him the extension they built for him

"Go on Julian, it's right through that door over there..."

Tesla autopilot saves driver after he fell asleep at wheel on the freeway

DrXym Silver badge

Re: Not actually a first

Tesla's autopilot can't even cope with stop signals, or junctions. Turning it on in any kind of urban environment is an invitation for something horrible to happen.

And this isn't just isolated to Tesla. Even the best autonomous vehicles in the world suck. There is too much hype and too little consideration of how they'd handle situations that a human could solve easily but are essentially intractible to a machine.

DrXym Silver badge

Erm NO

Tesla's autopilot is supposed to disengage and slow the vehicle if the driver is not demonstrating attentiveness. So no, it didn't save this guy's life. It endangered lives by continuing to function even when it shouldn't have.

Tesla's system is simply broken. Drivers can fool it by placing weight on the wheel and can take their hands off for up to 30 seconds which is WAY too long, encouraging all kinds of unsafe activity and inattentiveness. If it were fit for purpose the car would require drivers wiggle the wheel, or perform some mandated task every so often that can't be fooled and they would bleep if hands were off the wheel for even a few seconds.

They're still treating driver engagement and attentiveness as an afterthought. This story merely demonstrates that. The next time it happens, the outcome might be vastly different.

Oi, Elon: You Musk sort out your Autopilot! Tesla loyalists tell of code crashes, near-misses

DrXym Silver badge

Re: Hardly surprising

The interesting thing about autonomous vehicles is that the risk of inattention was identified years ago. Studies have shown that the less you give the driver to do, the more likely it is that they're not paying attention in the split second they REALLY need to be.

Unless the car is completely and totally autonomous in all circumstances, it has to force driver attention. Either by requiring the driver to do things that signal attentiveness, or by monitoring their behaviour, or both.

DrXym Silver badge

Hardly surprising

Any software engineer worth their salt could tell you the immense difficulty of capturing analogue data, modelling it, and translating that model via a set of rules into an action. And repeating that continuously in real time. The more variables and ambiguity that are present in the input, the more likely it is to screw up in the output. In a 2 ton vehicle going at 70mph along a road with other traffic, that could be positively fatal.

I wouldn't trust any autonomous mode unless it requires an alert and attentive human being at the wheel and forces their attention. At least that way the human can veto or correct the car's actions.

This isn't exclusive to Tesla. Any autonomous vehicle that claims it can drive itself in limited, or unlimited circumstances still requires oversight. Otherwise it will do something dumb and/or dangerous and there will be no human paying attention to stop it.

'Cuddly' German chat app slacking on hashing given a good whacking under GDPR: €20k fine

DrXym Silver badge

Not the only one by any stretch

I remember trying to log into a site (a primary school magazine/blog thing) clicking the "I forgot my password" and receiving an email telling me my password as plaintext.

I use throwaway passwords for trivial sites so the damage wasn't big but I could well imagine that there are many sites like this and many users who use the same password across multiple sites.

Washington Post offers invalid cookie consent under EU rules – ICO

DrXym Silver badge

Re: At least you can visit the site

Washington Post may be owned by Bezos but it does not follow that Amazon is going to be fined or punished for what is a US incorporated and independently operated entity. Something that it does within the jurisdiction of the United States. In fact if you read this article you would see that.

DrXym Silver badge

At least you can visit the site

Annoying interstitial or not, it's more than can be said for a LOT of websites in the US. In particular none of the Fox websites work, nor many newspaper websites.

I really don't see what the problem is with simply treating EU visitors like US ones. They're not under the jurisdiction of the EU legislation so what is the problem?

OnePlus 6T: Tasteful, powerful – and much cheaper than a flagship

DrXym Silver badge

Dumb dumb dumb

Dropping the headphone jack was a stupid metoo decision. How much real estate did they save from the measure? How many cents did it save? The answer to both is "minimal".

This was an opportunity for them to say "we're lead by what our customers need and want, not by the whims of the market to save a few pennies". They blew it.

Huawei Mate 20 Pro: If you can stomach the nagware and price, it may be Droid of the Year

DrXym Silver badge

I don't know why people buy these

The hardware is nice but the software is superficially attractive but has *horrible* usability. As for the lack of a headphone jack, they should hang their heads in shame.

Dollar for dollar, crafting cryptocurrency sucks up 'more energy' than mining gold, copper, etc

DrXym Silver badge

Re: Virtual money has real-world consequences

That's already happened to some degree. It's relatively easy to start up a new crypto currency, mine out the easy coins and then sucker people into "investing" in it. Cryptocurrency has shades of ponzi, pyramid and pump & dump schemes.

Woke Linus Torvalds rolls his first 4.20, mulls Linux 5.0 effort for 2019

DrXym Silver badge

Bring back the old Linus

There was absolutely nothing wrong about the way he conducted himself. He was forthright, pragmatic, principled and even when he went into rant mode he still backed up the rant with reason and logic. One of the reasons Linux even is the thing it is these days is because it had a strong leader at the helm who wouldn't suffer second rate code or bullshit in his project.

With the 6T, OnePlus hopes to shed 'cheeky upstart' tag and launch assault on flagships

DrXym Silver badge

Re: No headphone jack

I have a OnePlus 5 and I have no intention of buying a newer model if they're going to cheap out by removing a headphone jack. There is zero technical reason for this - it consumes a miniscule amount of space and it costs pennies.

The only reason to remove it to cynically force people to buy bluetooth earbuds. To hell with them.

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz

DrXym Silver badge

Lucky Red Hat!

Now RH workers can experience the delights of strict working hours, strict working attire, bullshit inhouse software for their daily routine (yay Lotus Notes!), petty rules designed to bump up the attrition rate, and the ever looming threat of mass layoffs.

I ship you knot: 2,400-year-old Greek trading vessel found intact at bottom of Black Sea

DrXym Silver badge

Re: I wonder if the sails are intact?

The BBC site says the wreck was powered by sail and oars so the answer was probably no.

Biting the hand that feeds IT © 1998–2019