* Posts by JohnFen

2431 posts • joined 20 Feb 2015

Forgotten that Chinese spy chip story? We haven't – it's still wrong, Super Micro tells SEC

JohnFen
Silver badge

Re: More questions

"Is it even possible to create a spy chip? (Probably yes?)"

Well, the US did it to some Cisco routers being shipped to an entity they were interested in, so yes.

2
0
JohnFen
Silver badge

Re: The simplest answer is usually the right answer...

"Why isn't Super Micro going "look, no sekrit chippies here!"?"

You can't prove a negative. Super Micro could trot out boards all day long and show them to by spychip-free, and it wouldn't mean a thing in terms of demonstrating that the boards in question are spychip-free.

The flip side of that is that the burden of proof is on the one making that positive claim. It's up to the ones saying there are spy chips on the boards to produce one as evidence. That would be meaningful.

18
0

Yale Security Fail: 'Unexpected load' caused systems to crash, whacked our Smart Living Home app

JohnFen
Silver badge

Re: Unexpected load? Really?

"What's wrong with just having a key lock?"

Yup. The first rule of automating anything is "always have a manual override."

0
0
JohnFen
Silver badge

Re: Let this be a lesson

"and you are locked out of your home possibly for days."

Your point is solid generally, but when it comes to being locked out of your home for days, that won't happen as long as you have an outside window you can break.

5
0

GitHub.com freezes up as techies race to fix dead data storage gear

JohnFen
Silver badge

Re: The Microsoft Curse?

"Which you are then free to lose in the datacentre meltdown of your choice, but at least it will be your datacentre meltdown."

You say that as a joke, but I really believe that's a huge advantage to on-prem hosting.

3
0
JohnFen
Silver badge

Re: The Microsoft Curse?

As much as I'd love to use this as an opportunity to bash the Microsoft purchase of GitHub, I don't think there's any connection between that and this. This isn't Microsoft's fault.

1
0

Is this cuttlefish really all that cosmic? Ubuntu 18.10 arrives with extra spit, polish, 4.18 kernel

JohnFen
Silver badge

"I thought there were people who actually study the ergonomics of user interfaces"

I think they've all been replaced with telemetry. It's too bad that telemetry, all by itself, is a terrible thing to base UI design decisions on.

3
0
JohnFen
Silver badge

Re: Same old same old.

"It no longer leads in terms of utility or design"

My experience with Linux indicates the exact opposite of that. In term of utility and design, I can't think of an operating system that is better.

9
0
JohnFen
Silver badge

Re: "the system has a more modern and 'flatter' look"

Personally, I think the modern Gnome is still horrible. Modern KDE can indeed be far too resource-heavy, but at least you can configure it to be light.

4
0
JohnFen
Silver badge

Re: "the system has a more modern and 'flatter' look"

"I have seen ideas for UI changes which might be improvements, but the struggle to overcome all those decades of habit made them more like failures"

For users, any UI change has to provide an amount of benefit that exceeds the cost changing work habits (and that cost is rather high). If a UI change provides a benefit that doesn't reach that threshold, then it doesn't just seem like a failure, it is a failure.

5
0

Chrome 70 flips switch on Progressive Web Apps in Windows 10 – with janky results

JohnFen
Silver badge

"but this isn't one of them"

I disagree.

0
0
JohnFen
Silver badge

"MS spend a lot of time on their UIs and compared to the amount of time most Web designers spend it shows."

It sure does -- considering how bad Microsoft UIs are, it shows that they're really bad at user interfaces.

0
1
JohnFen
Silver badge

Re: Fixing a problem that no longer exists?

"We should applaud PWAs."

I disagree. I think they're the next step down a path we shouldn't be walking.

0
1
JohnFen
Silver badge

Re: Why I'm not interested in PWA

"So what do you currently do with websites? Do you block browsers on the desktop or just whitelist/blacklist individual websites?"

Neither, but I also don't allow them to run Javascript or any other client-side code by default. I do allow a few specific scripts on specific sites, but no site gets a blanket pass.

"any ports they send out on can be blocked"

And what if they're using port 80? Currently, I use my firewall to ensure that no application can use that (or any) port without me intentionally allowing it. However, if the application is a website, I can't do that (without a lot of hassle) without also blocking the browser itself.

"more control over categorized websites"

I don't know what you mean by this.

"So you can block PWAs globally or individually"

Well, I certainly will (and do!) block them globally as I don't allow client-side scripting. What method of blocking them individually do you suggest?

"I don't fully understand what the issue is?"

PWAs are difficult to block with a firewall, and my firewall is my primary defense against the misbehavior of applications. Without at least that much protection, PWAs are too dangerous to allow.

"would seem far safer than an application that has to be installed (and therefore has admin privileges at that point)."

How so? No application I install has admin privileges unless I give them such privileges, and all applications can be easily blocked from sending or receiving data through the internet.

0
2
JohnFen
Silver badge

Re: Why I'm not interested in PWA

"Therefore your firewall ports will be as useless against PWAs as they would against any old web site."

Yes, this is the main reason I'm not interested in PWAs.

"However blocking access to specific sites and to remote hosted data stores is just as easy with a PWA as another website."

Correct, which is entirely insufficient.

0
2
JohnFen
Silver badge

Re: Wheeee.

"Web apps packaged as mobile apps is a big thing now"

Yes, and that's one of the reasons (but nowhere near the biggest reason) that I've stopped even evaluating new apps anymore. I'm really looking forward to getting off of this "mobile OS" train entirely. It's become something of a nightmare.

8
4
JohnFen
Silver badge

Re: Why I'm not interested in PWA

A major part of the sales pitch for PWAs is that they work in the absence of an internet connection, though. If they only work in connection with the cloud, then that's another showstopper.

13
1
JohnFen
Silver badge

Why I'm not interested in PWA

Browser-based apps are much more difficult to create specific firewall rules for. Since making firewall rules on a per-application basis has become pretty much mandatory, this limitation is a showstopper for me.

23
6

Well slap my ass and call me Judy, Microsoft's Surface Pro 6 is just as hard to fix as the old one

JohnFen
Silver badge

Re: Overpriced

"The problem with that with regards to electronics is that the fast pace of development very quickly renders older models obsolete"

People often say that, but I have yet to have that problem, personally. I use plenty of equipment that is ten or more years old and still performs perfectly well. I honestly can't think of a single time that I had a piece of equipment stop doing its job because of "obsolescence".

"A 10-year old tablet, while it could well function as well as it always had without any updates, will slow to a crawl if updated with latest versions of OS and apps. That almost certainly means security vulnerabilities."

That's a very weak argument, though. You can always replace the ROM with something more modern (and, personally, the first thing I do with any mobile device is replace the factory ROM with one that I actually have control over anyway).

"So if a tablet has a mean time to failure of 4-5 years, that's about as much longevity as can be reasonably squeezed out of it."

My experience is that the MTBF is much, much longer than 5 years. And even if it isn't, that's where being able to repair it comes into play.

"you quite often will end up in a situation where you can pay £500++ to repair your existing tablet"

I have never had this situation arise. If it did, then yes, I would replace the device. If, however, the device is actually impossible to repair, then I won't buy it in the first place (thus avoiding insane repair costs).

2
0
JohnFen
Silver badge

Re: Green Credentials

"Surely the justification for the glue is ease of recycling?"

The problem with that argument is that it assumes that recycling is the best thing that we can do. It's not. Recycling doesn't really help that much if the device's lifetime is short. Being reparable extends the lifetime, and thus reduces the environmental impact even more than recycling does.

2
0
JohnFen
Silver badge

Re: Overpriced

"I've bought cars for less than that"

And you can fix those cars!

4
0
JohnFen
Silver badge

Re: Overpriced

"Are they really overpriced?"

As I said, if you can't repair them than yes, they are rather seriously overpriced. The cost of production or R&D doesn't really enter into this calculation much from my "consumer" point of view.

If I'm paying a grand or more for something -- anything -- a major part of what I expect to get is longevity, and the ability to fix the thing when it goes wrong is a very important aspect of that. Otherwise, it's a disposable device, and I'm hard-pressed to justify paying triple or quadruple digits for something that is disposable -- no matter what the production/R&D costs are.

3
0
JohnFen
Silver badge

Re: Overpriced

"Apple and Samsung appear convinced otherwise."

True -- just because they're overpriced doesn't mean there aren't suckers out there willing to pay that price. The Samsung thing is relatively recent, though. My 6 year old Samsung phone is repairable enough that I've fixed it three times now (once was replacing the battery, though, which may not count as "fixing" on that device as the battery is designed to be easily replaceable).

6
0
JohnFen
Silver badge

Overpriced

If you can't fix it, that means it's disposable. A grand or two seems like an awful lot of money for a disposable piece of gear.

49
1

Silent running: Computer sounds are so '90s

JohnFen
Silver badge

Even vibrate-only is too loud

The primary, and huge, benefit of having a smartwatch is that I can set my phone to be completely silent, so it doesn't even emit that horrible vibration noise.

3
0

FYI: Drone maker DJI's 'Get it on Google Play' website button definitely does not get the app from Google Play...

JohnFen
Silver badge

Re: F-Droid

"It has to do with the supposed security model of Google Play Store: if it's such an important thing..."

It's not an important thing. Google just wants you to think it is so that you'll willingly stay locked into their surveillance network.

3
1
JohnFen
Silver badge

Re: That's actually a good feature

Why not? Not having a Google account doesn't really make the phone less useful.

2
0
JohnFen
Silver badge

DJI

I certainly don't trust DJI or their products, but not because they offer a way to get their app without using the Play Store -- that a good thing, not a bad one. However, misrepresenting the source of the download that the button uses is a bad thing.

4
0

Microsoft points to a golden future where you can make Windows 10 your own

JohnFen
Silver badge

Re: Commerce

Well, for starters, try setting a breakpoint that triggers when anything within a block of memory is accessed. You can't do it unless you're only interested in a 1, 2, 4, 8, or 16 byte long range. The watch facilities are difficult and annoying to use. I/O breakpoint support is limited. And so forth. The Visual Studio debugger is better than nothing, but only just.

I agree with you, though, that it's better than Xcode and JetBrains, but that's not a resounding endorsement. GDB is superior to them all, although it has issues of its own.

Really, the state of debuggers today is rather shocking overall. I have a hard time coming up with any that are better than the average debugger from the mid-to-late '80s, and most of them are less capable.

Personally, I think this is a result of the advent of IDEs more than anything else.

3
1
JohnFen
Silver badge

The snippy hostility comes from a combination of the fact that lots of people disagree that Win 10 is a fantastic OS and that Microsoft has been so corrupt and heavy-handed about forcing everyone they can into using it.

24
0
JohnFen
Silver badge

Re: Commerce

"especially in the debugger department"

Wha? Of all the many things that I find lacking in VS, the debugger tops the list.

5
0
JohnFen
Silver badge

Re: Deinstall parts of W10?

"Either that you're extremely lucky or that we all are damned for some reason."

Or he actually engages in safe computing practices (something very few people do anymore, it seems).

7
0
JohnFen
Silver badge

Re: Deinstall parts of W10?

Unless your gaming console is from Microsoft.

0
0
JohnFen
Silver badge

Re: Deinstall parts of W10?

"I fear 10 is gonna be unavoidable, at least if you wanna be able to play games."

The games thing isn't as much of a problem as it used to be, but it's still a problem if you're into the latest AAA games. But there's an easy way around this: have a Windows machine that is used exclusively for your games, and a different, non-Windows machine for everything else. Or dual boot.

4
0
JohnFen
Silver badge

And yet

And yet, you still can't make Windows stop spying on you.

5
0

Love Microsoft Teams? Love Linux? Then you won't love this

JohnFen
Silver badge

No Teams?

No loss.

15
4

Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3's security chip

JohnFen
Silver badge

This convinces me

If it's true (as it sounds like it is) that this prevents the owners of these phones from replacing the ROM or performing other system-level tinkering, then I am now convinced that Google is entirely uninterested in addressing any smartphone market except for the "stupid but rich" demographic.

...I actually consider that a good thing.

3
0

LuminosityLink spyware mastermind gets 30 months in the clink, forfeits $725k in Bitcoin

JohnFen
Silver badge

I agree!

"People simply have to have confidence in their ability to use these modern instruments to transact their business, privately communicate, and securely maintain their information."

I agree wholeheartedly with this. But, speaking personally, the likes of Microsoft, Google, and Facebook reduce my confidence in these systems more than people like this guy.

7
0

Deeper dive with GitHub Actions: One config file to rule them all and in the darkness bind them

JohnFen
Silver badge

Doing it wrong

"In a non-ironic way, we say 50 per cent of a developer's time is spent in config files,"

It is? Wow, I and everyone I've ever worked with must be doing it wrong, because I would have put that percentage at less than 1.

13
0

In Windows 10 Update land, nobody can hear you scream

JohnFen
Silver badge

Re: Last time

"if I am corrected or someone gives a decent reason then I am happy to take it on the chin"

I don't even consider that as "taking it on the chin". I am happy to be corrected! When I make a mistake and someone corrects me, that's a moment to celebrate as it means that I've become just a little less stupid.

2
0
JohnFen
Silver badge

Re: Last time

"when did ANYONE last use a CDROM?"

I used one just this morning.

2
0
JohnFen
Silver badge

Re: Gross Negligence at it's finest

...and you're paying for Windows 10 through being spied on.

1
0
JohnFen
Silver badge

Re: Do you people work in I.T?

"We bitch and complain because things could be better"

Not only "could be" better, but actually was better.

2
0

Sure, Europe. Here's our Android suite without Search, Chrome apps. Now pay the Google tax

JohnFen
Silver badge

Re: Just another attempt

"they currently have a controlling share in anything which has to work cross-platform.

e.g. chat apps."

They do? I think the dominant chat app is WhatsApp right now, which isn't an Apple product.

However, the point that DougS was making was that iPhones themselves don't have enough market dominance to allow them to be considered a monopoly. If there's no monopoly, then there can't be an abuse of monopoly -- so whatever Apple wants to do in terms of dictating what is or is not allowed to exist on iOS is unimportant in terms of this aspect of the law.

8
6
JohnFen
Silver badge

Re: I get my APK's...

Doesn't bother me any...

2
0
JohnFen
Silver badge

Re: Chaos

"They figure the phones without Play Store will be less desirable"

I'm sure they do. For me personally, though, omitting Google apps makes phones more desirable.

10
0

Once more with feeling: Windows 10 October 2018 Update inches closer to relaunch

JohnFen
Silver badge

Re: A powerful sense of dread

"I use both windows and Linux FYI - each as their place"

True, although the proper place for Win 10 is straight in the trash. (Regardless of one's opinion of Linux).

11
8

Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound

JohnFen
Silver badge

Re: Yeah

"For that they should be at least given a small amount of the benefit of the doubt that they were being sincere."

I don't doubt their sincerity, I just don't have as much faith that corporations will be able to resist doing it the wrong way as they do.

7
0

Amazon Prime Music turns the volume down a little too much

JohnFen
Silver badge

Yep, me too. The gigabytes of music I have stored on my phone continue to be available to me no matter what. That alone is a wonderful reason to not use streaming services.

...that said, I can stream directly from my music server at home should I really want to do the streaming thing. It's occasionally useful.

1
0

Finally. The palm-sized Palm phone is back. And it will, er, save you from your real smartphone

JohnFen
Silver badge

"Because it would have a different number, making it harder for people to contact you."

Most (all?) US carriers will let you have the same number on multiple phones. I assumed this was globally true, but apparently not. I never thought I'd actually see an area where US cell service is better than the service in other industrialized nations, but here we are!

Regardless, as you point out, you don't need this particular device to do this -- the ability doesn't depend on the phone(s) involved, it depends on what your carrier allows. If this is the main selling point for the TCL phone, then there's really no reason to buy the TCL phone.

0
0

Forums

Biting the hand that feeds IT © 1998–2018