* Posts by doublelayer

163 posts • joined 22 Feb 2018

Page:

Samsung loses (again) to Apple in patent battle (again). This time to the tune of a mere $539m

doublelayer

I don't care

They are fighting about phones that are nothing like the phones they have now, which, incidentally, are once again very similar--similar design choices, similar features, similar ridiculous price, there isn't much difference really. I don't know where this will end, but I am quite sure that I don't care where it ends. I can be glad that I am not on that jury, because that has to be boring.

1
0

Zimmerman and friends: 'Are you listening? PGP is not broken'

doublelayer

Re: they are right

While I get that the comment was a bit slanted against Microsoft, Microsoft was specifically mentioned to have an insecure client for this, and they need to fix it. In the interest of balance, I hope apple, Mozilla, and Microsoft all fix their clients immediately. Oh, and anyone else who is vulnerable; that's just the group mentioned in the article.

6
0

Tufts boffins track device location without GPS or towers

doublelayer

Re: "Offloading positioning to the devices makes it . . ."

I can't wait till another group of researchers uses this to prove that you can mess the positioning up enough to cause navigation systems to mess up. I assume it won't actually happen, but just imagine a ton of evil devices on a road all sending out their actual location shifted left by five meters.

Satnav: "You need to be in the right lane now."

Driver: I think I'm already there.

Satnav: Move to the right.

Driver (requires brain cell shortage, so we know that won't be a problem): *drives into lake*

Satnav: "You need to move even more to the right now. You need to be in the right lane for this next turn."

Although it's actually more likely that people use this mechanism to crash drones.

3
0

BOFH: Their bright orange plumage warns other species, 'Back off! I'm dangerous!'

doublelayer

Re: Hazard creation

A building I frequently walk through has a group that specializes in placing wet-floor signs in the worst possible locations. I think I'm pretty close to knocking my hundredth one over. My favorite is the one they place right at the top of the stairs, on the side you walk down. Instead of moving it about three inches to the right, where it would be up against the banister and basically impossible to topple, they've placed it where people frequently knock it all the way down the staircase. So far, nobody's gone falling down after it, although I do believe the falling sign has hit perspective stair climbers on various occasions.

9
0

Microsoft gives users options for Office data slurpage – Basic or Full

doublelayer

Re: Dear Microsoft

"Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others."

I agree for search and mail to some extent (I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex), but there are a lot of GPS solutions that work quite well. Google maps may be popular because it comes by default on android phones and can be installed on IOS for free, but apple has their maps for IOS not to mention the many satnav providers. I use a GPS app whose main asset to me was that everything was offline (I have a 3gb per month data cap, so that's useful), but now it also has the benefit of not sending data to people. I've never actually gotten any use out of google books. Every time I've looked for something, google gives me a paragraph and tells me the rest isn't available. Either it is, but only if I purchase through google play, or they have the book but I can't have it.

3
1

Welcome to Ubuntu 18.04: Make yourself at GNOME. Cup of data-slurping dispute, anyone?

doublelayer

I can't figure out exactly what Ubuntu is going to do with the data they have. We all know what that data looks like; it's a list of pretty much all the intel and AMD processors released in the last eight years with quite a few from before that. The ram table: 512mb, 1gbb, 2gb, 4gb, 6gb, 8gb, 12gb, 16gb, 24gb, 32gb, 48gb. I'm sure it'll be fun to see how many people are running it on something really old (They would see an intel core 2 duo P8600 for an old backup machine from me if I wasn't still on 16.04), but how is that going to help them. They could go to a lot more effort to figure out what users want by involving them directly.

3
1

Fella gets 2.5 years in the clink for coughing up cell numbers in $50m junk text message scam

doublelayer

Re: Monero...

"Third world doesnt denote poorer living conditions. It was the stance taken during the cold war."

Perhaps it was. Now, the terms have been redefined:

First world: Countries with high levels of economic activity and generally high living conditions.

Second world: Term is no longer used.

Third world: Countries with generally low levels of economic conditions. Sometimes also countries with low levels of political freedoms, although less often used this way. People never seem to put China in this group, for instance. Maybe they get to be in the second world?

Fourth world: The same as third world, but used when someone wants to make a rhetorical point that these countries are even worse than "third world" ones.

Definitions change.

0
1
doublelayer

Why was this guy even needed

I get that this guy stole the numbers and everything that happened afterward makes sense, but why couldn't the company running the scam just find a lot of numbers anyway. Is it really that hard to look up lists of numbers, or even use a dialer to find some? Is a list really needed. Also, why don't we just get rid of premium-rate texts. I don't think we need them.

5
2

Advanced VPNFilter malware menacing routers worldwide

doublelayer

Re: excuse me!

I get that they're suggesting that people who might have been infected reset to wipe it out and then reestablish the latest firmware, but if people actually did that, almost all of the devices could be re-attacked in short order and they would all have to reinitialize their networking. No thanks.

4
2

Senator Kennedy: Why I cast my Senate-busting vote for net neutrality

doublelayer

Re: Not a problem

In principle, I agree with you. However, there is a case to be made that, even with an actual market, ISPs shouldn't be allowed to intentionally block or limit access to services. Otherwise, you could deal with a situation where eight companies (let's call them A through H) offer services in an area, and each of them bolster their only partial hold over the market by also having a video platform, as many American service providers do. They don't like each other, so they all block each other. If you want to watch video on A's network and C's network, you can't just buy service from A and then pay for C's video, as A will block it. Instead, you could either buy service from them both or hope that someone else will unblock if you pay enough. I wouldn't want to deal with the plans they make available, each with a different set of sites that work, sites that lag, and sites that you just can't get to. They already make it hard enough with the different plans for how much data you can use, what speed you can expect, and how much you're going to pay. Don't add more complexity, because that gives them more control.

2
1

'Facebook takes data from my phone – but I don't have an account!'

doublelayer

Re: What Better Reason to Buy ZTE or HuaWei?

Would that it were so. However, while I can't speak for Huawei, I have seen two ZTE phones purchased by family members. Both had facebook installed by default. Fortunately, on one it was possible to disable it (though not to uninstall it) without rooting, and the other phone was dropped and damaged so I threw it away. Don't assume another country is far enough away to avoid these parasites.

1
1

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

doublelayer

Re: Simple explanation

Ok. This will get a bit of a reaction...

IP addresses are never going to be simple. They are big numbers. The same reason we don't memorize phone numbers for everyone and every takeaway we know means we won't memorize IPs for all the websites we visit or even all the systems we run. However, we do memorize some phone numbers, and some IP addresses. Because they are shorter and have fewer rules, the relevant IPV4 addresses are easier to memorize. 127.0.0.1 is localhost. 10.0.0.0-10.255.255.255, 192.168.0.0-192.168.255.255, and 172.16.0.0-172.31.255.255 are private space. I didn't have to look that up.

This has a certain level of convenience. I've been trying to get an openwrt device to make a range extender for a network, which I haven't done before and evidently it's not as easy as I thought. I've entered the address 192.168.8.1 a lot today, because that gets me to the shell. I've also entered the address 192.168.1.1 a lot, because that's the shell for the actual network. And sometimes, I have to disable DHCP on this device, meaning that I have to set my computer's IP manually. 192.168.8.2 is rather easy to enter. Like it or not, if I have to remember that the shell can be accessed at 29a0:37e9:0103:::382:011f:1, it will take me longer to figure this out and I will be more annoyed at the end.

In my mind, this isn't a reason to ditch IPV6. However, you can't deny (or actually I assume somebody can) that the addresses are easier. I can convert hex just fine, into binary, octal, and decimal. That's not the problem. The problem is that IPV6 requires me to memorize the whole number, which is a long number, whereas for IPV4, I basically only have to memorize "8". The 192.168 part never changes, and of course the network device is .1. For the same reason, I have memorized the IP of a site I use for ping tests. I never actually use the site or type the IP, but I can use my coincidental memorization of its address to say "Oh, DNS is working." I also know my personal VPS's IP address, although I definitely don't need it.

8
1
doublelayer

I think I know why

I think the reason IPV6 isn't being adopted fast enough for the observers is that networking is irritatingly complex even under IPV4. Equipment needs to interoperate using a large set of agreed frameworks, and all of them need to work. Therefore, once some system has it working under IPV4, the general sentiment tends to be "not again". Other than running out of address space, I can't see much of an incentive for most groups to go to the effort to switch.

This has been my experience--I'm not against IPV6, but I know that if all systems were to switch to it, I would start getting calls from my family and friends to come and fix things, and most of the time, I don't know how to fix things with major networking problems such as this. My main experience hasn't been with networking, so even when I get a shell on some piece of embedded Linux-based thing someone bought, I'm not sure how to turn the access I now have into a functioning device. There is only so much turnover so that we can just say "throw it away and get one that has been updated". Usually, that's not a good answer.

26
1

Router admin? Bored? Let's play Battleships using BGP!

doublelayer

Re: Would you like to play a game?

You can do that. There are only 32 pieces, 5 bits, and a move can be encoded in 11 (piece, new location x, y). The remaining five can be used for "illegal move", "check", "checkmate", "withdraw", and "good move, my friend".

4
2

Summoners of web tsunamis have moved to layer 7, says Cloudflare

doublelayer

Please, not a captcha

To anyone out there considering this, please don't make this based on a captcha. Those things break too often. I'm tired of fighting with them, either so they'll work when being run on something mildly unusual, so people who have difficulty seeing things can try to use the audio one (if even provided), or so the provider doesn't decide that, since they are seeing us try a few times, that we must be a bot and should be blocked. Captchas are evil things.

10
1

10 social networks ignored UK government consultations

doublelayer

Re: Is there something which..prevents these people..understanding how the internet functions?

>Or as someone else put it "I can explain it for you, but I can't understand it for you."

I wish that was true. Unfortunately, I'm currently taking a break from trying to understand why these network devices don't want to talk to each other, which I am doing so the people who own said equipment don't have to. Once it starts to work, I can but hope that those people don't find a way to break it again, because they're definitely not going to understand it then either.

1
1

Xiaomi the way: Hyped Chinese giant begins its battle for Britain

doublelayer

Re: Xiaomi diversified into making TVs, a fitness band and an air purifier,

Depending on the features you want, their fitness band isn't that bad. Its major feature is the price (for me, $20). There was that scary phrase in the license agreement (that I was not permitted to use this device in any way that would hurt the cause of national reunification), but I decided just to use an alternative open source app, gadgetbridge, so I could plot against Xi Jinping all I want. I mostly got it for the silent vibrating alarm function, but it does seem to work as a fitness tracker rather well if that's your thing.

3
1

Signal bugs, car hack antics, the Adobe flaw you may have missed, and much more

doublelayer

Re: Interesting photos

OK, that seems logi...I mean what?

"It saves time, money (taxpayer dollars), and labor (also paid in taxpayer dollars, both in field trips and in medical bills if an accident occurs)."

That makes no sense. If a medical accident occurs, the camera won't help. Even if you're lucky enough to experience the medical problem that leaves you stranded and unable to use any communications capability you have directly in the view of the camera, what will that do. Let's also assume that they have people watching all these cameras (national parks are big. It would be a lot of people, paid with taxpayer dollars, for a lot of cameras). Field trips are still required in order to come get you and the medical bills won't be affected. Then, there is the high likelihood that you get hurt out of view of the camera, in which case it won't help them find you at all. They don't have complete coverage. Meanwhile, any management they have to do to keep the park going requires them to go to various places. I'm assuming that their cameras never get broken, run out of power if they are wireless, have cables cut if they are wired, sag due to gravity, get dirty such that their imaging is impaired, nor require maintenance of any kind, so that the cameras don't add to the workload. You'd still need people to go to all these places.

I could see some logic if they were trying to do research on the animal population, although I don't think the cameras they have would be as useful as regular naturalist procedures, but that's not even the argument they came out with. When a camera that can save people when injured comes out, I'll drop my objections and most likely purchase some to put around all sorts of high risk areas. Until then, I dismiss that as pure illogic.

2
2

Microsoft's Azure green-lit for use by US spies

doublelayer

Re: Spitting, just because you can?

No, you don't get to do that. I am not reporting. My job here is not to provide the details we both seem to agree we'd like to see. You complained that you thought the reference to google was an attack on google. I disagreed, and provided a summary of the article which I thought bolstered my point. The details in question, as stated by me, are in the article. More information is not available in the article. If you want it so badly, you'll have to find it yourself.

Finally, you chide me, saying "So, Google does (or doesn't?) know that it does not meet the requirements, but (Google) still "wants chance to get this contract"... wow! Excellent logic." If the article is correct, google would like this contract. Right now, they can't get it because they don't meet some requirements. If the reporter isn't lying, I'm sure you can figure out very many details and start to discuss them. Google could start to meet those requirements and hence become eligible. Perhaps their desire for the contract is enough for them to do that. None of these statements is illogical. I don't see where this deviates at all from the statements in the article.

0
1
doublelayer

Re: Spitting, just because you can?

How is that not related? Basically, the story is:

1. Microsoft approved for use that gives them chance at big contract.

2. Amazon also has chance to get this contract.

3. Google wants chance to get this contract, but they don't have it yet.

The article is about the defense department's big contract, and the recent news is that Microsoft has gained an asset in their quest to get it. Information about other players doesn't seem out of line.

Also, I don't see this as an attack on google; they haven't met the U.S. government's requirements. That doesn't mean they are bad. The article doesn't claim that google are insecure. I could have used a few more details about why google doesn't meet the requirements, but it doesn't indicate to me that they have a problem that I would be concerned with.

4
1

Brit ISPs get their marker pens out: Speed advertising's about to change

doublelayer

An option they could try

For misleading advertising, you can't discount the efforts of various gigabit fiber companies that go to a lot of effort to tell you what it would be like if you actually got gigabit service. Imagine how you could download a DVD-sized file in 4 seconds. Yes, they say gigabit but give you figures as if it was gigabyte; I think someone in marketing didn't think things through. Then they neglect to tell you that that's not how gigabit service works on the real internet with real computers and servers on it. Of course, for maximum profit from the advertising, you would have to be less stupid than the providers I've seen using this tactic, as they never have the advertised service available in my area (then why did you tell me about it?).

1
1

Microsoft returns to Valley of Death? Cheap Surface threatens the hardware show

doublelayer

Re: "Yes, the school environment is abusive."

Google has a chromebook-in-education project. I know of at least two school systems using them. I don't think it's a great idea, as it would be even easier for google to achieve total lockin than apple or Microsoft, but the schools don't ask me. At least on IOS and windows you can install applications from the app store and through side loading. On a chromebook, despite the repeated announcements, you have the web apps and that's pretty much it. Google's applications are going to work better because they've engineered them to work together. Result: a user uses google's OS, google's browser, google's search, google's office, google's mail, and nothing else.

1
1
doublelayer

Re: A business for someone else

The problem I have with that theory is that I don't really want a windows 10 tablet that is as limited as other tablets. IOS and android were designed for the phone and tablet form factor, and they work for some people and don't for others, including me. I'm totally in favor of a small tablet-sized device that I can use for actual work, but it will require some things that an android or IOS tablet don't have:

1. A full OS. Windows 10 on ARM only works as a full OS if they have emulation for x86 that allows virtually all applications to run and where they run fast enough. I intend to do actual work on this, and if I'm expected only ever to use applications that were designed for windows 10, probably using UWP, that won't work. If I will be limited to an app store, I might as well go with android tablets. They're cheaper.

2. A full USB port. The surface has this, but a small tablet might not. A standard tablet can do many of the things I use USB for, but flash drives are quite useful, I type faster on a true keyboard with actual keys, and sometimes I need to use a USB scanner, printer, or other interface. If I have to have a laptop to do that when necessary, then I might as well not buy this.

3. It has to be relatively updatable. I'm not asking to be able to disassemble it and change the hardware. I doubt that any tablet will be built with that functionality. However, I want to be able to reinstall windows or try to run Linux if that will help in my work. If the device is locked down so I have no chance to do anything with it, a laptop will serve me better.

I'm willing for Microsoft to make this and surprise me. I'm not always on windows, but if it exists, I may look into it. Until then, however, I'm not really going to hold out much hope that Microsoft will build this.

2
1
doublelayer

So, they think they'll make computers like phones

It seems people are willing to pay a lot for not very much power these days. Surface devices may have a design advantage, but they are impossible to upgrade with new hardware and I'm not exactly sold on the pricing model. For the cost of these machines, I'd expect more ports (there is plenty of room on the rim for some more) and either a significantly faster processor or a better battery. I'm also concerned due to my experience with trying to fix a surface for a friend, which had managed to kill its battery with a firmware problem, the patch for which would not install because it required at least 40% battery power. However, if you have a working surface and you're tired of windows, the one I was working on managed to run Linux quite well, with no driver issues. That was kind of nice.

Then again, laptop prices don't seem to have any connection to the technology that's actually in them. I've been looking for a cheap-ish laptop for my father that I won't have to replace any time soon. I see a lot of essentially the same computer, usually with a mid-range i5 and 8gb memory, ranging from $420 to $900. I'm sure there are many of these above the $900 mark, too, but I'm not going to pay that. I wonder how certain companies get away with charging $400 more for no spec change. In fact, many companies are doing that internally--I'm probably going to buy a relatively cheap dell inspiron something, but there are a lot of dell laptops that cost a lot more and I'm not sure why. The main difference I've noticed is that the cheaper ones have mechanical drives and the higher-priced ones include SSDs, which certainly provide a big speed boost, but the cheaper mechanical drives usually have 1tb of space, whereas the SSDs are either 128GB or 256GB at the highest. I figured that would balance out.

6
5

Super Cali goes ballistic: mugshot site atrocious

doublelayer

Re: not obvious that the activity is extortion

Post: "It also is not obvious that the activity is extortion or involves money laundering or identity theft."

Extortion:

Definition: "Most states define extortion as the gaining of property or money by almost any kind of force, or threat of 1) violence, 2) property damage, 3) harm to reputation, or 4) unfavorable government action. ... If any method of interstate commerce is used in the extortion, it can be a federal crime." [source1]

In practice: We've put up information that you don't want out there. In many cases (see article) it's actually wrong information, but you can bet we're not putting that fact up. If you want this removed, or, we must reiterate, your true innocence vindicated, you'll just have to pay us, won't you? It'd be a shame if you got denied that job just because the police mistook you for someone else and released you after an hour.

Money Laundering:

Definition: "Money Laundering. The process of taking the proceeds of criminal activity and making them appear legal. Laundering allows criminals to transform illegally obtained gain into seemingly legitimate funds." [source2]

In practice: If the state is correct that this activity is extortion, then by definition the proceeds thereof were obtained illegally. Using those funds to purchase items is therefore money laundering. This relies on the state being correct about the activity being criminal. I cover this above.

Identity Theft:

Definition: "Congress passed the Identity Theft and Assumption Deterrence Act. This legislation created a new offense of identity theft, which prohibits "knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law." 18 U.S.C. § 1028(a)(7)."

In practice: Perhaps this will hinge on whether the pictures of people collected through police procedure are "means of identification of another person". However, current law does hold that, in general, pictures of people does count as identifying. Assuming this holds for mugshots, they were used by these people in order to commit a crime, extortion.

I have no doubt that this does count as extortion. Money laundering can be argued depending on what they did with the money, but they're almost certainly guilty if the facts are correctly stated. Identity theft is more a legal issue. They can figure out the mugshots detail if they want.

Source1: https://criminal.findlaw.com/criminal-charges/extortion.html

Source2: https://legal-dictionary.thefreedictionary.com/money+laundering

Source3: https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud

17
1

Great Scott! Bitcoin to consume half a per cent of the world's electricity by end of year

doublelayer

Re: Wonderful

What would be their reasoning? I don't see that they would really care about some people valuing big numbers, or small ones actually, at a lot of money as a big issue. Also, it would be rather difficult to prevent cryptominers from operating, as it could be hard to tell if someone was using power for that or something else. It's always easy to find a country that cares less about something if you want--it seems that the Chinese miners find it rather straightforward to steal electricity, so if some other country tried to ban mining, you could just set up there.

10
1

Lawyers for Marcus Hutchins: His 'I made malware' jail phone call isn't proper evidence

doublelayer

Re: Miranda?

Sorry, but you have it wrong. Miranda rights include only those statements. Basically, it indicates that the interview you're about to have will be evidence if law enforcement find it useful, and lets you know that you can decide not to talk or to have a lawyer present if you want. It includes nothing about collecting evidence. Agreeing to your Miranda rights doesn't, in itself, grant law enforcement any right to tap your communications or go through your posessions or documents. They can ask you for permission for those things, or they can get a warrant to do those things without your permission. Given that limitation, I think those statements, which are about as literal as they get, are extremely clear. Whatever else the FBI may have done needs to be evaluated for legality independent of the Miranda statement.

1
3

Whois privacy shambles becomes last-minute mad data scramble

doublelayer

Re: I'm still waiting for e-mails from Facebook(*) and Google

If you have a google account, the GDPR privacy update email should have arrived about two to six days ago. I'm not saying its contents are useful, but they have been sending them to all gmail addresses I have.

0
1
doublelayer

Re: really, fear should be unnecessary

Sorry, I spoke unclearly. My comment on guidance refered to guidance from ICANN. Most of the registry-specific things seem not to be ready because ICANN put in roadblocks, perhaps due to contracts and their power over the registries. That gives me some level of sympathy for registries, if it is really the case that they now have to figure it all out. Therefore, if I am right in my guess, I see a reason for mild sympathy if the registries are trying but don't get everything finished in time. As before, I feel no sympathy for ICANN, no sympathy for any registry that doesn't bother to try to get this in line, and my sympathy will evaporate if it is the case that registries could have done this already and ICANN wasn't holding them up.

0
2
doublelayer

really, fear should be unnecessary

Registries may face fines in legal reality, but I think the people likely to actually look at requesting action be taken will be somewhat reasonable. I, at least, won't be expecting complete adherence on the date from registries that got no guidance. As long as it seems that registry X is doing its best to implement the regulations, I don't think registry X should be called out. Instead, call out the ICANN for ignoring its responsibilities and any registrations that choose not to care.

0
6

DOJ convicts second bloke for helping malware go undetected

doublelayer

Wait a minute

Don't a lot of services do this? I know many of them make you identify yourself, but it wouldn't be all that hard to start one of these. I'm surprised people who are willing to pay haven't just built one of those themselves, or that there isn't a convenient one that doesn't pretend to be a business and just stays hidden.

Also, exactly what do you have to do with a business like this to make yourself legal? Is it just the fact that they were being used for malicious purposes and they knew it, or is there something inherently illegal about the type of business?

9
1

Software development slow because 'Most of our ideas suck'

doublelayer

Re: "Safe experimentation"

Interesting. I didn't get that idea, where it sounds like they want to just test in production. All I read from this article was "think of new ideas. Test them. If they work, keep doing them". One possibility is bad, because it leads to code being almost certainly broken and nobody caring about it. The other one is also bad, because it sounds like they think we've never thought of the concept of brainstorming and testing ideas. Which is worse?

12
1

Surface Hub 2: Microsoft's pricey whiteboard gets a sequel

doublelayer

Re: I quite like ours...

I wonder how this works better than your standard big screen if you're using it to display remote conferences; I've known people to use big TVs and a camera for that, which is cheaper. If the processing directly on the screen does help, what does it provide that using a windows computer connected to a similar screen doesn't do. Finally, does anyone actually touch the screen, because I'm going to go on record and say that I don't want to deal with an 84-inch touch screen.

0
2

People like convenience more than privacy – so no, blockchain will not 'decentralise the web'

doublelayer

Re: Historic revisionism

The problem I notice is that the early internet wasn't exactly private and secure by design. It was decentralized in that you didn't have a few main backbones, but there were central authorities for how you got connected to it if you wanted to host, how you obtained your domain name for identification, what information you had to provide, etc. That doesn't really strike me as a problem, but if you want a network that works like the internet but is actually decentralized, the tor deep web is a lot closer to it than was the internet of the 1990s. Of course, the actual network infrastructure is still rather centralized, but almost nothing else is.

1
1

Hey cool, you went serverless. Now you just have to worry about all those stale functions

doublelayer

How about no?

"[...] posting production functions straight from a hackathon, because... why not?!"

I have a reason why not. Let me get your opinion. Perhaps a reason not to do this is that no good code gets written at hackathons. Sure, they're fun. You get to play around and come up with good ideas. You get to work with people you like, and depending on who runs it, you may impress somebody and get a job out of it. But eventually, after you've gone home, fallen asleep immediately, and gotten up at 3:30 AM because that's just how things work when you just stayed up far too late, then caught up on the things you need to do, you sit down to look at the code you wrote. And most of it now has to be fixed. Features need to be made into ones that work, rather than ones that work under certain conditions and crash under others. You need to actually make good systems you had placeholders for. If you take code that you wrote at a hackathon, which is by definition first-draft, under stress from the time limit, and proof of concept, and you immediately put it into production, then you are showing me that you don't understand how the process of writing secure software works.

"Last, and potentially worst, most functions contain open-source application dependencies. These libraries are statically embedded inside the function, and so they grow stale even as new versions of the library are released to the public. Over time, vulnerabilities are discovered in these older versions, including some that are very severe, and yet nothing in the serverless flow informs you they exist."

You know? That's terrible. I think that's such a big problem that we probably want to modify the serverless system to make that not a problem anymore. Let me run this past you--how about we keep some dependencies on site so that we can update them. We could just slot in the new libraries when we have to. And we'd have to be careful to ensure that all the dependency trees work well. Actually, if only we could have a repository of code that could be updated independently of the software. Those who can't keep up with new releases could include them statically, but if you could just load them when the program starts, that'd be great. Why don't we have a command on the system that just updates the database and then downloads the new approved versions of the libraries. I have a suggestion for what we should call it. I'm thinking "pacman -Syu". Pacman stands for the Performant Agile Computing Management of Advancing Nodes, and the -Syu command stands for "see you, uberrisks". Can this suggestion be covered in the next DevOps article, please?

Sarcasm note: Obviously, I'm arguing for using a standard operating system that manages libraries automatically and can be patched easily. In case some are not familiar with the command, "pacman -Syu" is the command used to automatically update all packages on arch linux.

1
1

Zero arrests, 2 correct matches, no criminals: London cops' facial recog tech slammed

doublelayer

Re: Numbers

Even if we go with a 98% FDR, the time wasted trying to keep up with the useless flags will be rather irritating. If, for every person we want to find, about 49 people are incorrectly flagged, and it takes five minutes to track that person, accost them, and question them enough to realize they aren't someone you're interested in, then over four person-hours are needed for each person you want to track just to deal with the mistakes from the system.

Now, we have to ask if five minutes is really going to give them enough time to track and exonerate each person. I'm assuming the tracking process can take a while, especially if they are running this in crowds, and that questioning them isn't as basic as saying "Aren't you that guy we're supposed to arrest?" I have no statistics on this, but I'm assuming that they have to verify documentation of identity and question the person as to their links to the person they want to find. I would also hope that paperwork is required to explain what the officer was doing at that time, which would take further time. I really think it will be longer than five minutes.

By the way, to those who say that many of the false detections can be removed just by having a police officer look at the pictures, that is almost certainly not the case. If the system matches the faces, the picture is either similar enough or of poor-enough quality as to make detection difficult. If we could just use humans to compare faces from indirect and low-resolution video with better accuracy than this system, we probably wouldn't even need this system.

2
1

You're in charge of change, and now you need to talk about DevOps hater Robin

doublelayer

Way to be completely unbiased

"Robin sits in the stand-up meeting, arms crossed, each morning mumbling "Well, I wrote some code" and then takes that long, loud sip of tea."

OK. You clearly went to some effort to always mention Robin in a nasty light. That's not going to help you convince those of us who think devops is pointless to like your argument. Maybe next time, you could grant that there are valid questions such that the most positive term for someone who didn't buy in immediately isn't "justifiably crotchety".

Here's the major problem with devops. We're not sure what it really is. We understand that you think it's a thing, but your articles seem to contain sections that were written by the "big buzzword generator". To me, a lot of them seem to say, under the jargon, that there are problems and we need to make them into not problems. It doesn't say how to do that, other than making some suggestions that we already know about. For example, having meetings and discussions seems to be a major part, with the various sections having contact with each other so that a problem noticed by one can be made known to the others so that one of them will make it into a not problem. That's not new. The reason a lot of software is crap isn't because people were thinking "I never thought that one group should note problems to the responsible group", but because the responsible group didn't care, the problem went to the bottom of a pile of papers, or management pushed the software through.

In addition, devops seems to be a project that, whatever else it does, will generate a lot of paperwork. I hate to inform you of this, but having systems requiring a lot of incidental work just to keep the system running makes things bog down. For example, the company I used to work for, where we all had to get up and have a meeting that often lasted at least four hours, during which everyone discussed their projects, was counterproductive. I had nothing to do with many of those projects, so while I listened to details that I couldn't use and problems I couldn't help to solve, I was not actually doing my job. That meeting system has, I'm told, been canceled.

Here's what you have to do to start to satisfy me with this devops system, if you're interested. First, stop using clearly biased language, perhaps to try to sound humorous. It's irritating me, at least. Second, be really clear about what each thing is that you're talking about. If a theory says do small unit tests, don't phrase it in several paragraphs of explaining what incidental systems are required, say "run many small unit tests". Finally, explain not just what the system is, but why it's going to work in practice in the real world. Explain how someone explains the philosophy to a manager who actually listens and wants to understand, and how to use it to avoid the problems that actually exist.

5
1

Your software hates you and your devices think you're stupid

doublelayer

Re: Older stuff WAS simplier...

On most microwaves I've seen, the door is attached to a switch. You still have a standard hinge and handle to pull open, but if you do that the microwave immediately turns off. It won't let you start it unless the door is closed. So as long as the door keeps itself shut, radiation shouldn't be a problem. That said, I don't really have anything against a specific control for opening the door, as it at least serves a purpose, unlike the many buttons I have on my microwave and have never actually used.

0
1
doublelayer

Re: Older stuff WAS simplier...

That's the control you don't need. Do what every microwave does, and I assume did, and just have a door. You pull it open. However, while I'll be the first to agree that I need very few microwave buttons, I'll take a number entry pad over logarithmic dial every time. I'll find how long I'm going to heat the things I typically do. Entering it at that point does not require me to look at the labels. Sure, there's an element of muscle memory in the dial which may make it more straightforward, but I find pressing 1, 5, start is pretty easy.

0
2
doublelayer

Re: There's an island somewhere...

I've produced audio tracks for cars before so that people can listen to audio books. Often the problem is that the car will forget your place and send you back, so my main task is chopping the audio up so that you can use the fast forward button to jump through sections as if they were separate tracks. I've written a piece of software that chops during long periods of silence which results in pretty good breaks and there isn't any weird popping noises and ... I'm off topic. Sorry. My original point was that these small portions were useful because pressing the fast forward button to jump from track to track was better than holding it down to try to move inside one. That never seems to get you anywhere. Either it moves forward at about 3x normal speed, so you have no chance of getting to the middle without having held your finger on the button for a minute or two, or they made it exponential. That seems logical, as usually you just want to jump a bit, but if it gets to the point where it's skipping five minutes at a go, the function is once again useless.

Of course the cars learned that I was about to defeat them, so they suddenly seem to have adopted the tactic of sometimes jumping to a completely random track when they finished with one. I've moved on to suggesting that people just get a car with an analog audio connection and use something else that will actually read the device and play the files in order.

4
1

Artificial intelligence is good for at least one thing – making hardware important again

doublelayer

Re: "Treat the AI as a team member,"

I can only hope that when these companies finally get the technology to create a sentient program, which will have a few tasks but will be rather useless, that they have learned enough not to make it. For now, I don't care that the process to improve the mathematical basis is called training--it takes in data of one format and outputs data of another format. That's not a colleague. If it starts giving me wrong answers, I'll fix it by deleting recent training data, not asking it questions. If it never works right, I'll fix it by throwing it away and starting over after an analysis of what went wrong. Maybe we want to do that to coworkers who aren't being helpful, but we don't actually get to try it.

1
1

IBM bans all removable storage, for all staff, everywhere

doublelayer

Re: Two use cases

That's fine, but you're likely to destroy a rather large quantity of USB disks. I might suggest using DVDs as much as possible. Not only would they be much cheaper to use even if you destroy them, but you would be rather certain that nobody has modified their contents, which you could encrypt rather easily. Of course, that doesn't help if you need more than 4.3 gb of space, but perhaps sometimes. I've considered using read-only USB devices under some of these circumstances, if only to prevent overuse of hammers.

3
1

Industry whispers: Qualcomm mulls Arm server processor exit

doublelayer

Re: Why should ARM Holdings help?

"[T]he WHOLE point of cloud is too pool customers at such scale that they can keep all cores utilized."

Is that really the case? Even cloud must have comparative downtimes. If some data center in Europe needs 100 units of performance for peak consumption by clients, which probably happens during working hours if these are business clients, then what would the requirement be at 3:30 in the morning. I don't doubt that there are people using those systems then, nor that there are tasks the servers perform off hours, nor that there may be businesses in other areas that are operating during the day and therefore using more power at European night than in European working hours, but even so I'd guess that there is a noticeable difference. If only 85 units are required, then using 85 or 90% of the cores and shutting the rest down for power savings can't hurt, right? Also, this could be a factor for companies that have systems not on the cloud but still need quite a bit of performance.

0
1
doublelayer

Re: RISC-V is the future

>Perhaps the downvoters could explain to us just why RISC-V is not the future?

I didn't vote either way, but I'll take a crack at it. I have nothing against that ISA. It's fine, and it shows some promise. That's not enough. We don't really need to keep inventing new ISAs for us to decide between; if we can get the ones we have running faster with less power, that gives us what we want. If this one will run really fast with low power and is relatively cheap to make, we will probably want it. However, it's at such an early stage that nobody can run on it now nor realistically plan on it for the near future. There have been enumerable new technologies that would have been great, if everything people said about them was true and we actually got it, but turned out never to become reality or was not that great compared to what we were told. For example, I've heard that basically every new file system for Linux/BSD servers would be the future. ButterFS was going to solve major problems. ZFS was nearly perfect. Even apple and microsoft did that. APFS will speed up the mac. REFS will do, actually I don't really know what it does but microsoft sent me a document about it, and I'm sure that it has some new features. Some of these will end up being very useful. Others won't be used in the longterm.

Thus, when you tell us that something is the future, without evidence of the future getting started now, a lot of us will assume that, whatever happens, it's not relevant now. In many cases, it won't be relevant at all. Everyone has at least one time where they said that something would be pointless and turned out to be wrong, but unfortunately everyone usually has many times where that turned out to be right.

3
1

Making calls? Ha, not what most peeps use phone for – Ofcom

doublelayer

Maybe, but

I'm sure a lot of smartphone users willing to and comfortable with installing apps, which is all that was measured, would like web browsing to work, but how much of that is for browsing data-heavy sites. Might it be that they wanted things like email and push notifications to be available all of the time? That would back up the findings from Monday's article on voice being considered more important and reliability being rated above speed, and it is definitely how I view my data connection.

0
1

Measure for measure: Why network surveys don't count what counts

doublelayer

I don't find the web to be most important for me. My primary web use case is e-mail, which doesn't take much data. Even those who upload a lot of photos won't need consistent bandwidth. In my case, if my data gets killed, then I have to wait to read my email until I'm in WiFi range. It could be annoying if I'm on the road for a long time, but that rarely happens and I can almost always wait. If I can count on being able to have a voice conversation that doesn't drop out and where people can hear what I'm saying, and that my text messages will arrive without being forgotten, then my main uses for my phone's wireless capabilities have been met. For those who use online apps more often, or for those who actually stream on data plans, the factors are undoubtedly different. For me, it's not that critical.

0
1

Microsoft vows to bridge phones to PCs, and this time it means it. Honest.

doublelayer

sorry microsoft, you had this already

I remember the days of Windows CE and windows mobile 6 devices. That's the closest they ever got. While those devices had very little connectivity, couldn't store much data, and had annoying restrictions on programs, they had a basis that could lead to what would be useful. At that point, you synced all your data over a cable, so that was annoying, but the theory was there: keep the same documents, e-mails, calendars, etc. on each device and make the programs to use them similar enough that you don't have to learn two, but not so similar that the interface for one of them is terrible. If they kept up with that theory, eventually uniting the two operating systems enough, they would have what people want if they want the two devices to be essentially the same. And people bought those devices, so they had an existing user base.

The hardware of today and of five years ago would be perfect for this. Extra storage would allow for keeping all the documents stored, at least for most people, on the mobile as well as the desktop or laptop. WiFi and bluetooth would ensure sync was fast and occurred in the background, so things wouldn't be missing from one. That'd also lead to a ton of cloud customers for a your data is completely backed up a la dropbox solution. It would have ensured customers for microsoft, as its control over the desktop and office areas would have helped to drive the sale of "completely connected" mobile devices.

They had the basis they could build on. So what did they do with it? They wrote windows phone 8. Well, I give up.

2
1

Risky business: You'd better have a plan for tech to go wrong

doublelayer

Re: @Doctor Syntax

I'd rather have the many different systems approach. If you have the one integrated system, you're benefits are that the manufacturer should know how it works, and if it breaks it's probably on them. This probably means that they have total control, and if you manage to break it in a way they dislike, they can put a lot of pressure on you. If I am running some piece of software and it turns out to be bad, I can more easily replace it. Depending on what it was, my reconfiguration time may be low or high, but I almost certainly won't have to reinstall my OS, let alone replace my hardware. As for the issue of loading java script from remote locations, I agree that that is crazy. I'm perfectly happy to use such libraries, but I'm going to check them out first and they will be hosted on my system. My issue is not with the fact that now I'm using someone's code, as I assume it's been tested by the other sites that use it, but that the approach to receive it is ill designed.

1
2

Google Pay heads for the desktop... and, we fear, an inevitable flop

doublelayer

Re: Google and android

That could be, but they have a lot of search and ads clients that don't have android, from their having chrome installed on everything, the default consideration of google over any other search engine, and google being default on firefox and safari (both IOS and OSX versions) and the google ad frames on many websites. I agree with you that it would be hard to undermine google's near complete victory in that realm, but if a business came up with a better ad system and people started installing that one on their sites, google could lose some without needing android to be weakened. Meanwhile, android, while it has large market share, has a distinct rival IOS and mini rivals in the mods for phones and the chance that eventually I will find the cheap feature phone I'm looking for. I think google could do a lot more to kill those than they have done, and the fact that they haven't suggests to me that they're pretty much fine with the smaller castle across the street because they know no cannons are going to take aim at their search and ads.

1
1

Microsoft's latest Windows 10 update downs Chrome, Cortana

doublelayer

Re: Try Linux. - Or DON'T! (My love/hate Linux rant.)

The language indication in the task bar refers only to the language of the keyboard at the time. It is possible that, while enabling the Slovak keyboard, the Slovak language pack was downloaded too and set as default. I'm not sure why that could set only some of the labels, but it's the best theory I can think of for the result.

0
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018