* Posts by Charlie Clark

9909 posts • joined 16 Apr 2007

Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters

Charlie Clark Silver badge

This is the sort of thing you can't rely on code review to pick up: fuzzing (what we'd now call "generative adversial testing") is what you need to pick up those things you thought fixed.

Apache OpenOffice can be hijacked by malicious documents, fix still in beta

Charlie Clark Silver badge

Re: LibreOffice

It's still fugly, though isn't it?

Charlie Clark Silver badge

Re: LibreOffice

While there has been lots of progress with LibreOffice, I find AOO has by far the better UI and, on MacOS at least, is more stable.

Hopefully, at some point there'll be a grand merge.

Charlie Clark Silver badge

Re: Making me feel old

This kind of thing is still cropping up in image files…

Chip glut might start in 2023, says IDC, and auto-chip traffic jam could clear this year

Charlie Clark Silver badge

Re: Bleak

That's just the inventory system's way of saying mañana – not now. The supply chain is still broken but it's now more a question hiccups as opposed to out and out failures, for which the just-in-time mentality of the car industry is mainly to blame.

The bigger problem is that the car industry now wants more, more powerful silicon at the same time as world and his dog does, but new capacity is coming on line and older fabs will be retooled.

Apple's M1 MacBook screens are stunning – stunningly fragile and defective, that is, lawsuits allege

Charlie Clark Silver badge

Re: Can normal people sue?

Have you never heard of product liability? Recalls, etc.

WTF? Microsoft makes fixing deadly OMIGOD flaws on Azure your job

Charlie Clark Silver badge

Re: "fixing deadly OMIGOD flaws on Azure your job"

AFAIK Microsoft will not be covered by the usual software exemption clause for product defects. They can write all they want to into the T&Cs but this has product liability and class action written all over it and about time to!

Huawei CEO hopes to woo foreign boffins to work on 6G in Shanghai campus that feels just like home

Charlie Clark Silver badge

Re: Thailand a better option

They will probably continue to have multiple campuses but they generally need them to be close to major markets because this helps with certification: big one here in Germany.

Charlie Clark Silver badge

You obviously haven't been keeping up: Huawei and others are already actively involved in LTE (4G + 5G), WiFi 5 + 6 and everyone is using their stuff in parts of their networks: we already can't do 6G without them.

It's time to delete that hunter2 password from your Microsoft account, says IT giant

Charlie Clark Silver badge

Re: No MS account

Already there and beyond. It's no longer possible to set up Outlook manually for an on premise Exchange – I hate Outlook but need to be able to use it to help the users better.

Linux kernel minimum compiler raised to GCC 5.1, allowing potential C11 use

Charlie Clark Silver badge

Re: compiler masturbation

Maybe, but this move isn't really about that. You have to consider the changes in processor architectures so x86_64 and ARM are better served by newer compilers. The alternative, which is becoming increasingly common, is switching completely to CLANG.

Apple debuts iPhone 13 with 1TB option, two iPad models, Series 7 Watch

Charlie Clark Silver badge

Re: Apple Watch battery life

Mine does two years.

Tech widens the educational divide. And I should know – I'm a teacher in a pandemic

Charlie Clark Silver badge

Re: Tech probably does widen the educational divide

Denmark had the kids back in school in spring 2020.

Charlie Clark Silver badge

Re: Tech probably does widen the educational divide

Not locking down the schools: see Denmark, Sweden, et al. for data on this.

EU open source study highlights economic benefits but says Union is 'on the back foot' with industrial policy

Charlie Clark Silver badge

Dodgy basis for comparison

Lots of German companies are heavily involved in open source but for many reasons they don't host their large projects on GitHub.

Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware

Charlie Clark Silver badge

Re: What could go wrong with browser lock-in?

We'll never know because Apple won't let us try.

You can 'go your own way' over GDPR, says UK's new Information Commissioner

Charlie Clark Silver badge
Pint

I'd also be surpised if the directive stipulated CE only, or even if the crown wasn't allowed as an equivalent, just means that the glasses couldn't be sold elsewhere in the EU. Lots of products have CE + loads of other symbols. Still, pointless trying to discuss this with the red top crowd. Please ignore me, while I mumble into my pint glass.

WhatsApp to offer end-to-end encrypted backups in iCloud, Google Drive with user-managed keys

Charlie Clark Silver badge

Encryption should happen at rest

There's no need for the messages to land in the cloud in the first place, but if they do, it's better to encrypt them beforehand on the phone, as Signal does. https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages

Also worth enabling a timeout for messages: let's face it, in general, most messages are have a half-life of about a week.

Charlie Clark Silver badge

Re: Noticed

You can always compress files using RLE.

Charlie Clark Silver badge

Re: They are not interested in the message!

Oh, they wouldn't mind knowing what people are talking about as well.

Spot the dog? No, we couldn't either because Spot is a robot employed by United Kingdom Atomic Energy Authority

Charlie Clark Silver badge

Yes, that's the problem: the electronics are at least susceptible to radiation as meatware.

Microsoft adds hybrid meeting features to Teams, including interruption-detecting AI

Charlie Clark Silver badge

Re: "notify users who interrupt others"

I can't agree with your assertion that people know that they're interrupting or that others are too timid or polite to interrupt. Personally, I've no problem with making myself heard but it's well-known that this does not apply to everyone, and this is a major problem with meetings in general, which tend to favour extroverts and sociopaths.

Whether an AI watching people's faces is the correct solution, I'm not so sure. Training people to be more assertive and conveners on reining us loudmouths is probably just as important, but I can see advantages, especially for conveners, in a system that might pick up on some visual clues

Docker’s cash conundrum is becoming a bet on a very different future

Charlie Clark Silver badge

Docker hub is really not that impressive or are you talking about the build system? Most projects now have CI systems that can fairly easily be extended to build images. For larger projects you're likely to want to build your own images anyway.

China's biggest chipmaker to build colossal chip factory

Charlie Clark Silver badge

And the car industry is currently feeling the pinch of broken supply chains, currently Malaysia.

Charlie Clark Silver badge

Re: Colossal chip factory

It's Mary Pipers, to go with the carrot crush!

RIP Caroline Aherne

Facebook: Let us tell you WhatsApp – we don't want to pay that €225m GDPR fine

Charlie Clark Silver badge

The Irish DPC used to be a joke but the work by Schrems et al. has encouraged changes. But GDPR has also changed the legal basis.

Then again € 225 million is pocket change for Facebook.

Imaginary numbers help AIs solve the very real problem of adversarial imagery

Charlie Clark Silver badge

Re: But how well does it do?

That, but more worringly is adversarial tampering: adding noise that will successfully distract the AI. Imagine the consequences of this in real life if you can effectively scramble road signs, etc.

Cloudflare says Intel is not inside its next-gen servers – Ice Lake melted its energy budget

Charlie Clark Silver badge

Re: Is Intel the new IBM?

It seemed to me as hard as it was for x86 to scale down in power(for mobile) it was as hard for ARM to scale up in performance/scale(for servers),

Once the legacy x86 code is gone the difference is indeed small, though ARM now has more experience in asymmetric designs with big.Little now standard. But what ARM really does offer in addition is the ability for custom hardware: hardwiring certain encryption or codecs can make a huge difference overall.

Charlie Clark Silver badge
Stop

Re: Is Intel the new IBM?

Some edge servers serve as proxies for the x86_64 servers so need to be able handle the relevant code well. But the article also points out that they are also actively evaluating ARM chips. They may have simple decided that chips which provide the best current performance / power tradeoff are the Epycs and they are currently not at the scale large enough to warrant their own designs.

Charlie Clark Silver badge

Re: Is Intel the new IBM?

Generally you need at least three participants for a competitive market and it really has been the promise of ARM that has made both AMD and Intel up their game.

Google is designing its own Arm-based processors for 2023 Chromebooks – report

Charlie Clark Silver badge
Stop

Re: What's the betting...

Why bother when they control the whole OS? If they want to, they can add a TPM unit to stop of OSes being installed but "baking in" telemetry would be an invitation to class action lawsuits.

But seeing as most people are already more than happy to give them the data, why make additional work for themselves?

The main reason for wanting to control design is time to market, with things like AI but also custom encryption or other acceleration such as codecs being key differentiators.

They've only gone and done it – South Korea forces Apple, Google to allow alternative app store payment systems

Charlie Clark Silver badge

Burned before

Though apparently well-integrated with the US economy, Korea has often felt the limits of this integration. For example, it was on the blacklist for strong encryption which meant that government websites were forced to user IE plugins to provide secure websites.

Arms not long enough to reach the plug socket? Room-wide wireless charging is on the way

Charlie Clark Silver badge

Re: "...37 per cent efficiency..."

I'm not sure if convenience will drive this at such low efficiencies, though I'd expect this to pick over time with different materials, frequencies, etc. But there may well be certain environments where this kind of power distribution makes sense.

In Microsoft's world, cloud email still often requires on-premises Exchange. Why?

Charlie Clark Silver badge

Re: Need to get away from Exchange altogether

format/flowed is another thing Outlook can't get right.

Charlie Clark Silver badge

Need to get away from Exchange altogether

Exchange is rapidly becoming the next Flash due to the monoculture. The arms race is hotting up and Microsoft has thus far not demonstrated that it can keep ahead of the hackes and, once Exchange is hacked, the hackers usually have the keys to the kingdom.

It may be interesting to see how liability due to software flaws changes in the move to SaaS (Microsoft is pushing this because of lock-in, CIOs because of costs). Thus far software companies have been largely exempt of liability as long as they can provide an update for customers. It will be interesting to see the jurisprudence in an SaaS world.

Rumors of satellite-comms-capable iPhone abound. The truth could be rather boring

Charlie Clark Silver badge

LEO constellations – the next Uber, the next smokestack

LEO constellations are a disaster waiting to happen but they are also a good example of how much Silicon Valley loves to move into unregulated markets and then bully regulators into silence. Unregulated markets almost guarantee network effects for first movers. One of the reasons for this is that unregulated markets often rely on unpriced or underpriced common resources in what is known as the tragedy of the commons: fisheries are a good example. Providing voice and data services via LEO is a bet that the costs of simply maintaining the satellite infrastructure will always be cheaper than the combined infrastructure and licence costs of ground-based solutions. In addition, and this is where the comparison with fisheries comes in, no one knows much about the long term consequences of LEO. Even though the orbits decay naturally, without regulation it's easier to imagine the most useful orbits filling up quickly on a first come, first served basis. And, even if the orbital decay means that there should be less junk in space, we still don't know anything about the potential consequences of lots of satellites terminating in the upper atmosphere, though the extensive use of aluminium should give cause for concern. In the absence of regulation, all profits will be privatised and all damages will be socialised.

The Register recreates Apollo 15 through the medium of plastic bricks, 50 years on

Charlie Clark Silver badge

I think Wag the Dog covered this best: if it's on television it must be true; even if it's fictional.

Rockset hopes to lessen streaming analytics time-suck by having SQL transform live data

Charlie Clark Silver badge

Scale will still be a problem

The more typecasting you can do as part of ETL the better: pgloader is a good example for this. But as soon as you want to start indexing for queries you're going to want to make tradeoffs.

This approach sounds very much like being able to run prepared queries, at will and via batches (renamed as "rollups" by those clever chaps in the marketing department), in near real time. This will certainly drive up the RAM / server requirements.

What's the top programming language? It's not JavaScript but Python, says IEEE survey

Charlie Clark Silver badge

Re: Written in What?

I think you'll find that, by lines of code, COBOL and Fortran are still top dogs and much of the world would grind to halt without them.

Charlie Clark Silver badge

The number of syntax changes were limited and most of them could be handled reasonably gracefully. It was also fairly painless to forward-proof Python 2.6 and 2.7 code for then eventual transition to Python 3 only. Still, it was only when explicit support for u"" strings we reintroduced that the real gotchas went away

The arcane syntax, including backticks, was removed before all this. But I still find myself wishing for the return of the print statement.

Developers still struggle with some of the internals, especially for C extensions, which may require extensive refactoring for no perceptible improvement.

But worst would be the tendency to add fashionable stuff that really only covers edge cases: type hinting and the awful "walrus" operator are my own pet hates.

Charlie Clark Silver badge

Re: Probably right

Rinse and repeat the Django example with almost any largish web framework in any language. Tramlines was written years ago for Zope to allow for better handling of file IO, and Pyramid more or less mandates this.

This isn't related to the language but to the tendencies of developers to try and do whatever they need to do with the tool they know best.

Gartner Gartner on the wall, which is the hypest cycle of them all?

Charlie Clark Silver badge
Stop

Re: Even a stopped clock

Android uses the Linux kernel but is mainly not Linux. Remember, the Stallman thinks it's only Linux if it uses all the GNU userland. And then Google might even (but probably won't) replace that kernel at some point.

Charlie Clark Silver badge

Re: Even a stopped clock

Most of the predictions are total wank. But the curve itself has proved useful, not least for fending questions from clueless MBAs.

And Linux is still only a server OS. But we didn't need Gartner to know that.

Horizon Workrooms promises a virtual future of teal despair

Charlie Clark Silver badge

Re: The teapot with craft IPA.

Having spoken to a couple of brewers about it I think there are two main reasons for the popularity: the strong hops were the biggest break from that bland MAB (middle American beer), that was often the only thing available. And, it's difficult to go wrong because no one will know if it's over- or underhopped. This is one of the reasons behind it in the first place: the hops masked the cheap beer and long and unsuitable travelling conditions.

Personally, I prefer gentler bitters where the balance of malts and hops is more difficult to fudge. But variety is the spice of life!

Charlie Clark Silver badge
Pint

The teapot with craft IPA.

IPA isn't my personal tipple of choice but the invention has to be recognised!

LibreOffice 7.2 brings improved but still imperfect Microsoft Office compatibility

Charlie Clark Silver badge
Stop

Re: Choices

I'm fairly familiar with the specification and, while the descriptions are indeed at times unclear, you can still work directly with the schema. I've worked with far worse; even the post 2006 extensions are documented and the schemas provided.

Internally, I suspect that some of the inconsistencies cause nearly as many problems for Microsoft as for anyone else.

Real barriers to entry are things like taking XLSM off the table, but more worryingly, the move towards "collaborative" work via that cancer that is Sharepoint. OOXML itself relies on the zip format, which doesn't lend itself to changes. It took them a while but Microsoft did realise what a wonderful lock-in the cloud is and has since had CFOs hammering at its doors chanting TCO, TCO, TCO…

Charlie Clark Silver badge

Re: Standards?

No, I say it like – even though it's a good standard, there are still things to fix and improve, but no one's doing this.

Charlie Clark Silver badge

Re: Standards?

While there may have been some obfuscation, I think the real problems with understanding the spec are rooted in essentially transliterating the existing, and undocumented BIFF specification.

Microsoft was definitely guilty of foot-dragging and also most certainly abused the standards process by bribing fast track approval. But, at the end of the day, the transitional specification is good enough for most interoperability. And, having worked with the ISO working group for the last 5 or 6 years, I can confirm that they are still engaged with the process to improve the documentation, which has significantly helped my own OOXML library. During this period, however, there has been no interaction with either The Document Foundation or the OpenOffice team.

And, FWIW, the feedback from ISO is that ODF, while probably the better format, has largely been left to languish.

Charlie Clark Silver badge

Choices

There is a good financial and standards-based rationale for making that single suite LibreOffice

Possibly, but stability and UX are also a problem. For CFOs the licence costs are less of a problem than potential retraining costs. And LibreOffice's UI has been the victim of some very poor decisions. The ribbon in MS Office is a real nightmare but much of the reworked UI was well done. At least on my Mac, LibreOffice is not particularly stable. And there, for Excel at least, there is the add-in ecosystem in which some companies have invested heavily. All this makes switching more difficult

When it comes to the differences betweem transitional and strict versions of the OOXML specification, these are generally minimal. A bigger problem is that they use completely separate namespaces making handling qualified element names a royal PITA. And the undocumented requirements for MS Office. These are, fortunately, generally documented in the implementers notes but it's not possible to automate their enforcement.

But it's good to see the LibreOffice team engaging more meaningfully with the specification. Many long-standing compability bugs seem to derive from simply not reading the OOXML specification. Again, when trying to persuade companies to migrate, having poor compatibility makes you, and not Microsoft, look bad.

Eight-year-old bug in Microsoft's 64-bit VBA prompts complaints of neglect

Charlie Clark Silver badge

Re: Not even PHP or JavaScript

SQL does it all the time: True, False or NULL and indeed the resulting 3-valued logic is the source of innumerable problems. But at least that's going to be consistently shit across runtimes.

Behaviour that changes like this across runtimes is a material defect and a class action would be reasonable.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021