Posts by andy 103

Not their only problem

Having placed an order with Halfords for an oil change I clicked on the link to track my order.

I'm not sure if this is the exact same thing as the story but I saw my browser made a request to a URL where it passed my email address. I won't post the URL as I'll report it responsibly. It returned a JSON object with details of my car. The first 3 characters of the reg plate were asterisked out. But it contained details of the MOT date, make, model and colour of the car.

There's nothing too sensitive in it but it does make me wonder if I could pass any other email address and get a response. Haven't tried it and don't want to! I'll report it anyway.

Throw away the key (no pun intended)

Anyone who's suggesting the companies should be liable might want to re-read this sentence:

"she planted cryptocurrency mining software on new servers with the income from the mining going to her online wallet."

That's where it goes from - you should be grateful that somebody has found this security hole (and yes, at that point the company should be 100% liable) - to zero tolerance or respect for the person who "found" said hole.

There's a clear difference between people who find security breaches, report them and move on... to this.

They should lock the bastard up and ensure she's never allowed to use a computer again. Send a clear message.

Clue's in the name

You just can't have a camel cased 2-word company name that ends "Hub" and be taken seriously.

It's associated with one thing with a notable orange and black logo.

In terms of this particular story though... crikey.

Paper isn't required due to the cost of ink

See title.

No, really. I bought a new HP Deskjet only a year ago. One official HP cartridge for it yields less than 200 pages of A4.

I have a pack of 500 sheets of A4 paper that I bought from Tesco for about 3 quid. I don't think I'll be running out *paper* any time soon since I can't really afford to print stuff due to the cost of the ink...

In fact I'd go as far to say that the paper I have bought will outlast the printer.

Screen size will always be the limiting factor

So why aren't mobile phones more like wee Chromebooks?

Erm...The degree icon here is sarcastic. This article - and so many others like it - are pointless and overlook the most obvious problem with mobile web use: the screen size.

At this point people tout "responsive" sites as the answer to this, and indeed some people have done a better job than others when it comes to making their website render well on small / medium / large viewports. But... there's only so much you can do. The resolution of the screen isn't even the issue. There are Samsung and Apple phones with insane resolution, but none of that overcomes the problem of, well, it's a tiny screen (in the grand scheme of things).

No browser can overcome this problem so there is very little incentive for the average mobile user to compare browsers. Interestingly this is why I think a lot of iPhone users just use Safari, when the exact same people have installed a non-Safari browser (i.e. Chrome) on their Macbook / iMacs.

The purpose of websites is to either consume information, or to make some interaction (filling in a form, contacting somebody, buying something, make a booking...). It's not rocket science that doing any of those things is a nicer experience on a big screen where you can see information clearly layed out.

As an example: why do you think nobody designs or builds mobile apps using a mobile? Why do people still use Desktops to build software? It's certainly not to do with processing power, memory or much else. It's the f-ing screen size, and nobody with any amount of money is ever going to be able to overcome that.

Firefox is dead

But before you reply or downvote, let's look at some facts.

When it comes to usage Chrome is in the high 60% region. It dominates and has done for some time.

Firefox? About 8%

Safari mainly gets used - once - to download Chrome and it's usage (around 9%) is still higher than Firefox.

Twats still using IE? There are still some out there, and some people have no choice (*cough* NHS and those using similar intranets designed for IE).

It's over. Chrome won.

Facts mind, facts.

Not in the interest of customers

"It was hard to do things like understanding a traveler ... to understand what those traveler's are interested in, what their preferences are, what kind of packages of products they usually buy together."

Yet for decades people could travel and make bookings without problems.

Let's have a think, shall we? Even if we go back 20 years, many people were still making bookings for travel without the use of the Internet. It was (and still is) perfectly possible to make a booking without anybody "suggesting" what THEY think YOU need.

This is no different in the way loads of resource is being put into showing "relevant" targeted ads to people. The only people who actually care about this are companies who feel they can make money from it. It isn't in the interest of customers to be followed, analysed and targeted in this way.

It's solving a problem that only exists for greedy companies wanting to nickel and dime consumers.

What I find more impressive is the fact that systems designed so long ago still operate. But they operate because they were built in a way which genuinely benefitted everybody, or at least were made in that spirit. That spirit is dead and buried, and this is a prime example.

"They were designed at a point in time when there wasn't a lot of thought given to what you could do with data."

Or, to put it another way, designed with helping people in mind, as opposed to trying to sell them shit they don't want or need.

Well, if you will include third party JS at random

The article lacks the relevant details but from memory the way it worked in the case of British Airways (https://www.theregister.com/2018/09/06/british_airways_hacked/) is that they included a shitton of third party JavaScript - hosted outside of their domain. If you don't understand why this is a bad idea, please don't become a web developer.

That JavaScript was modified so it requested other .js files (which the attackers had written themselves) from a domain which on the face of things looked legit to an average user, not that they'd see the requests their browser was making in the background anyway.

The malicious script then targets form inputs (e.g. credit card name / number inputs) and makes an ajax POST request with the form data to a third party server for storage and thereafter "shenanigans".

So, if I'm understanding correctly, years later nobody has learnt the extremely simple premise of not including random JS from third parties on your site. Yes I know there are some exceptions where you can't do this, but I'd be willing to bet it was Bob's Shitty Analytics dot BIZ or something where they wanted it for "marketing purposes".

Some smart arse will say yes but what if they modify the JS on your site directly. If they can do that my dear then you have much bigger problems. Frankly though, including third party JS pretty much amounts to exactly this! You're giving somebody else control over what can be executed on your site.

A contradiction of ports

From looking on the Apple website the Studio has these ports:

-- 4 x Thunderbolt 4

-- 2 x USB‑A ports

-- HDMI port

-- Ethernet

-- 3.5mm headphone jack

I'm saying this as somebody who is partial to Apple kit... sorry, but when I bought my iPhone 12 or 2020 Macbook Pro, I was reassured that things such as a 3.5mm headphone socket (in the case of the iPhone), or a HDMI port (in the case of the Macbook) were old fashioned and nobody had a use for these things anymore. If I wanted such connectivity I could either buy an adaptor, or make expensive upgrades, e.g. change my perfectly good Samsung HDMI monitor to a USB-C/Thunderbolt one.

If somebody has £2,000+ to spend on a desktop, surely - SURELY - these *are* the people with the newer, more expensive kit to connect it to?

It's almost like an admission that things such as 3.5mm jacks, ethernet and HDMI ports are still incredibly useful... Which is it, Apple?

Is it a really shit place to work if you're under 40?

This is a totally real, no-sarcasm-intended post.

I'm in my late 30's. When I was growing up, an IBM PC was seen as a "high end" piece of kit. The company making them was seen as a professional organisation and somewhere my (private) school told me was a good place for a career.

Nobody from my school AFAIK went to work there. Several people from there have done extremely well, at relatively tiny organisations. Or big ones that just weren't IBM (Google in particular, although I'm told this is somewhere you have to "like" working to get on well, and it's not for everyone).

Every story I've read - especially on the Reg - and associated comments is that IBM is, for want of a better phrase, a shithole of a place to work. Full of people waiting to retire who simply don't get how I.T. works in 2022.

I'm not thinking of working there myself, but does anybody actually think it's a good move especially for somebody who is say in their 30's?

Awful memories

At the time it came out I was starting up a business and a long story short was that I simply needed a computer, any computer with a browser. In my haste I went to the nearest available place - a PC World opposite my premises. Yes, I know I should have known better. But as I said I was in a hurry.

What I got was an Advent(?) branded desktop with the world's shittest resolution widescreen monitor. Running Vista. I can't remember the spec but I know it struggled to render the UI, which it then tried to display on said monitor. A horrendous experience, made physically tactile via the £8 plastic keyboard and mouse that came in the box.

It did the job I needed it to do for almost 2 and a half years and then thankfully broke beyond repair. It was without question the worst computer and experience of using a computer I ever had. Yes the hardware was shit but the OS made the experience that much worse.

Starting a business is hard and that Vista desktop was somehow poetically appropriate to that period of my life. Everything was a struggle, but then everything moved on...things got a lot better.

(The machine has since been replaced by a Mac with a 5k Retina display).

There aren't many better web dev environments

Coming at this from a web dev perspective. Mostly using PHP, sass, ES6 JavaScript in Docker containers and CI processes on GitHub.

Previously we used Eclipse PDT and/or NetBeans with a fuckton of "workarounds" to try and make our workflow happen.

The nice thing about VS Code is the number of decent extensions you can get for it to support almost any workflow. The built in terminal seems to be something other IDE's lacked and you really do question why, in hindsight, these other tools didn't have that.

It's an environment I can work in pretty much all day without needing to switch between applications. Finally.

For us we can now do pretty much all our work in VS Code. We run our tests locally and then push to GitHub before using a CI process on there which can be configured so code can only be merged once it passes all the required checks.

The lack of a Linux build hasn't stopped us although it is odd given the number of people who develop directly under a Linux environment. Can't comment on the Windows build but on a Mac it works flawlessly.

Oh, and as a final nail in the NetBeans / Eclipse coffin - it starts up in under 3 seconds and doesn't use all my RAM! Why this was such an issue - in IDEs that did *so much less* - is beyond me.

IT person

"A full-stack, commercial-grade software developer is a different set of skills to the person who fixes your printer when it's broken."

This. 100% this.

As you've alluded to in the article, universities simply see these people as "IT staff". How do you think they know the value of a software engineer if they don't even understand what that person does? How do they then define "top-class"?

I've worked a software engineer for over 20 years and from what I can see at the moment there's a clear reason that you can find 6 figure positions. A lot of developers and software engineers - frankly - aren't particularly good, or as good as they claim. A lot of work has been created off the back of substandard work being done by incompetent developers. Those developers are typically the ones who blame "management", especially when it often comes down to their own narcissism and/or inability to work with other people.

Most university positions are graded. But - they sometimes offer benefits such as more generous pension schemes and a better work-life balance - than the private sector. Sometimes - not always. As such, the private sector is always where the highest paid positions will be. It's unlikely this will ever change in academia unless or until Universities are better educated (irony alert) about what these people actually do in 2021.

But the Universities are not the only ones to point the finger at. The average salary in 2021 in the UK is still under £30k. Many software engineers simply rely on their "years of experience" yet haven't learnt or progressed their skills during those years. They see private sector salaries and feel they're worth more money simply on the basis of their experience, when it's the results and - ability to work with other people effectively - that actually matters. A £40k salary for these people - who are in abundant supply - seems quite reasonable.