* Posts by unimaginative

125 posts • joined 12 Sep 2009

Page:

Why we abandoned open source: LiveCode CEO on retreat despite successful kickstarter

unimaginative

Re: Funding

"except your paying customers if they switch to it. Which is what happened here."

Exactly my point. They had a lot to lose from it.

On the other hand they did not have much to gain from it, other than a one off cash injection from the kickstarter. All very well, but not sustainable.

They do not seem to have a plan. It seems to be that they could not make a profit from their proprietary product, so they open sourced it out of desperation, got some cash in from the kickstarter, and then realised it was not going to work long term.

I very much doubt the new approach will solve their problem. Their problem was not so much that they lost paying users to the open source version as that they never had enough paying users to have a viable business in the first place.

unimaginative
FAIL

Re: Funding

I do not think it is a growing issue, its a very old one.

You open source something you develop yourself and you can either get other people to contribute, or, at the very least, lose nothing by open sourcing, or something that supports your business (so it increases your sales for customisation, consultancy, or hosting services, or helps you sell hardware, or whatever) or something you can get funding for (grants, sponsorship, whatever) or some other benefit.

The problem is that these people have no idea how to make money from it. No one else wants to cotnribute code, they have no plans for funding except the one off kickstarter. It looks as though it failed as a proprietary product, then failed as open source. The company was in serious trouble not long ago and is technically insolvent with a lot of debt, even after raising more capital. See accounts to June this year.

Icon because that is what Live Code is!

Russian Arm SoC now shipping in Russian PCs running Russian Linux

unimaginative
Thumb Up

Re: ambition comes at a price on the desktop

My daughter uses a Pi 4 as her main machine. We did have some issues with Jitsi and Zoom while using Ubuntu. I have just installed

Everything else she needs: wordprocessors, web browsers, graphics (including quite large Krita drawings) works fine.

I suspect I could make do with one if I had to.

Credit-card-stealing, backdoored packages found in Python's PyPI library hub

unimaginative
Linux

Re: But.. you have the sourcecode right ?

You can have open source repositories with a small and closed group of contributors and gatekeepers - like OpenBSD.

People prefer conveneience to security - otherwise we would be all using OpenBSd, running our web broiwsers with JS turned off, etc.

unimaginative
Linux

Re: But.. you have the sourcecode right ?

Who rang their hands and says you should read the source code?

The point is that people can read the source code, and someone should read it. Even more, people should check what they are installing - a lot of issues come from automatic installation of a tree of dependencies.

Its very rare for this to happen with things like Linux respositories and similar because packages can only be created by trusted maintainers (not anyone who registers an account), and that also means the dependencies are also only available if packaged by someone from that trusted pool. When was the last time someone got malicious code into Debian or Red Hat official repos? Or OpenBSD?

Using proprietary software will not help because it now incporates vast amounts of open source.

Obligatory XKCD: https://xkcd.com/2347/

You are right insofar as someone should be checking. The language repos are too large and too focused on having as much available as possible to do that.

What developes can do is to minimise dependencies (so do not use a library for something you could implment your self - leftpad), use only trusted dependencies, and to check what their idirect dependencies are (there are tools to do this).

I also think there are some bad practices among developers. For example, it is regarded as best practice with python virtualenvs to install everything in the env and block access to system packages (not use --system-site-packages). I prefer to use system packages where possile and get the automatic updates from the OS and scrutiny from OS package maintainers.

Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?

unimaginative
Linux

Re: Linux proves that doesn’t work

" In their paper, Lu and Wu claimed that none of their bugs had actually made it to the Linux kernel"

so that seems to be contested.

SO four questions:

1. what made it to a releae

2. what made it to a stable release

3. what made it to any distros development/unstable/whatever repos - and which distors

4. what made it to any distros stable (or equivalent ) repos

unimaginative
Linux

Re: Linux proves that doesn’t work

The code was reverted, and I think before it got into a release? It was removed before it got into those signed repos.

I do use pip, but I have started using tools that tell me what the dependencies are. I also try to minimise dependencies.

Surely the aim is to embrace every new fad! If you are a CTO and you rely on your employees to sort things out it will be your fault if it goes wrong. if you buy in a solution its the vendor's fault. The same applies to anything "cloud" especially from a vendor everyone has heard of.

unimaginative
Linux

Re: How about using proper change control ?

That works well with linux repositories (possibly even better with things like BSDs) who are (relatively) selective about maintainers. Unmaintained packages get dropped after a while. The package maintainers are not typically the project owners, if by the latter you mean the people who write the software.

It will not work for things like npm and pypi who are more concerned with making it easy to package stuff, and the authors are usually the package maintainers and probably less willing to jump through hoops.

About half of Python libraries in PyPI may have security issues, boffins say

unimaginative

Re: Not security issues

It does quoting in the literal sense, i.e. adding quotation marks around a string:

https://www.psycopg.org/docs/usage.html#query-parameters

I think you are right regarding escaping the string - using a postgres library intended to use in the client rather than sending anything to the server.

I assume the server then does further work when using the values where the placeholders are, but I have not real idea of what is going on there. I am afraid I use RDBMSes as magic black boxes and know very little about internals.

unimaginative

Re: Not security issues

Libraries do some of the work. For example psycopg2 (AFAIK all API's sticking to the Python standard) will quote a string value for you whereas Postgres syntax requires a quote when inserting a character type. Its one less thing to worry about/get wrong. Probably more a convenience that may prevent a bug (most likely one you would spot in development) than a security issue but still one less thing to worry about/get wrong.

unimaginative
Thumb Up

Re: Not security issues

Correct.What I meant to say was use placeholders and the library will deal with it for you

unimaginative
FAIL

Not security issues

Bad code patterns are not vulnerabilities.

Take using pass or continue as a catchall in except. Its mostly bad for non-security reasons (silent failures are not visible to the user and difficult to debug).

They have used a tool that finds potential issues, not vulnerabilities. They have no indication of how many issues have been reviewed by the develoerps who decided they were fine. For example, I use Django mark_safe quite often. Its essential to allow some things such as rich text editing in a Django based CMS (which is why it exists), and is absolutely fine to use on trusted (sometimes because it has been processed to be safe) input. Similarly hardcoded SQL may be using trusted or sanitised sources (very easy to escape your inputs with most libraries).

What would be intersting would be to see the numbers for issues that are high confidence and at least medium severaity. Even better if we could see whether more popular packages are better (i.e. does many eyeballs work or are people selective in what they use).

Intesresting that Google's code is so bad! (If the article not corected yet, the package is unofficial, but the code is Google's).

On this most auspicious of days, we ask: How many sysadmins does it take to change a lightbulb?

unimaginative
Alert

Surely a perfect chance to say "have you tried turning it off and on again"?

Our Friends Electric: A pair of alternative options for getting around town

unimaginative

Re: Are they serious?

Long trips are the exception, but people who do long trips are not.

We are a low mileage familly, and usually do well under 200 miles a week, but once in a awhile we will do a long day trip or go away for the weekend and need to do a few hundred miles in a day.

The (mean) average may be low but the variance is high. Most people may mostly do short trips, but they need the range because otherwise they cannot do long trips at all. There are solutions (rental, running two cars) but they all have drawbacks.

Focus on the camera, mobile devs: 48MP shooters about to become the sweet spot

unimaginative
Holmes

Re: the more pixels you have the more potential you have for

Its a pretty common tactic for anything complex. Remember when Intel convinced everyone that mega hertz was how you measured how fast a computer was?

People prefer simple information to accurate information.

Giant predatory ancient insects pioneered mobile comms 310,000,000 years ago

unimaginative

Re: Limited vocabulary...

Rather like people on mobile phones too busy swiping to watch out for cars.

Even natural history repeats itself

OpenUK's latest report paints a rosy picture of open source adoption

unimaginative
Happy

Re: A company's commitment to participating ... would be much more prevalent

Two thirds contribute back.

Nearly half open source their own code.

That is a lot.

Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation

unimaginative

Re: Oooopsie

Simpler is usually more secure: complexity is harder to test and verify. The industry is addicated to adding more complexity though.

unimaginative
Unhappy

It was the case fairly briefly, many years ago, that you could get a refund on the cost of the OS if you refused the T&C at first boot, but there turned out to be a legal workaround for the law (I cannot remember what) which MS quickly adopted in their licensing.

unimaginative
FAIL

Re: Just Wow! Say it ain't so!

You are just trolling: I do not believe anyone who reads the comments section here still believes you have to type "cryptic commands" to get common hardware to work. Most hardware "just works" with Linux and plenty of people who use Linux here have said it.

Especially weird when replying to a thread in which the GP was talking about how difficult it is to get hardware working with Windows if you need to reinstall.

If all you care about is getting it working, you are better off with Linux.

Cross-discipline boffin dream team issues social media warning: FIX IT NOW!

unimaginative
Unhappy

Gutenberg's printing press did immense harm - short term

The most spectacular example of the harm done by printing was Malleus Maleficarum. It was an early best seller (the first bar the Bible, I think) which played a major role in reiving beleife in witchcraft. It would be a bit much to just blame that one book, but it was very influential and changed a lot of people's views.

The contemporary parellels would be things like people thinking covid vaccines are a plot by Bill Gates to control them because they "read it on the internet".

Not that books and newspapers cannot be used to circulate tosh too!

Realizing this is getting out of hand, Coq mulls new name for programming language

unimaginative
Mushroom

Re: There are two hard problems in Computer Science

Harder one, not just in computer science.

Getting people to grow up.

I am also fed up of American norms being imposed on the entire IT world.

To me when I grew up the main association of the word master was a male school teacher, but American culture must always trump everyone elses. Cultural imperialism.

Coq is a French language, why should they conform to American norms.

Another language had its name changed from Nimrod to Nim because illeterate Americans did not understand that Bugs Bunny was being sarcastic when he reffered to Elmer Fudd as Nimrod - its a biblical reference to a "mighty hunter".

Can the rest of us stick to our own cultural norms please?

Cloudflare stops offering to block LGBTQ webpages

unimaginative
Alert

I remember many years ago a service blocking nudity blocked a lot of works of art (Michaelangelo's David was one) because that was expected in some countries (probably Middle Eastern).

It would be interesting to know what prroportion of customers using this category block 1) live with it, 2) use different categories to do what they want and 3) switch to a non-western provider.

Its easy to forget in the west that most people live in countries with very different attitudes to homosexuality (and women's rights and freedom of worship and freedom of speech and racism....).

When software depends on a project thanklessly maintained by a random guy in Nebraska, is open source sustainable?

unimaginative
Pint

Proprietary software often has open source dependencies, and commercially supported open source is likely to have dependencies

Here is a list of open source components shipped with MS products: https://3rdpartysource.microsoft.com/

Someone has to pay to keep the lights so data-viz outfit Grafana switches licence regime to AGPLv3

unimaginative
Devil

Until they find it is not and then hire one of those cloud services that backup your cloudy stuff.

Then they need to hire someone to run the increasing number of cloud services.

Then they need to hire a "finops" person to track what they are spending on cloud services and try to control it. Yes, finops is really a thing.

unimaginative
Linux

Really? What is now called MacOS was written by Next as NextStep. Did Next have the resources to write an OS from scratch.

Apple's attempt to write a MacOS successor also failed.

unimaginative
Thumb Up

Re: Affero

That is the point of it. If you want to hide the fact you are using open source code, or redistribute it in closed form, you can buy an "enterprise" license or a hosted service.

God bless this mess: Study says UK's Christian beliefs had 'important' role in Brexit

unimaginative
Angel

Re: Religion in the UK?

Why are we discussing this on an IT site? I cannot help feeling the combination of religion and Brexit is flamebait. Really, The Register should be better than that. There is decent content here and no reason to resort to Facebook level trolling to improve engagement.

The lack of consideration of confounding factors pretty typical of the standard of sociological research.

Its very interesting as long as you assume correlations implies causation. Of course there are all sorts of other correlations that will affect it. In particular a lot of Catholics are recent immigrants from the EU, the people most likely to oppose Brexit. Ignore all that and you get a publishable result!

A lot of people who will tick the Christian box (and a lot of those who say "spiritual but not religious" too) will be moralistic therapeutic desists - a group of people who disagree with Christianity on everything except that there is a God or some sort. I suspect they are the largest religious group in the country

I personally know lots of people who go to church regularly (or did before covid). It depends where you live, and who you know. A lot of the congregations now are adult converts (about half at the Catholic church where we used to live) rather than people from Christian families so that skews it heavily to older people.

Its particularly bad with anything to do with religion. For example, a commonly accepted method of measuring religious orthodoxy essentially assumes that religious orthodoxy is being like an American evangelical. For example, it gives you a point for being a biblical literalist. That means everyone from the Pope to St Augustine of Hippo even, arguably, St Paul, is not quite orthodox.

Pentagon confirms footage of three strange craft taken by the Navy are UFOs (no, that doesn't mean they're aliens)

unimaginative
Unhappy

That assume they are morally advanced enough to both be better than us, and to impose that sort of limitation of themselves.

I do not see any reason to assume more non-technologically advanced would mean morally superior - otherwise we would have improved in just the sort of behaviour you speak of - although wars are rarer, and murder rates are lower than they were, and developed countries are better than poor countries on all those problems (although causation runs both ways).

unimaginative
Angel

You will only get voted down for saying anything good about region here. Its full of simple minded atheists who think saying "sky fairy" is a powerful argument and know nothing about millennia of theological argument, or what followers of religions believe or why.

In fact, I would go further than you. Religious belief has been a huge help to progress. In particular theistic religions originated the idea of a universe that followed laws, because it was created by a low giving God. There is a reason why theological principles like Occam's razor have become part of scientific thinking.

Reality as God's creation was also a great incentive to studying science: it was a religious exercise. That is why so many major scientists were clergy: https://en.wikipedia.org/wiki/List_of_Catholic_clergy_scientists

"These churchmen-scientists include Nicolaus Copernicus, Gregor Mendel, Georges Lemaître, Albertus Magnus, Roger Bacon, Pierre Gassendi, Roger Joseph Boscovich, Marin Mersenne, Bernard Bolzano, Francesco Maria Grimaldi, Nicole Oresme, Jean Buridan, Robert Grosseteste, Christopher Clavius, Nicolas Steno, Athanasius Kircher, Giovanni Battista Riccioli, William of Ockham"

Pigeon fanciers in a flap over Brexit quarantine flock-up, seek exemption from EU laws

unimaginative
FAIL

Re: Seriously?

The "only" restriction would have stopped us from buying the vaccines (that were supplied) as early as we did, so we would have been many months behind the current vaccination levels, with the consequent extended lockdowns, loss of life and damage to health.

it is clearly a Brexit benefit and denying that is a post-truth claim of Trumpian proportions (as the EU seems to be run by anti-vaxxers now that is probably not surprising).

unimaginative

Re: Seriously?

No, but purchasing is a lot more flexible than it would have been if we were in the EU scheme so we got supplies a lot faster. Approval is a red herring.

Although theoretically optional, every single EU country is in the EU scheme. We were offered the chance to join and remainers were absolutely convinced turning that down would lead to disaster. As

Zorin OS 16 beta claims largest built-in app library 'of any open source desktop ever'

unimaginative
Pint

People were never scared of phones.

A lot of people are scared of computers and their heads do explode if it looks a bit different.

I in the early days of smart phones, a woman at work who thought it was too complicated to use Google instead of whatever MS search was called back then when it was the browser default in IE, spent hours learning every detail of how to use her new phone.

unimaginative
WTF?

Re: not going to attract any Windows or Mac users.

Are you trolling? I am inclined to class that response along with "you have to compile software on Linux yourself". I find it hard to believe someone who is bothered enough to be here thinks that hardware is such a issue on Linux.

Our household has: my work desktop, three laptops in use, a chromebook, and two Raspberry Pis. All run Linux. Although the chromebook is ChromeOS, but AFAIK that is Linux as far as hardware support is concerned. There were two more desktops and another laptop that we have stopped using in the last year or two but have not acttually chucked out.

The only hardware issue we have had across all those machines is with the NVidia video card in my desktop. It was prone to freeze when using KDE (fine with XFCE). It took a bit of effort to fix, but did not require changing config files, only GUI settings (to switch to a different driver and change the KDE compositor renderer).

Although I have done some minor upgrades to those machines, its been mostly stuff that is trouble free (storage and RAM), so I cannot comment on how easily something like replacing the video card will be. Only geeks upgrade things like that, so it is of no interest to users who cannot fix any issues anyway.

I have had the odd software related issue that needed config files. The only thing in the last year or two was printing over the network to the printer attached to one of the Pis. I also have a current problem with getting pulseaudio to see a bluethooth speaker. All that seems fairly good compared to what Windows or Mac users with a similar motley assortment of hardware and usage patterns would experience.

Every single USB device - a Wacom tablet, wifi and bluetooth adaptors, webcams, an SD card thingie, and a lot more - has just worked when plugged in.

unimaginative
Alien

For a lot of people system administration is something someone else does a lot on a new install.

People do care about superficial differences. A windows user seeing a screenshot of my KDE desktop with an icon only task manager on the side and a small panel at the top said she could not use it because "everything is in the wrong place".

Most people want "the web" and "office" to start, and that is it.

Texan's alleged Amazon bombing effort fizzles: Militia man wanted to take out 'about 70 per cent of the internet'

unimaginative
FAIL

Re: Christian Militia Terrorist

Except that it is not what Abrahamic religions believe. Its a common misconception.

In fact there have always been a significant number of Christians who have believed the opposite, that everyone will be redeemed and no one goes to hell: https://en.wikipedia.org/wiki/History_of_Christian_universalism#History

The concept of hell as deliberate punishment is also taking metaphors rather too literally.

unimaginative
FAIL

Re: Christian Militia Terrorist

The Spanish Inquisition was an arm of the Spanish monarchy, so how could it be trying to coerce the government that ran it.

The crusades were a war, not a terrorist campaign and arguably a defensive one - the first crusade was certainly intended to defend the Byzantines from Turkish invasion.

unimaginative
FAIL

Re: Christian Militia Terrorist

There are terrorist groups with Christian members, as I said.

None of these are motivated by Christianity or Christian beliefs. The IRA has plenty of atheist members.

unimaginative
FAIL

Re: Christian Militia Terrorist

I have not been able to find any indication that he is a Christian.

I hope you are not making the racist assumption that white = Christian and vice-versa?

I have never heard of a Christian terrorist groups. There certainly have been terrorist groups with Christian members - the Liberation Tigers of Tamil Elam probably had the most, but they had even more Hindu members at a lot of the leadership were atheist. I have never heard of a terrorist group motivated by Christianity.

Ruby off the Rails: Code library yanked over license blunder, sparks chaos for half a million projects

unimaginative

The same thing can happen with proprietary software. What happens if you use a proprietary library without licensing it properly? I suspect the consequences would be worse and harder to sort out.

Its a nuisance, but most users can probably work around it - possibly installing will be more complex if you need to get this library separately from Rails.

its also not going to magically shut down existing installs.

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs

unimaginative
Unhappy

Re: Primary...

I think the focus on race based slavery is because this American lead and their historically important slavery was race based. I think you mistyped "black Africans" - what you actually meant was "black Americans"?

That is why it does not matter that, as the article notes, the inclusive naming initiatives meeting take place at a time that suits Westerners but is inconvenient for Asians. The entire point of this is to ensure the projects adhere to western standards, and American ones in particular. What the rest of the world thinks is irrelevant.

It also makes it much harder for people from other cultures to adhere to these norms because they have to learn the right vocabulary. My experience is that it is not only hard for people who speak English as a second language, but even harder for people who speak a non-western dialect of English (of which there are many in Asia) because they have to change ingrained habits,

It is a neo-colonial exercise disguised as progressive.

Canonical turns to Google framework for new installer, but community asks why not have a Flutter on GTK?

unimaginative
Pint

Re: There is no native...modern developers be modern innit

Gtk major releases are only about one a decade so its not that bad.

There are a few cross platform toolkits that keep backward compatibility (like Tk, Lazarus etc.) but they are short on "ooh, shiny".

I loathe Electron and similar as a user. Not developed with them so not comment.

I had no idea Windows was so bad. I thought having multiple GUI frameworks in use was a Linux thing so thanks for explaining that.

unimaginative
Linux

Re: It won't matter...

I use OpenSuse. A bit more work than Ubuntu to maintain, but that may just be my hardware (Nvidia especially) and has smaller repos. Yast is very nice.

There are also a lot of good debian based distros. I have Anti running on an old laptop and might try its sibling MX.

We regret to inform you the professor teaching your online course is already dead

unimaginative

Re: And get a better education...

> I think anyone who's experienced 2020 as a parent can agree with that. I'm no math whiz, but I can do the stuff they ask of my 5 year old. No ####ing clue how to explain it to her. Teaching (at any level) is a distinct skill set

Its easy skill to develop if you only need to teach one to one (class room teaching is another matter. The problem with on off home schooling is that neither you nor the children have the time to learn and adjust, and you are probably sticking to a curriculum designed for schools (not so much a problem with older kids where the exam boards set the curriculum anyway).

I have two kids, one HE up to GCSE, the other still 12 (would be year 8 at school) so we decided not to delay her first IGCSE (we spread them out over a few years) until later rather than deal with the chaos of this year. I blogged about temporary homeschooling vs permanent HE: https://pietersz.co.uk/2021/01/homeschooling-tips-home-ed which might be interesting to people coping with home school

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer

unimaginative

Re: General concern

Caste is nothing like class. It is racism.

People are born into a caste, and your descendants will always belong to your caste. There are not opportunities to rise. Forever.

The only exception is if you marry into a lower caste in which case your children will be of the lower caste - just the "just one drop" rule in American segregation laws.

Lower castes are regarded as intrinsically inferior - just the same as the racial science view of "inferior races".

Caste in India is the world's largest and most deeply entrenched system of racial discrimination.

Its not necessarily as bad in other South Asian countries, but it exists to some extent.

Python 2 bows out after epic transition. And there was much applause because you've all moved to version 3, right? Uh, right?

unimaginative
WTF?

Re: lol

Most of what I do is Django. its is brilliant. Yes, its big, but it does a lot and is flexible.

If you had to "figure out how to force pip to only load specific versions of things" you are obviously not familiar with the tools you were using. its standard practice to have a requirements.txt file with versions specified (and you can have a range, so you can say allow minor version upgrades but not major, or patch only).

If you were using Python for things that should have been done in fast compiled language you are using the wrong tool for the job. You can write a C extension, or rewrite Python code in Cython, or JIT compile performance sensitive code with numba or run the whole thing with Pypy, etc.

Of course, with Python you often find that someone else has already provided a fast library. This is where most of my efforts to use something other than Python come to grief - its always easier to use the Python library.

Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling LVI flaw will slash performance

unimaginative

Re: If these exploits carry one

Thanks for the answesr.

Its really 1. that I was asking about, which I think you are implying would work well.

4. is something I had not realised and could be a real problem. How would the risk of attacks compare?

unimaginative

Re: If these exploits carry one

Maybe you can answer a question I have had for a while.

How would dropping things like speculative execution and having more smaller cores compare - assuming parallelisable workloads would having more cores at a similar cost make up for them being slower?

Server-side Swift's slow support story sours some: Apple lang tailored for mobile CPUs, lacking in Linux world

unimaginative
Happy

Re: x5 Speed Increase on Server Side with Swift?

Thanks, I wrote it.

'I am done with open source': Developer of Rust Actix web framework quits, appoints new maintainer

unimaginative

Re: Not just open source

Can we please finish the "open source is written by hobbyists" myth?

Yes, hobbyists CAN contribute and some do. However most open source contributions are made by professionals in the course of their work, and even most of the volunteer contributors are professionals either helping something they want to support or publishing code to help them find work (the two are not mutually exclusive, of course).

Outside some Linux desktop stuff (mostly KDE) I find it hard to think of any open source stuff I use (and almost everything I use is open source) that is primarily developed by hobbyists.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021