* Posts by JBowler

85 posts • joined 27 Sep 2009


UK govt urged to bolt tough legal protections onto Arm and protect jobs – or simply veto Nvidia's £31bn acquisition


RISC-V is open source

>It’d be nice to not hand the US control of all major processor architectures.

True and the next president of the US will certainly continue the tepid war with China. However the damage has already been done; blocking Chinese (mainland) access to ancillary technology is as effective as blocking the CPU tech itself.

Possibly the US will relax these restrictions if we control the ARM as well; then the mainland will be faced with off-shore designs that increasingly use other US designed components. US behavior has always been incredibly US-centric even before our current president.

The one sure result is that RISC-V, or a fork, will become the dominant technology. Open sourcing the ARM is the only way of avoiding that and that will not happen. The lackluster approach of forcing ARM Ltd to become a public company doesn't mean the tech can't be controlled from these lands; such control merely requires arrogance.

Or maybe someone out there thinks that the original arrangement, back when ARM Ltd was controlled by Olivetti and Apple, might work? There was some notional idea that the ARM licenses had some manner of control or input so that if Olivetti or Apple started to get scared of them neither company could lock their competitors out of the design process. I don't know how that worked but I doubt it would work today even if it worked in 1990.

Of course BoJo could nationalise the operation on the basis that it is a strategic resource that should not be controlled from elsewhere.

US cybersecurity agency issues super-rare emergency directive to patch Windows Server flaw ASAP


Please, I know you aspire to be a newspaper but, please, stop scaring us.

>That the agency feels the need to issue one for this flaw is notable given that simply applying Microsoft's August patches would have fixed the problem.

Indeed, I did.

Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update


The times have changed.

Many (well, 20) years ago I worked for a well known company on a well know product that is still sold today (by the same company).

There was something of what might, at the time, have been called a "mantra". Do not destroy customers' data. So be it.

At that time if Word had deleted all the .doc files on a computer (this was shortly before XML) then the person who did it would be on performance review. Likewise if PowerPoint had deleted all the .ppt files on a user's computer the person who did it would probably have been demoted to marketing.

If someone had deleted all the .xls files of some other person who had a lot of Excel files in 2001 well, then, what can I say. Whatever.

rm -rf /

Or, "Go forth and delete."

'It's really hard to find maintainers...' Linus Torvalds ponders the future of Linux


Re: "COBOL programmers of the 2030s?

>I have some 'C' code, written in 1985


int main(){return 0;}

Definitely worked in the early '80s. Today, on Windows 10:

jbowler@Jule:~> echo "int main(){return 0;}" >/tmp/crp.c

jbowler@Jule:~> gcc -o crp /tmp/crp.c

jbowler@Jule:~> crp

If 'crp' is not a typo you can use command-not-found to lookup the package that contains it, like this:

cnf crp

jbowler@Jule:~> ./crp

jbowler@Jule:~> echo $?


Ok, one typo. But I quoted the whole thing verbatim, no edits, nothing, no macros either.


John Bowler (lifelong maintainer of other peoples crp code.)

Give me your tired, your poor, your huddled masses... but not your H-1B geeks, L-1 staffers nor J-1 students


Re: L-1

>but stopping L-1 would surely defeat the purpose?

It stops *foreign* companies transferring to the US because it stops execs and skilled staff from the foreign country bringing a new US branch or a new US acquisition on-line. So it fits the dumb Trump model and, while it might hurt the US economy slightly, it mainly blocks foreign involvement in the economy.

Now is the time for all other countries to retaliate and ban the corresponding intra-company transfers by US execs and skilled staff. That will have a *really* bad effect on the US because the US routinely runs low labor cost operations in foreign countries using highly paid US staff (who get a special US tax break to motivate them).

If other countries do this there will be a temporary stop to US expansionism and, contrariwise, if other countries do not do this the US will invade those countries buying up all the low cost labor and national resources on the cheap, as has happened before as a result of post-crisis manipulation by the US (think two world wars.)

Of course it's moot for a while if the EU and the rest of the world bans US residents on the basis that this land is a coronavirusland.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds


What? Still storing the formatting with the code?

It makes absolutely no sense to store the pretty-printed code in a source management system and it makes absolutely no sense to insist that your, or my, favorite way of pretty-printing C is any better than anyone else's. It's like storing spreadsheets in US "letter" paged PDF files.

It made no sense in the '80s either. At that time I was writing code on Aegis with the "pad" which limited lines to 1024 characters, but no one had got round to writing a decent source management system that simply stored the syntactically parsed code, tagged with all the extensive comments we write, with a "check-out" that formatted it according to the particular programmer's pecadillos. Some of the guys in the same company did write an editor which simply formatted the code on the fly. Of course that's the way BASIC worked anyway, at least in the early '80s.

While he's at it, how about getting rid of that 50 character restriction on the first line of a GIT commit message?


Get in the C: Raspberry Pi 4 can handle a wider range of USB adapters thanks to revised design's silent arrival


Re: Forget the 'Osborne Effect':focus on the "Upton Effect".

That's silly; wildly over capable ASICs are routinely used in applications because using a generic ASIC is cheaper (they are mass produced) than designing something that fits the exact requirements and no more. So the CPU is 64 bit capable, so what? It isn't required for the application so it isn't switched on, surely that is obvious.


Re: Stll boggles the mind

Seconded. I admit USB isn't a simple specification any longer, but it is there and it can be tested. Indeed, because it isn't simple it must be tested.

Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching




This is a problem I have encountered several times in the past while doing data processing of large data sets contained in multiple files; it's a common scenario in many activities were data is collected over time then analysed later.

Yes, the algorithms which analyse the data most certainly should not produce **significantly** different results depending on the order the input data is processed, but they always do produce **different** results because of rounding errors in the floating point arithmetic that is used. Forcing a sort order is really just hiding an underlying problem and, given that the things being sorted are textual names of files, it should be apparent (with a little thought) that the order is going to be language specific:



What needs to happen is one of two things:

1) The data files are themselves ordered. Then there should be a separate file listing the order and that file should be read to find the names of the files with the data and (implicitly) the order in which to read them. An alternative is to encode the order in the file name, but that should be documented in both the code and, textually, in separate instructions for people who add to the data. I routinely use ISO dates or data/times to do this (e.g. 20191018, 20191018.1754 etc.)

2) The data files are not ordered. Then the code should be tested with data files in different orders. The way I do this is to randomise the read order so that every run reads in a different order. It's immediately obvious then if there is an instability or bug in the code!

In both cases scientists should always produce error calculations. Sadly very few do. There are two ways of doing this:

1) Regular error analysis. I was taught this the first year in university; the Physics department felt it was a lot more important to teach generally applicable scientific methods than any physics.

2) Interval arithmetic. This is particularly appropriate to deal with the errors introduced by floating point rounding in computer systems:




For science either can be used but interval arithmetic deals with unstable calculations better; you tend to end up with an interval containing an infinity or a NaN, which makes the problem very obvious.

John Bowler

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked


ARM slowed down to help Intel marketing department?

On the other hand, I taught myself an 8 letter utterly random password and it keeps still working, no chess, no meaning, nuttin. Humans can remember 8 characters (latin alpha, upper plus lower, digits, no need to add spurious extra non-EBCDIC characters, whatever). Machines canne guess them, sorry capt'n, we donna have the CUDA cores, or the whisky, whatever.

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data


Providing a reverse DNS violates your privacy?

Eh, sorry. You use your IP to get some stuff and you don't want anyone to know who you are? Duh.

John Bowler (forward, reverse, shake it all about readily available).

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts


Re: own domain and use a unique LHS

>If you use a password manager to create unique passwords, you are already safe from credential stuffing attacks, a unique username will offer you little extra protection.

It's not necessary to have both a username and a password, one is sufficient. I've been continuously annoyed by sites that required you to make up a username often without allowing me to include '@'. It has been even more impossible than making up a safe password (though that is pretty difficult given the arbitrary restrictions web sites impose.)

Indeed usernames are identifiable and allow the crackers to look up your username in their database and find all sorts of useful information that can be used to answer the insecurity questions. Better just to just have a username like:


And no password. Of course that only works if the username contains a lot more than 66 random bits otherwise it will get very difficult to ensure the user name is unique given that there are about 2^33 people on the planet. (FWIW the above user name contains around 400 random bits.)

John Bowler

John Bowler


I got the pwnage message but CafePress denies it knows my email

It's weird; I got the email from Hunt but I didn't recognize the site. I might have been there, but I have no record in my password manager and a search of my email suggests I've never communicated with them. Nevertheless I went to the web site as soon as I got the email (26 hours ago) and tried to do a password result (i.e. I said I had forgotten my password). The web site denied knowing my email.

I suppose I might have submitted an order without creating an account but it would have to have been a very long time ago, before I started using GMail.

John Bowler


Re: Honest Question

Password managers have to work across all devices. Since most of us use more than one device simultaneously that means the data has to be replicated across the devices.

The failure modes are:

1) You forget your password/lose your security key and can't get access to the PW manager anywhere. Solution: they have recovery strategies based on emails (normally).

2) Somehow the PW manager provider gets hacked. Solution: none; all is lost.

(2) is the consequence of strong passwords; necessarily they have to be stored somewhere (if you can remember them they aren't strong), so you are putting all your eggs in one basket. The assumption is that it is a safer basket than Cafe Press, or, for that matter, Capital One, or, for that matter, GitHub and that you really do use a strong password for your password manager (plus extra authentication; I use a YubiKey).

John Bowler

Loose Women woman's IR35 win deals another high-profile blow to UK taxman's grip on rules


Re: pro rata

Tax on gross "turnover" (i.e. receipts, not mouldy fruit inside pastry) just works. Individual countries can chose to apply a negative tax if they feel so, whatever; that is up to their duly appointed dictator. This tax is difficult to avoid because, apart from used car salesmen of the Arthur Daly persuasion and lots of builders, the receipts go into the banks and the banks are big, nasty, and very easy to monitor.

Let's forget the myth of income tax; it was invented to rob the poor. We all learnt this in school; flash a fiver (or, in my case, a farthing) and someone bigger than me will tax it off me, forcibly: income tax.

Sales tax, that's selling the apples you scrumped locally to the innocent school persons and then paying half the profit (turnover, receipts) to the gorilla. If gorilla want whole profit scrumping stop idiot.


It's called a sales tax

Or, for individuals, an "income tax"; individuals pay tax on their turnover, not their actual income, which is turnover less expenses (e.g. cabbage.)

Linus Torvalds pulls pin, tosses in grenade: x86 won, forget about Arm in server CPUs, says Linux kernel supremo


Re: There has been progress

Use gentoo with openrc. If you are doing dev you don't want a GUI, waste of space; the target devices don't have GUIs. The gentoo ARM guys are pretty damn good.

John Bowler <jbowler@acm.org>


I agree, I've always developed on ARM, well, since 1993

1993, when I first got my hands on one.

Now it is true I was cross developing then because I was writing for one OS on a different OS (like for ARX on something cobbled together but still on an ARM). That was a disaster area.

These days I just use gentoo. Three or four years back there was a big problem because of several enormous piles of do-do all called \*wekbit\*; way too much memory for an RPi. There again a couple of months ago my attempt to build Mr Torvald's nut terminally crashed my x86 gentoo machine several times; the "kernel" whacked out with a simple sequence of reproducible steps:

1) make oldconfig

2) make --jobs


I was running it under KDE of course, and it was (and is) booting via OpenRC, so his majesty might feel I was slightly disloyal (Off With His Head!)

VHS won the battle, and I guess x86 has too.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently


Title too long:

So you grandstand your most extreme proposal and then implement something no one would have accepted otherwise.

This is simple politics via openness; broadcast the most extreme version of what you want to do and wait until unpaid polling organisations like El Reg tell you what you *can* do. I can suggest analogies but they would get me banned.

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean



There were problems installing some updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help:

2018-11 Update for Windows 10 Version 1803 for x64-based Systems (KB4023057) - Error 0x80070643

Dev's telnet tinkering lands him on out-of-hour conference call with CEO, CTO, MD


rm -rf complet with following symlinks

For those of you out there who don't speak UNIX, that post is a Troll.

Zip it! 3 more reasons to be glad you didn't jump on Windows 10 1809


Probably the only reliable OS on the planet

Congratulations to MS, they have finally got to the position in the OS world that they occupied in the word processing (app) world 20 years ago. Everyone finds every bug instantly.


Pity there aren't any competitors any longer.

This page is left intentionally blank

This suggestion has been deleted by a moderator

Microsoft gives Windows 10 a name, throws folks a bone


Re: use of 'goto'

It's a necessary techinque in a deficient language.

An error exit is an exceptional condition and, given that language designers haven't yet found a way to prevent exceptional conditions being written, exceptions are the way to deal with that. "goto error_exit;" is a sad C epitaph.

Once or twice I've felt I needed to use goto in C, but I've spent all my life rewriting more famous people's brown stuff.

This is only a comment on your own response; basic is fundamentally steampunk and I completely get that. Of course basic can have exceptions as well; it's an interpreter.

John Bowler


And there lies death

True and Office (I think I can still call it that, right, not MS Office?) believed (in so far as a group of individuals can believe) that the break point was 90%. If only 10% of users need (maybe 'want' these days) it (split infinitive, bloody hell, I can split anything) then if you try to provide it you will die.

Office, evidently, is still alive. I think it actually did 99%, but based on the comments on this thread it was apparently 101%.

Free stuff whacks out at 50%, like you suggested.

John Bowler

Microsoft devises new way of making you feel old: Windows NT is 25


Acorn looked at the white paper pre-1993

I worked there then, I was asked to look at the MS white paper on NT; what I said was that it had all the right words but there wasn't enough info to tell whether the code worked the same way. The sub-geniuses (to be polite) at Acorn didn't follow up, so the next thing I heard was when an ex-Acorn employee was working on the 68k port, sometime after I had left the sinking ship. The ARM port could, and should, have happened at the start of the '90s; if the management had actually followed up as opposed to BS'ing it WOULD have happened then because MS really did have the shyte.com It would have happened; back then I cared.

So far as I can tell (I later worked for MS, but not in the OS division) NT seems to have lost and found its way several times since then. It is a damned good micro-kernel but it is beset by the *F*F*F* shell; Windows Explorer (apparently a pseudonym for DOS 3.0) takes it down every time. BUT that is an application. You can do everything you want (and quite a lot that any sane OS vendor doesn't want) if you escape from the Win32 API.

Then there is NTFS. I LOVE NTFS. Sorry, I probably shouldn't say that in public.

John Bowler jbowler acm.org

Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today


Duh, a 256 byte auto array?

Better example, please.

Trump's Supreme Court pick will decide critical tech issues for decades – so what are the views of the contenders?


Interesting analysis, given that it's Brett Kavanaugh

Has corporate american learned to ride Trump, or have the GOP decided not to fight the abortion fight before the mid-terms?

So far as I can see anything that comes out of the current administration is opportunism, so I think the abortion fight allowed corporate america a way in to buy their own seat in the court.

Google weeps as its home state of California passes its own GDPR


Why did McTaggart drop it?

I think that must be the question of the forthcoming election; apparently he dropped it because he doesn't think that he could certainly win the ballot measure. I understand that, but it is that lack of guts that will kill us all in November.

What's all the C Plus Fuss? Bjarne Stroustrup warns of dangerous future plans for his C++


Re: C and C-style C++

Indeed, match the language to the application.

Perhaps he would have achieved more communication and less grandstanding if he had said "Algol 68".

For that matter, still less obscure than the Vasa or, indeed, the Mary Rose, "CPL", for which famously (in the right circles) BCPL was intended as the compiler-compiler and BCPL was, of course, the antecedent of B, then C, then C++.

Aseembler is only necessary for the bootstrap - surely that is the legacy of UNIX? C more appropriately encodes the only very slightly later requirements of assembler.

IMO the missing link is not a language but the ability of system level programmers to encode compute intensive tasks into C APIs which can be called from Python.

Alas, system level programmers always were the dumb ones.

Internet luminaries urge EU to kill off automated copyright filter proposal


Fair use is easy

Fair use requires selection, so if I post a video and it contains a sound track part or all of which is copyright any copyright infringement algorithm is checking the VIDEO, not the sound track. The video is copyright too, but by the original producer.

If the mechanism recognizes the copyright of the *UPLOADER* then the uploader will have a copyright entry and if someone disputes fair use then it is easy to chase that guy down and have a wet T shirt fight in the mud pit most lawyers languish in.

But the *UPLOADEE* doesn't care, because the video is apparently fair use and, anyway, THIS CAN BE MADE TO WORK, it just requires NON DENIAL by internet luminaries. It is a problem that has a solution and, with that solution, every person who uploads a video or a commentary or who, like me, posts a comment like this, can claim their copyright.

[Copyright is not a license, it is just the right to grant a license.]

John Bowler


You just need a fingerprint algorithm

Upvoted: producers upload signatures of their work, upload-receivers generate a test hash which is matched by a central database against the uploaded signatures. If there is a match there may be a problem. An exact match (the upload-receiver can trivially generate the publisher signature) is an immediate block.

Fraudulent signature submitters are easily traced (like, obviously, if you submit a signature you need to have contact information to receive any ROYALTIES) and anyone who tries fraud from that angle is very likely to end up in court.

The guys who rip off other peoples' work might claim to be aggregators. Sorry. Don't like aggregators, sounds like alligators to me. Aggregation is not protected use of copyrighted work.

Other guys with smaller scroti might claim to be commentators, but, honestly, fair re-use of a copyrighted text, sound or image requires selection of the content and that will certainly defeat any current day fuzzy match algorithm.

Three Chord Wonders will, of course, continue to hire expensive graduates to claim that their three chords are copyright, but, once again, the fuzzy match algorithms cannot be fooled because if they were every tune would be a copyright violation of every other tune. Those guys can go fight it out in the mud pits they desire.

John Bowler


The internet luminaries could simply submit an RFC for a signature/validation protocol

Or maybe they couldn't, as they are going somewhat moldy.

A solution needs to allow simple registration of copyright, via posting of the reliable signature of original material (text, sound, image, conforming XML combination of the preceding) to a central database (which may be freely replicated) which is used by upload-receivers to validate content.

Validation (i.e. the upload-receiver end) is not hard. They already do this is so many ways and it is just AdBlock plus (running on this site as I type, 3 ads on this page blocked so far).

The issue is correct recognition of copyright data via a signature; that is an INTERNET problem, not a legal one. If we can't do it we deserve to be put out of business, or have our rather generous pension relocated to the Democratic Republic of the Congo in the case of the moldy ones. The issue is that the signature is not something like dSIG or message hashs, which only recognize identically the original data, it is a fuzzy match like face or fingerprint recognition. The upload-receiver has to transmit sufficient information (the uploaded data is sufficient but over the top) to the database so that the negatives and positives can be relatively reliable. I trust no moldy old fool will tell me this can't be done; bees can't fly and 5GHz 28+ core processors can't exist, I've heard it all before.

Now I put pretty much all the stuff I publish in the public domain, so I don't give an airborne enjoyable experience, but if I ever did start publishing anything that I don't currently publish I would be sending signatures to that database immediately.

SoftBank sells off more than half of Arm China for a bargain $775.2m


Re: they sold a license to the Chinese state

>As I understand it Arm Technology China is the Qualcomm of the Chinese world

I think that hits the nail on the head. Given the problems the US administration has invented with Qualcomm it must be attractive to Chinese investors to have a licensee for ARM which is not directly involved in the US. Particularly as ARM is now controlled from Japan so subject to a more rational eastern approach to deal making; not without the ubiquitous and lugubrious US influence but at least inclined to give it less significance than the Europeans.

Cutting the US and Europe out of the equation makes sense. I can't see that the price is low; it's just a licensee isn't it?

German court snubs ICANN's bid to compel registrar to slurp up data


ICANN is the epitome of malevolent bureaucracy

Over the years I've battled with domain registration hurdles despite, pretty much forever, having had a registration within the system. It's broken; shred the RFCs, they are just being used to extract money and prevent service.

Take a look at the whois information for apple.com; a company who, surely, would want to distinguish administrative and technical queries. This comes from:


This is what you get if you copy'n'paste the email addresses (as plain text, without the HTML). I have javascript blocked by default and it is blocked on this page:

Registrar Abuse Contact Email: email@cscglobal.com

Registrant Email: email@apple.com

Admin Email: email@apple.com

Tech Email: email@apple.com

If you use a whois query directly, however (i.e. not a web browser, open a command line and type "whois apple.com"; I did this on a gentoo machine; OpenSUSE on Windows simply doesn't show the information) you get:

Registrar Abuse Contact Email: domainabuse@cscglobal.com

Registrant Email: domains@apple.com

Admin Email: domains@apple.com

Tech Email: Apple-NOC@apple.com

You can see for yourself what they actually display as; the second list, not the first. The HTML reveals that the emails displayed are pictures, here is one:


Well, ok, you can't see that can you! Clever trick eh? It exploits the ability of PNG images to encode semi-transparent images. The PNG image has two "colors" in it, one is black, the other is transparent. The transparent parts display the word "domains", but only if you view the image over a non-black background.

So why on earth would Apple/ICANN go to such lengths to obfuscate information that is readily available to someone like me who hasn't progressed out of the Bourne Shell?

Because they think they are really clever.

Half of all Windows 10 users thought: BSOD it, let's get the latest build


Opinion stated as fact (or bad English)

"The speed at which the update has been flung at users reflects perhaps misplaced confidence in Redmond in the quality of the 1803 build"

That's a statement. The word "perhaps" is in the wrong place. You are stating that Microsoft has "perhaps misplaced confidence". I don't know whether you deliberately produced this piece of non-English to attempt to mount a post-truth (Trumpian) defense of a fact that you can't actually prove or whether you just can't speak English.

John Bowler

US Senator Ron Wyden to Pentagon: Encrypt your websites


He get's my vote, and I'm a registered republican

Wyden has been consistently pushing tech issues, and pushing them in the right direction. He got my vote in 2016 and, so far, he is going to get it again in 2022.

In the US we rely on the Senate to push the Federal government in the right direction - the senators have six year terms compared to the president's four and they tend to gravitate to fixed and fairly representative positions as a result.

Whatever the "abolish the government" part of the Republican party may say there are real parts of the government that can actually be fixed and, in that respect, it's not different to the UK government. Government website security *and* accessibility are real issues that have to be fixed in both countries. That really is the job of the Senate in the US (not sure who is responsible in the UK, last I knew you were using Round Tuit's).

About to install the Windows 10 April 2018 Update? You might want to wait a little bit longer


Re: Killed my laptop, reinstalled Windows, and now 1803 is in the queue again!

Change the updated settings to the big business ones:

Settings/Windows Update/Choose when updates are installed

select "Semi-annual Channel" from the drop down. I did this to my wife's SP4; she is Chinese and needs a working Chinese IME. She is still on whatever it was prior to 1709 (the release that broke the IME). Works for me, Microsoft aren't paying me to test their software and neither are Big Business paying. Time to change that Microsoft?


Why would anyone install a 3rd party replacement for core OS functionality?

Like, duh. Protecting the core of the system against attack is the responsibility of the OS vendor. After some delay Microsoft now does this (unlike certain fruity people, and Linus).

I had a Surface Pro4, it updated fine (this machine; my serious compute machine, still hasn't volunteered me). The SP died some weeks afterward because, I believe, of a failed fan; it's out for $450 support (replacement). Nothing to do with W10, something to do with MS's mistake of putting moving parts in the "high" end machines.

The probably permanent Cortex(?) "SP" replacement (Microsoft no longer do numbers, watch out Linus; no numbers are even cheaper) upgraded itself today while I was setting it up. I had to kill it during one of the "don't turn me off or I will die" moments, but then that is to be expected with a modern OS; if it can't survive that what good is it?

Bottom line, as we say over here, don't throw gasoline (petrol) over someone else and blame them for catching fire.

US border cops told not to search seized devices just for the hell of it


An important decision for all US citizens

Yep. Prior to this anyone within the regulation distance of a US border, 100 miles, could have their computer ceased and searched:


(Convenient map on that page.) So, I *live* within that orange zone. In principle border control could take the computer I'm writing this on and search it. Given that Windows Hello and, indeed, Android and iPhone biometric verification can be used to open a computer or phone given just a couple of cops holding your head, or hand, sufficiently still that was a pretty great risk.

Of course no one in the UK gives a damn; you guys just get locked up until you reveal the password.

John Bowler

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed


Ah, the challenges of having an ICIS (Insanely Complicated Instruction Set)

Of course, ARM Ltd are going that way too but fortunately for ARM the historical architecture was simple; they're just making it more complex, whereas Intel of course are trying, but failing, to go in the opposite direction.

Maybe there is a lesson, not a political one like "RISC", but a real one, like "start from scratch every 30 years". Intel started disclosing iAPX publicly at the start of the '80s and the first ARM chips were available at the end of the '80s.

Personally I like CircuitPython and I can't see a reason for having a processor that does anything more than implement whatever CPython requires, but that's just me.

John Bowler

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata


A new name is definitely required

How about "Oxford Analytica"; it can probably be purchased quite cheaply but it may be somewhat obvious as they seem to have copied the name in the first place.

Alternatively, "Oxford Analytics", slightly more medical, but closer to the business model ("big data").

How about "Harvard Anal", as so many other commenters on this web site seem to be obsessed with one of the university's alumni.

My consultancy fee in this matter is $1fm, please round down; I charge reasonable prices (unless you ask me to write software).

BT pushes ahead with plans to switch off telephone network


Gee, yiou brits are so backward

This happened years ago in the US. Of course no one told any of us, but then concepts like "transparency" and "an explanation of why you can't send faxes" are so alien to us.

Asking BT, which, remember, Thatcher effectively castrated, to behave as a semi-charity is ridiculous (as in the ob-comments, not the article). That was what Thatcher intended of course, but she is a total whatever.

BT already is routing all calls via VoIP; you cannot tell, I cannot tell, Scottie canne tell, it's just a fact.

"999" calls depend solely on accurately identifying the point of origin. You can do this with GPS, you can do it with cell tower triangulation, you can do it by simply being told where the originating device is located.

You CANNOT do it by believing in Thatcher, or whatever it is you guys believe in; I can't seriously believe you actually believe in the life giving properties of copper buried in the ground.

John Bowler

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender


Would this be a fix for a compiler warning message?

Like the famous GCC (I know they don't use GCC) signed/unsigned comparison warning? The one that causes Open Source software maintainers (who shall remain nameless) to mindlessly change signed integers into unsigned? (Because unsigned overflow is well defined in C and C++ so the compiler doesn't by default warn).

Why a merged Apple OS is one mash-up too far


Hum; so you like Apple?

Body, body, dead body.

Sysadmin left finger on power button for an hour to avert SAP outage



>1996? I doubt that. Probably 1997 or 1998 for you.

You know Steve, the Cynic, then, Anonymous Coward?

>ACPI only got released in December 1996

Duh..... duh..... Like, someone developed it dude.

Quoting from Wikipedia just proves you work in a troll farm for putin.

I don't know Steve, the Cynic, but I do know what I was doing in December 1996 and it certainly wasn't released until some time in 1997.

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign


ARM slowed down to help Intel marketing department?

Is Linus dumping Shyte on ARM because he doesn't know what an ARM processor is?

Don't shame idiots about their idiotically weak passwords


Who says dumb passwords aren't secure

Hum... I was recently watching an old "modern" beeb Sherlock Holmes esipod in which our Sherly was trying to guess the 4 digit password of The Woman. He had three tries. While he was trying, which took most of the esipod (seriously) I kept on shouting "1234". Well, think about it; if you have three tries and you know that the crimorist is really intelligent (or so) would you try a dumb password? After all, there's also "1111" and "9999" and you don't want to try the last one only to be told, over the exploding phone, that it was "0000".

Works for me, I'm out there on the innernet databases of people with really dumb password (sic). Not on a site I care about of course (I think the one in question was Forbes) but the fact that I actually use randomly generated 63 ASCII character strings on those sites which allow it (I use LastPass) doesn't mean that if I am faced with a UI which requires a 4 character pisswod (even if it includes capital letters, as in the beeb esipod in question) I have any chance of security. 4^36 anyone? Oh, only three tries...

But yes; the problem is not the user (me), it's the idiot software engineer savants who should know better. (Honest, me? Write software? What, NO!, you must be thinking of some other John Bowler with the eponymous password.)

John Bowler

Official: Perl the most hated programming language, say devs


The thing I hate most is the thing I program in most

Nothing's perfect and the more you get used to it the more you find to dislike. The only exception I've encountered is awk (NOT gawk, the one-true-awk) probably because it is incredibly simple and either does what you need or doesn't (in which case you have to use something else so don't grow to hate it.)

Putting "assembler" in the poll is just about as useful and informative as putting ASCII in there would have been. I program in ASCII all the time and it sucks.

John Bowler

What's that, Equifax? Most people expect to be notified of a breach within hours?


Corporations are not expected to be honest

Indeed, required NOT to be honest.

Marketing is required to cover up problems that would otherwise cause the share price to tank; that means marketing is REQUIRED to lie. It isn't an optional extra.

Anyway, who are you trying to fool? Obviously Equifax, while it certainly lies, has no responsibility whatsoever to the people who they rate; they are the PRODUCT not the CUSTOMER. The customer is the company that wants to know if the beef is good, the beef is the person with the credit rating.

Stop winging, live with it or change it.



Biting the hand that feeds IT © 1998–2020