* Posts by JBowler

161 publicly visible posts • joined 27 Sep 2009

Page:

UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies

JBowler

Re: Calling OfCom and Openreach...

Mine never worked. The DSL was, like, 38.4, the telephone crackled and at all critical times the oxygen-enriched copper supplying the feed fell from the poles. At least with wireless (point-to-point to an antenna on a cell tower a couple of miles away) I know I can blame my ISP, who is always very polite even if she doesn't fix it.

Microsoft slips out Windows Server 2022 with extended support for 10 years

JBowler

Re: Subscription

>Subscriptions are largely unregulated, so companies who haven't hopped on a bandwagon are missing out. I remember at one client, about 40% of their revenue was coming from subscriptions that people signed up for and forgot about. Record one I saw was 3 years old since customer last time used the product.

>We need a legislation where a company could take up to 24 payments before you perpetually own the license to use the product.

Or, we need employees who actually check the accounts and remind our misbegotten [supp|poster]iors that they are still paying for stuff they req'ed four years ago and haven't used since. Maybe?

Pi calculated to '62.8 trillion digits' with a pair of 32-core AMD Epyc chips, 1TB RAM, 510TB disk space

JBowler

Re: How does anyone prove this number is correct?

Nope, no trickery and no method to verify it computationally so far as I know. This is math, so the normal rules of science do not apply (in science you can only prove that something is wrong). The method of producing the string of digits is, I assume, proved in the mathematical sense.

The engineers that produced the string of digits asserted that they used the correct method - or is there some verification of that? Was the computer program used provably correct?

Ok, so I assume this is an American(French) Trillion (10^12, not 10^6^3 [10^18 - million^3]). So I guess the test is to check against the results of another, completely different (no shared origin) computer program that also generated at least 62800000000000 digits and see what these [index] digits are, I'll give you the first for free:

00000000000001 3

62800000000000

62799999999999

62799999999998

62799999999997

62799999999996

62799999999995

62799999999994

62799999999993

62799999999992

62799999999991

62799999999990

62799999999989

62799999999988

62799999999987

62799999999986

62799999999985

62799999999984

62799999999983

62799999999982

62799999999981

62799999999980

62799999999979

62799999999978

62799999999977

62799999999976

62799999999975

62799999999974

62799999999973

62799999999972

62799999999971

62799999999970

So when a few engineers have filled in values for those number (guaranteed they will all be the same) some mathematician can actually work out how to check them.

Google hits undo on Chrome browser alert change that broke websites, web apps

JBowler

Disabling JavaScript should work too

It should work because unlike the main window the IFRAME does not cause any notice of "JavaScript disabled" and there is no way for most people to work out how to re-enable JavaScript for the IFRAME domain because it is impossible to discover the domain without UTSL (and maybe not even then).

I have JavaScript disabled in the sync'ed Chrome settings; so the disability applies to all machines running chrome which sync user settings. E.g. I set it up on Chrome on Windows 10 and it auto-applies to Chrome on Linux. Then users enable JavaScript for web sites where something doesn't work but they can't enable it for ad sites and other IFRAME nonsense because they simply don't know it is there. So far as I know enabling it for the advertised domain does not enable if for random frames from spy/ad/phish/secret domains embedded within the content. (Someone tell me if it does :-)

I also seem to have 92.0.4515.107 Chrome installed with no problems but a user machine that was rebooted yesterday is now at 4515.131 Chrome support does at least say how to de-upgrade and prevent automatic upgrades - considerably better than iOS.

I also installed pi-hole recently. Absolutely not one single complaint! In fact I think everything is going faster, but then I live in the land of no internet (the rural US).

Tesla battery fire finally flamed out after four-day conflagration

JBowler

Re: My maths is bad but

The math is wrong:

>Tesla's shipping-container-sized batteries that can store 3 MWh of power. The project using the Megapack - 210 of them, to be precise, is called "The Big Battery" and will have capacity of 300 MegaWatt hoursonce [sic] repaired.

There's nothing wrong with the fragment, "store 3MWh of power." It's just plain English.

Following Torvalds' nudge, Paragon's NTFS driver for Linux is on track for kernel

JBowler

Re: Which NTFS features will be usable?

>Is anyone aware of which NTFS features will be accessible from Linux - or will

>translate into something Linux understands? For example links

NTFS links == UNIX hard links. NTFS can hard link directories (producing a DAG; I don't know if there is any checking for complete cycles in the default implementation). UNIX file systems can do the same, but UNIX traditionally crashes when this happens (based on experience with a malformed UNIX FS).

>and reparse points,

Called "symbolic links" in BSD style Unices. Windows Explorer "shortcuts" won't work; they are a feature of the Windows "ls" command which specially interprets files with the suffix ".lnk".

>file date/time granularity,

Broadly compatible at this point I believe; the LCD might still differ (I don't know) but it doesn't matter in practice at present because they both have sub-ms accuracy.

>SID translation,

Nope, Linux canne do that captain. Remember that if you are using a particular file system as a native file system in Linux you are inherently constrained to using the OS'es identity mechanism. How well does Andrew work?:

fs/afs: 21402 lines of .c

>NTFS ACLs reversiblly mapping to Linux/Posix ACLs (so I could fix the damned things occasionally),

The thing about NTFS is that it is a superset of the (then) available file systems; it's just like reiser4, you can effectively do anything. So you can put Linux ACLs into it and you can get Windows ones out of it, but the question you are asking is how to map Windows ACLs into Linux ACLs. That's not a question for the file system; that's a question for *you* (assuming you are not a file system.)

> file name character restrictions (like colon ":"), alternate data streams (mentioned earlier), ...

It's a Multics style file system, not a UNIX style one. That is true. A file can contain multiple date streams; not alternate ones, multiple ones. Like a file in MacOS (which has two - more than one - multiple), unlike a file in UNIX which both rigorously and religiously insists that a file is just a single bag of bytes (albeit ordered; they never mention that!)

So? Linux can never be MacOS - it only has ONE stream in each file - and it can't be Multics and it can't be Windows. But colons? Seriously? It's convenient to have a *stream* delimiter that is distinct from a *path name* delimiter but that is an OS consideration. The syntax of a path name, including one with files that have multiple streams, is determined by the OS, not the file system. This is why the ADFS file system works in Linux - it does *not* use the RISC OS directory separator! Likewise try using "\" as a directory separator in Linux when you have a FAT file system mounted.

If Linus wanted to permit file**/**stream he could.

JBowler

It's still the Linux boys' club

"Too big to review."

fs/ext4: 55114 lines of .c

fs/reiserfs: 28771 lines of .c

fs/btrfs: 129905 lines of .c

fs/adfs: 2374 lines of .c

fs/fat: 7625 lines of .c

So 27k for something that reiser4 was trying to emulate and has more that 20 years of consistent development history behind it and that, *just works*.

BOFH: You say goodbye and I say halon

JBowler

CO2 is much better; everyone panics

Yeah, Nitrogen, Cool. Inhales, dies; not because it is poisonous, but because it isn't.

CO2: eh, I can't breathe, I CANNE BREATHE!!! Relax, your blood acid is slightly higher than normal because of elevated CO2 levels. If you just ignore it it will go away; remember humans don't actually need to breath in for a long time, more than five minutes. It's just the rising blood acid levels that make them panic. Oh, you're panicking, please don't do that.

Flood the room with CO2, watch who reaches the panic button last. No one dies.

Halon. Ha ha; marketing. Magic chemicals that interrupt the *combustion*thought process extremely marketingly.

Akamai Edge DNS goes down, takes a chunk of the internet with it

JBowler

Not a cyber attack?

Acme:

>We [* * *] can confirm this was not a result of a cyber attack on the Akamai platform.

How would they know, unless they know exactly what caused it and aren't fessing up?

This response would be produced in either case; either they don't know or they do know. Such "confirmations" are meaningless and any reasonable engineer and even a few lawyers know that they can't prove a negative.

JBowler

Re: Downdetector?

> How come Downdetector is never down?

IRC downdetector was down, but I tried quite a few of the outage detectors, not just the one targeted at fluff, so I can't RC for sure. For sure some of them were.

Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking

JBowler

Lost the El Reg black marker?

>We've chosen not to post it due to privacy concerns related to the phone numbers, email addresses, and IP addresses described within

Or, even simpler than the black marker, I suggest these edits, to the three items in question:

1) 123456789

2) 1234@56789

3) 123.45.67.89

So twitter has blocked simple numbers, just like reddit has blocked pi and e. Sad.

The coming of Wi-Fi 6 does not mean it's time to ditch your cabled LAN. Here's why

JBowler

Maybe, yet...

>But it is just not possible to imagine a world where Wi-Fi will, as a mainstream technology, reach a state where it's as fast and bullet-proof as cabled networks.

I agree completely. Yet the argument is predicated on an assumption of "mainstream technology" and an assertion (preceding the quote) that effectively states wires can be grouped without limit in the spatial domain while grouping signals within the frequency domain is inherently limited.

I suspect, however, that as things get smaller the spatial and frequency domains converge.

WiFi signals are separated in the frequency domain; I accept that your observations about wifi-next-window interference and the ITT-walkie-talkie show that spatial separation is ineffective. Cable/fibre/wet-string-between-two-cans are separated in the spatial domain. I actually don't accept that FTP is worth the tinfoil; the problem addressed by CAT6 was that wrapping UTP pairs over many meters resulted in a small amount of cross-talk that prevented higher frequencies, yet a neutron bomb will disrupt wifi just as much as CAT8, regardless of the tinfoil hat. The limitation of the wired spatial separation is, I accept, slightly more distance than the frequency limitation on spatially broadcast transmission.

What I am suggesting, instead, is that assuming that two such radically different technologies; one separated in time (frequency), the other in space (distance) will not converge is clearly flawed, yet even assuming that such convergence will not happen next year is a mistake.

So, yeah. I admit, I agree with you completely but I still hope I will be wrong.

Microsoft defends intrusive dialog in Visual Studio Code that asks if you really trust the code you've been working on

JBowler

Re: It seems like a good idea

Well, indeed, but that mindset is a product of simple arrogance. Keep on asking whether that code that they downloaded from the internet does what they think it does and, maybe, they will start to think. If they don't, at least you tried. That's the way I approach all these problems; I ask if you are really serious and it you are then that is your judgement. When I let go of my end of the ladder and you fall off the building; you said you could hold it. I've had too many people telling me they know what they are doing not to trust them, many of them were right.

Pull your Western Digital My Book Live NAS off the internet now if you value your files

JBowler

Now they are offering a 40% discount of their latest mediocre product...

According to the email I received:

>Registered customers can trade in any capacity of a Qualifying Product for one of the following products at 40% off the suggested retail price:

>

>My Cloud Home 2TB (requires internet access)

>My Cloud Home 4TB (requires internet access)

>My Cloud Home 6TB (requires internet access)

>My Cloud EX2 Ultra 2-bay NAS 4TB

>My Cloud EX2 Ultra 2-bay NAS 8TB

So the latter drops to $240 for 2x4TB drives and a dual core Maxwell ARMADA + 1GByte of memory that WD were probably paid to take away. Plus, of course, some software written by people with a now well publicised reputation.

Hum. I think my version of the relevant product travelled via the mighty skip to White City (in Oregon, not The White City) where it now resides under the loving treads of a CAT D9 (you know, one of the ones with the really big wheel next the cab). Anyway, I have a couple of Synology products and I can get a Seagate IronWolf with 8TB capacity for the same price from ex-Bezos, so not me. Might be worth it for someone who hasn't upgraded in, what is it, 10 years?

‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app

JBowler

Re: This security feature is annoying, disable it

It happens in FOSS too:

https://github.com/espeak-ng/espeak-ng/pull/955

Whatever.

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model

JBowler

Hum, so now crackers can go full multi-process

Yeah! Rather than crudely drop their code into one single process now they can multi-task the cracker job across many processes communicating via the newly discovered communication channel. Of course they only need to do this if they can't touch anything else in the system, like the file system, or the disk, or create named IP sockets or send messages to the innernet, or the clipboard or the, what's it called, dbus thingy, or udev or the screen outside their own window, if, indeed, they have one.

Or they could just say, "Whatever" and simply create a single multi-threaded process. Oops, time for a CVE. Crackers can create multiple threads!!!! AAARGH, we'll all dead.

The Microsoft Authenticator extension in the Chrome store wasn't actually made by Microsoft. Oops, Google

JBowler

And firefox also supports Chrome extensions...

Including the one in question:

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Chrome_incompatibilities

No mention there that they check extensions for misusing Microsoft's trademark.

Now let's all join hands and find a web browser that is NOT based on webkit. At least if we fail we can circle round in our flowy skirts singing about world pieces.

JBowler

And firefox also supports Chrome extensions

Including the one in question:

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Chrome_incompatibilities

No mention there that they check extensions for misusing Microsoft's trademark.

Now let's all join hands and find a web browser that is NOT based on webkit. At least if we fail we can circle round in our flowy skirts singing about world pieces.

Another platform on which Java will not run – platform 1 of Newcastle's Central Station

JBowler

Re: So the second train in the list...

Nah. Just south.

[Note: South Shields is *north* of Newcastle Central.]

'Chinese wall'? Who uses 'Chinese wall'? Well, IBM did, and it actually means 'firewall'

JBowler

Re: "No, it's much older than that."

I think you get one of the El Reg BS awards for that.

Offa's dyke was not a wall and it was build around 700*AD* (like, when Offa was around). The chinese fortification was started 700*BC*, got joined together over time and, does actually consist of stone work; like a wall, as opposed to a fence, or a dyke or, indeed, a ha-ha.

IRC from the time when the UK government embraced the term (a time when BoJo was a Murdoch hack in amour of Lady Ratchett) the term was coined because the walls in question were paper thin; as in the sub-dividers sometimes used in Chinese buildings where you can hear every word from the other side but you just don't listen. Honest.

Biden's $2tn infrastructure plan includes massive broadband rollout, equates internet access with water and power as essential utilities

JBowler

Let's hope there's more than just fibre...

>The wording suggests that the federal government will seek to pay companies to lay fiber networks that internet service providers can then offer their services on top of, similar to the municipal networks that have been growing across the US.

A few years ago Charter laid fiber down Highway 199 in Josephine County, Oregon all the way to Cave Junction(https://en.wikipedia.org/wiki/Cave_Junction,_Oregon), and maybe beyond. So there is a fiber feed to the Illinois Valley; an area of about 1000 square miles (https://en.wikipedia.org/wiki/Illinois_River_(Oregon)), with lowland areas (outside the Kalmiopsis Wilderness) of around 1/3 million acres.

The valley population is under 10,000 people, approximately 4,000 home sites (perhaps less).

I live maybe 1 3/4 miles (road distance) from highway 199 and the road serves as the sole access for nine permanently occupied home sites located after the first few hundred yards. So that's 1 house for every 300yds of fiber, buried in an unmaintained, gravel, road - this is not going to happen, pretty much all of us have given up on the flakey, over-priced, telephone service and just use cellphones (mobiles).

So I use a local ISP who has wireless service covering much of the Illinois Valley. That provider keeps promising to upgrade my antenna to one capable of 5G and has a never-ending stream of reasons why it isn't happening. Google's "speed test" just told me I'm getting 1.5Mbps download and 0.4Mbps upload; if I complain it will go up, at one point after extensive complaining it was 3Mbps (what I'm paying for) with peaks at 5Mbps.

The main part of the US is very different to anywhere else in the world; it has a massive surface area and, unlike Siberia, Alaska, Canada, Australia and the Antarctic, the population is scattered throughout that area despite the enormous concentrations in cities. Fiber does not and cannot work. The only way to solve the issue is wireless, be that 5G from ground based stations with fast, maybe fiber, interconnect or some insanely massive and very fragile near-earth based infrastructure.

Some people understand this, but not the majority of the Americans who are in charge of the US.

Open-source contributors say they'll pull out of Qt as LTS release goes commercial-only

JBowler

This is how it's meant to work.

The principle is that the source is free but people pay for maintenance. So LTS version are 100% meant to be paid for; they are maintained! I'm using 5.15.2 at present, there is absolutely no reason why that, or, indeed, any pre-LTS rev shouldn't continue in open source development. It's just numbers - 5.15.2.1 etc ad nauseum.

New twist in H-1B saga as US Senate moves to abolish per-country visa caps

JBowler

Re: This law doesn't primarily address the awarding of H1B visas It's about "immigrant" visas.

That sounds like an informed summary and is consistent with my own experience as an immigrant. Thank you.

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

JBowler

>If that's an average, someone's getting ripped off, because I'm paying 3.13USD/GB, and I know of plans for as low as 0.50USD/GB

I haven't found a way of buying data in the US, maybe there is one but all I can find from the major carriers are arrangements for buying a limited-term right to use up to a certain amount of data. Carriers also offer what they call "unlimited" data but the data rate is throttled after a given amount of data. There's nothing like the EU or UK where you can go into the local news agent or chemist and buy 10GByte of data for 10-15 quid; actually most of the world works that way.

Real examples: I'm paying $15 for 30 days service on one device including *UP TO* 2GByte from T-Mobile. From AT&T I'm paying $111 (approximately) for a month service for three devices and *UP TO* 4GByte of data total; in this case the part of the 4GB that I don't use roles over to the next month then disappears. Last month I used 1.41GB of data across all three devices, so I paid $39 per GByte!!!

When I get rid of AT&T I will get rid of my mobile hot-spot and end up paying T-Mobile $15/month for each device, $30 total for the same max amount of data as AT&T, but without the roll-over. Consequently I will be paying about $10/GB.

With AT&T the last time I exceeded even 2GByte was November 2019. At that point the max was only 2GByte (it changed to 4 that month) and I was charged $15 for 1GByte - I actually used 0.61GByte of it.

IRC last time I was in Taiwan I paid about NT$300 (USD10) for 10GB, that was at the airport but data for residents works out about the same.

JBowler

Re: How

>But that would also disable voice calls & sms

It doesn't for me, but then I'm using an iPhone; I have both AT&T and T-Mobile and they both automatically switch to WiFi for voice and text when the cellular network is flakey (very common in the US).

Microsoft warns against SMS, voice calls for multi-factor authentication: Try something that can't be SIM swapped

JBowler

Password managers aren't 2FA

They just allow me to use BHTG (B Hard To Guess) passwords, well, impossible to guess and impossible to even see given that they aren't even typed in (stupid dots or not).

2FA does work with password managers and it doesn't matter that it is insecure because all it is verifying, given a strong password, is that the user of the password is in possession of the device with the password on it. So it's not enough to compromise the password; the attacker has to also compromise the device. Someone who wants to do this can do so via a simple physical attack, or being the UK police and simply asking, nicely of course.

RIAA DMCAs GitHub into nuking popular YouTube video download tool, says it's used to slurp music

JBowler

I guess if you stop development of the source code it might eliminate the app, in 20 years

But it certainly doesn't remove the app from OS distros until that happens. On an RPi near me:

# apt search youtube-dl

youtube-dl/oldstable 2017.05.18.1-1 all

Hum, a bit old, how about this other RPi:

# apt search youtube-dl

youtube-dl/stable 2019.01.17-1.1 all

But I want the source, mum! So, on a gentoo machine near me:

# emerge --fetchonly youtube-dl

[... whole load of python crypto code I didn't need before ...]

>>> Fetching (3 of 3) net-misc/youtube-dl-2020.09.20::gentoo

The RIAA are still the ship of fools they were in 1980s; a bunch of lawyers who go out looking for stable doors to close, making a whole load of money for lawyers and none for anyone else on the planet. First and only qualification for a lawyer; know a lot of law and nothing about reality.

UK govt urged to bolt tough legal protections onto Arm and protect jobs – or simply veto Nvidia's £31bn acquisition

JBowler

RISC-V is open source

>It’d be nice to not hand the US control of all major processor architectures.

True and the next president of the US will certainly continue the tepid war with China. However the damage has already been done; blocking Chinese (mainland) access to ancillary technology is as effective as blocking the CPU tech itself.

Possibly the US will relax these restrictions if we control the ARM as well; then the mainland will be faced with off-shore designs that increasingly use other US designed components. US behavior has always been incredibly US-centric even before our current president.

The one sure result is that RISC-V, or a fork, will become the dominant technology. Open sourcing the ARM is the only way of avoiding that and that will not happen. The lackluster approach of forcing ARM Ltd to become a public company doesn't mean the tech can't be controlled from these lands; such control merely requires arrogance.

Or maybe someone out there thinks that the original arrangement, back when ARM Ltd was controlled by Olivetti and Apple, might work? There was some notional idea that the ARM licenses had some manner of control or input so that if Olivetti or Apple started to get scared of them neither company could lock their competitors out of the design process. I don't know how that worked but I doubt it would work today even if it worked in 1990.

Of course BoJo could nationalise the operation on the basis that it is a strategic resource that should not be controlled from elsewhere.

US cybersecurity agency issues super-rare emergency directive to patch Windows Server flaw ASAP

JBowler

Please, I know you aspire to be a newspaper but, please, stop scaring us.

>That the agency feels the need to issue one for this flaw is notable given that simply applying Microsoft's August patches would have fixed the problem.

Indeed, I did.

Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update

JBowler

The times have changed.

Many (well, 20) years ago I worked for a well known company on a well know product that is still sold today (by the same company).

There was something of what might, at the time, have been called a "mantra". Do not destroy customers' data. So be it.

At that time if Word had deleted all the .doc files on a computer (this was shortly before XML) then the person who did it would be on performance review. Likewise if PowerPoint had deleted all the .ppt files on a user's computer the person who did it would probably have been demoted to marketing.

If someone had deleted all the .xls files of some other person who had a lot of Excel files in 2001 well, then, what can I say. Whatever.

rm -rf /

Or, "Go forth and delete."

'It's really hard to find maintainers...' Linus Torvalds ponders the future of Linux

JBowler

Re: "COBOL programmers of the 2030s?

>I have some 'C' code, written in 1985

Please:

int main(){return 0;}

Definitely worked in the early '80s. Today, on Windows 10:

jbowler@Jule:~> echo "int main(){return 0;}" >/tmp/crp.c

jbowler@Jule:~> gcc -o crp /tmp/crp.c

jbowler@Jule:~> crp

If 'crp' is not a typo you can use command-not-found to lookup the package that contains it, like this:

cnf crp

jbowler@Jule:~> ./crp

jbowler@Jule:~> echo $?

0

Ok, one typo. But I quoted the whole thing verbatim, no edits, nothing, no macros either.

awk

John Bowler (lifelong maintainer of other peoples crp code.)

Give me your tired, your poor, your huddled masses... but not your H-1B geeks, L-1 staffers nor J-1 students

JBowler

Re: L-1

>but stopping L-1 would surely defeat the purpose?

It stops *foreign* companies transferring to the US because it stops execs and skilled staff from the foreign country bringing a new US branch or a new US acquisition on-line. So it fits the dumb Trump model and, while it might hurt the US economy slightly, it mainly blocks foreign involvement in the economy.

Now is the time for all other countries to retaliate and ban the corresponding intra-company transfers by US execs and skilled staff. That will have a *really* bad effect on the US because the US routinely runs low labor cost operations in foreign countries using highly paid US staff (who get a special US tax break to motivate them).

If other countries do this there will be a temporary stop to US expansionism and, contrariwise, if other countries do not do this the US will invade those countries buying up all the low cost labor and national resources on the cheap, as has happened before as a result of post-crisis manipulation by the US (think two world wars.)

Of course it's moot for a while if the EU and the rest of the world bans US residents on the basis that this land is a coronavirusland.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds

JBowler

What? Still storing the formatting with the code?

It makes absolutely no sense to store the pretty-printed code in a source management system and it makes absolutely no sense to insist that your, or my, favorite way of pretty-printing C is any better than anyone else's. It's like storing spreadsheets in US "letter" paged PDF files.

It made no sense in the '80s either. At that time I was writing code on Aegis with the "pad" which limited lines to 1024 characters, but no one had got round to writing a decent source management system that simply stored the syntactically parsed code, tagged with all the extensive comments we write, with a "check-out" that formatted it according to the particular programmer's pecadillos. Some of the guys in the same company did write an editor which simply formatted the code on the fly. Of course that's the way BASIC worked anyway, at least in the early '80s.

While he's at it, how about getting rid of that 50 character restriction on the first line of a GIT commit message?

:q!

Get in the C: Raspberry Pi 4 can handle a wider range of USB adapters thanks to revised design's silent arrival

JBowler

Re: Forget the 'Osborne Effect':focus on the "Upton Effect".

That's silly; wildly over capable ASICs are routinely used in applications because using a generic ASIC is cheaper (they are mass produced) than designing something that fits the exact requirements and no more. So the CPU is 64 bit capable, so what? It isn't required for the application so it isn't switched on, surely that is obvious.

JBowler

Re: Stll boggles the mind

Seconded. I admit USB isn't a simple specification any longer, but it is there and it can be tested. Indeed, because it isn't simple it must be tested.

Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching

JBowler

LC_COLLATE

https://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html

This is a problem I have encountered several times in the past while doing data processing of large data sets contained in multiple files; it's a common scenario in many activities were data is collected over time then analysed later.

Yes, the algorithms which analyse the data most certainly should not produce **significantly** different results depending on the order the input data is processed, but they always do produce **different** results because of rounding errors in the floating point arithmetic that is used. Forcing a sort order is really just hiding an underlying problem and, given that the things being sorted are textual names of files, it should be apparent (with a little thought) that the order is going to be language specific:

https://docs.python.org/3/howto/unicode.html#unicode-filenames

https://docs.python.org/3/library/os.html#os.listdir

What needs to happen is one of two things:

1) The data files are themselves ordered. Then there should be a separate file listing the order and that file should be read to find the names of the files with the data and (implicitly) the order in which to read them. An alternative is to encode the order in the file name, but that should be documented in both the code and, textually, in separate instructions for people who add to the data. I routinely use ISO dates or data/times to do this (e.g. 20191018, 20191018.1754 etc.)

2) The data files are not ordered. Then the code should be tested with data files in different orders. The way I do this is to randomise the read order so that every run reads in a different order. It's immediately obvious then if there is an instability or bug in the code!

In both cases scientists should always produce error calculations. Sadly very few do. There are two ways of doing this:

1) Regular error analysis. I was taught this the first year in university; the Physics department felt it was a lot more important to teach generally applicable scientific methods than any physics.

2) Interval arithmetic. This is particularly appropriate to deal with the errors introduced by floating point rounding in computer systems:

https://en.wikipedia.org/wiki/Interval_arithmetic

https://pypi.org/project/pyinterval/

https://arxiv.org/abs/1611.09567

For science either can be used but interval arithmetic deals with unstable calculations better; you tend to end up with an interval containing an infinity or a NaN, which makes the problem very obvious.

John Bowler

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

JBowler

ARM slowed down to help Intel marketing department?

On the other hand, I taught myself an 8 letter utterly random password and it keeps still working, no chess, no meaning, nuttin. Humans can remember 8 characters (latin alpha, upper plus lower, digits, no need to add spurious extra non-EBCDIC characters, whatever). Machines canne guess them, sorry capt'n, we donna have the CUDA cores, or the whisky, whatever.

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data

JBowler

Providing a reverse DNS violates your privacy?

Eh, sorry. You use your IP to get some stuff and you don't want anyone to know who you are? Duh.

John Bowler (forward, reverse, shake it all about readily available).

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts

JBowler

Re: own domain and use a unique LHS

>If you use a password manager to create unique passwords, you are already safe from credential stuffing attacks, a unique username will offer you little extra protection.

It's not necessary to have both a username and a password, one is sufficient. I've been continuously annoyed by sites that required you to make up a username often without allowing me to include '@'. It has been even more impossible than making up a safe password (though that is pretty difficult given the arbitrary restrictions web sites impose.)

Indeed usernames are identifiable and allow the crackers to look up your username in their database and find all sorts of useful information that can be used to answer the insecurity questions. Better just to just have a username like:

7H%PJ8vk78c!vVF96J!nMD7GDbVZZvl@F05&p#cRDnOS8Qd0oozhxMqzKajiiD@v

And no password. Of course that only works if the username contains a lot more than 66 random bits otherwise it will get very difficult to ensure the user name is unique given that there are about 2^33 people on the planet. (FWIW the above user name contains around 400 random bits.)

John Bowler

John Bowler

JBowler

I got the pwnage message but CafePress denies it knows my email

It's weird; I got the email from Hunt but I didn't recognize the site. I might have been there, but I have no record in my password manager and a search of my email suggests I've never communicated with them. Nevertheless I went to the web site as soon as I got the email (26 hours ago) and tried to do a password result (i.e. I said I had forgotten my password). The web site denied knowing my email.

I suppose I might have submitted an order without creating an account but it would have to have been a very long time ago, before I started using GMail.

John Bowler

JBowler

Re: Honest Question

Password managers have to work across all devices. Since most of us use more than one device simultaneously that means the data has to be replicated across the devices.

The failure modes are:

1) You forget your password/lose your security key and can't get access to the PW manager anywhere. Solution: they have recovery strategies based on emails (normally).

2) Somehow the PW manager provider gets hacked. Solution: none; all is lost.

(2) is the consequence of strong passwords; necessarily they have to be stored somewhere (if you can remember them they aren't strong), so you are putting all your eggs in one basket. The assumption is that it is a safer basket than Cafe Press, or, for that matter, Capital One, or, for that matter, GitHub and that you really do use a strong password for your password manager (plus extra authentication; I use a YubiKey).

John Bowler

Loose Women woman's IR35 win deals another high-profile blow to UK taxman's grip on rules

JBowler

Re: pro rata

Tax on gross "turnover" (i.e. receipts, not mouldy fruit inside pastry) just works. Individual countries can chose to apply a negative tax if they feel so, whatever; that is up to their duly appointed dictator. This tax is difficult to avoid because, apart from used car salesmen of the Arthur Daly persuasion and lots of builders, the receipts go into the banks and the banks are big, nasty, and very easy to monitor.

Let's forget the myth of income tax; it was invented to rob the poor. We all learnt this in school; flash a fiver (or, in my case, a farthing) and someone bigger than me will tax it off me, forcibly: income tax.

Sales tax, that's selling the apples you scrumped locally to the innocent school persons and then paying half the profit (turnover, receipts) to the gorilla. If gorilla want whole profit scrumping stop idiot.

JBowler

It's called a sales tax

Or, for individuals, an "income tax"; individuals pay tax on their turnover, not their actual income, which is turnover less expenses (e.g. cabbage.)

Linus Torvalds pulls pin, tosses in grenade: x86 won, forget about Arm in server CPUs, says Linux kernel supremo

JBowler

Re: There has been progress

Use gentoo with openrc. If you are doing dev you don't want a GUI, waste of space; the target devices don't have GUIs. The gentoo ARM guys are pretty damn good.

John Bowler <jbowler@acm.org>

JBowler

I agree, I've always developed on ARM, well, since 1993

1993, when I first got my hands on one.

Now it is true I was cross developing then because I was writing for one OS on a different OS (like for ARX on something cobbled together but still on an ARM). That was a disaster area.

These days I just use gentoo. Three or four years back there was a big problem because of several enormous piles of do-do all called \*wekbit\*; way too much memory for an RPi. There again a couple of months ago my attempt to build Mr Torvald's nut terminally crashed my x86 gentoo machine several times; the "kernel" whacked out with a simple sequence of reproducible steps:

1) make oldconfig

2) make --jobs

3) PSOD

I was running it under KDE of course, and it was (and is) booting via OpenRC, so his majesty might feel I was slightly disloyal (Off With His Head!)

VHS won the battle, and I guess x86 has too.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

JBowler

Title too long:

So you grandstand your most extreme proposal and then implement something no one would have accepted otherwise.

This is simple politics via openness; broadcast the most extreme version of what you want to do and wait until unpaid polling organisations like El Reg tell you what you *can* do. I can suggest analogies but they would get me banned.

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean

JBowler

Oops

There were problems installing some updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help:

2018-11 Update for Windows 10 Version 1803 for x64-based Systems (KB4023057) - Error 0x80070643

Dev's telnet tinkering lands him on out-of-hour conference call with CEO, CTO, MD

JBowler

rm -rf complet with following symlinks

For those of you out there who don't speak UNIX, that post is a Troll.

Zip it! 3 more reasons to be glad you didn't jump on Windows 10 1809

JBowler

Probably the only reliable OS on the planet

Congratulations to MS, they have finally got to the position in the OS world that they occupied in the word processing (app) world 20 years ago. Everyone finds every bug instantly.

Success.

Pity there aren't any competitors any longer.

Microsoft gives Windows 10 a name, throws folks a bone

JBowler

Re: use of 'goto'

It's a necessary techinque in a deficient language.

An error exit is an exceptional condition and, given that language designers haven't yet found a way to prevent exceptional conditions being written, exceptions are the way to deal with that. "goto error_exit;" is a sad C epitaph.

Once or twice I've felt I needed to use goto in C, but I've spent all my life rewriting more famous people's brown stuff.

This is only a comment on your own response; basic is fundamentally steampunk and I completely get that. Of course basic can have exceptions as well; it's an interpreter.

John Bowler

Page: