Posts by alain williams

I have been waiting for a while ...

so it looks as if I shall be upgrading CentOS 6 machines some time next Summer.

Sanitary pads ...

so how many NHS patients have have had their info used by google in spaffing them with ads for medical kit, etc ?

ThIrd party support by law

at the moment if my washing machine breaks & the manufacturer won't repair then I can call in an independent outfit to replace the broken bits, made by some third party supplier.

If IoT software breaks (or a vulnerability becomes known) then I can only go to the manufacturer. Unfortunately they loose interest very quickly and announce 'end of product lifetime'. Once they do that then the software must become open source. There is a potential business in patching such software.

Unfortunately the general public will be reluctant to pay even £2/year as software support contract for the washing machine - they will want to know why & then bitch if they get hit.

It'll be interesting t see how this goes.

I notice: tcp_wrappers deprecated

probably because it does not play well with systemd.

Regarding desktops: I just hope that when I need to upgrade by CentOS 6 desktop to CentOS 8, that Mate will be available. I hate Gnome-3.

USA & Safe Harbour ?

If he EU approves Safe Harbour why would they object to what the UK does - as the UK is compliant with current EU regs ?

Unless they are afraid that we will adopt USA style rules once Brexit has happened.

Old is good

in many respects when it comes to software because, over time, the bugs will have been found and squashed. Systemd brings in a lot of new code which will, naturally, have lots of bugs that will take time to find & remove. This is why we get problems like this DHCP one.

Much as I like the venerable init: it did need replacing. Systemd is one way to go, more flexible, etc, etc. Something event driven is a good approach.

One of the main problems with systemd is that it has become too big, slurped up lots of functionality which has removed choice, increased fragility. They should have concentrated on adding ways of talking to existing daemons, eg dhcpd, through an API/something. This would have reused old code (good) and allowed other implementations to use the API - this letting people choose what they wanted to run.

But no: Poettering seems to want to build a Cathedral rather than a Bazzar.

He appears to want to make it his way or no way. This is bad, one reason that *nix is good is because different solutions to a problem have been able to be chosen, one removed and another slotted in. This encourages competition and the 'best of breed' comes out on top. Poettering is endangering that process.

Also: he refusal to accept patches to let it work on non-Linux Unix is just plain nasty.

Ship it with bugs

has long been a Microsoft philosophy. It served it well in the early days as it meant that it got a product to market before the competition. The bugs could be fixed in a later release. Competitors who, later, shipped something with fewer bugs didn't get the sales as the Microsoft offering was seen as 'the standard'.

Others have also done this sort of thing. In some ways: better something with holes than nothing at all.

But today Microsoft should not need to do this, it is not scrabbling for market share in the same way. They have the time and resources to do proper QA regression testing - but don't seem to want to.

Is there a Firefox setting for this ?

I tried looking in about:config and searched for TLS, but nothing seems relevant.

A 10 minute timeout seems more than generous, the real value is in saving lots of TLS packet round trips when many connections are made in rendering one page (lots of images, etc). One extra round trip every few minutes will likely not be noticed.

The need for this will be reduced with HTTP2 since one HTTP2 TCP connection can be used to download several files at the same time by in different streams (AKA multiplex).

What else can a move to ARM bring ?

Most of the comments here look at the problems of getting existing programs to work on a new architecture, be that via recompile or emulation or something.

An Apple designed CPU could bring a whole range of new instructions, maybe doing some of the things that are today offloaded to GPUs. This might help with more AI (whatever that means) and other needs where new silicon could give great advantage. Apple will not share its designs and will probably patent what its new silicon does to stop others following suite.

If they published the protocols ...

then someone would probably implement an open source client. But Microsoft will not do this because they do not want the competition. Someone might also implement an open source server - which would be even worse as far as they are concerned. Look at their other stuff - how they make compatibility hard.

Does not take long to buy the hardware ...

at $156/month. This is like the current trend with cars - where you lease (with a very small mileage allowance) and end up with nothing after 3 years - having almost paid the cost of buying it.

Every business these days seems to be trying to tie customers in to a monthly payment. I assume that it is for the benefit of the business not the benefit of the customer - although marketing will try to convince you of that.

I suppose that they don't sell to engineers or devs because they are sufficiently mathematically able to work out that it will be a bum deal.

GCHQ need a big stick

This is one area where I wish the government will give GCHQ some strong powers to compel vendors to do as it says: make these things secure (but without any nice five eyes back-doors). The article contains phrases like ''GCHQ hopes'', which we all know means that vendors will do as little as possible, preferably nothing.

The onus needs to be on UK manufacturers AND those who import foreign (== mainly Chinese) kit into this country.

There also needs to be an onus to support these things for their *use* lifetime, not a lifetime defined as until-the-next-model-is-released. The entire code-base needs to be held in escrow and released Open Source once manufacturer updates cease to come. For some thing I can see a 'use lifetime' of 30 years or more (eg IoT light switches).

This needs the backing of strong laws (that are actively enforced == big fines) otherwise it just will not happen. The cost of not doing this will be millions of tiny breaches.

Yes I understand Microsoft's problem ...

in that their Windows is installed on many different sorts of hardware. This makes it hard to test all the combinations - which means a lot of work. But if they have sold, we are told, some 700 million of them then they must have the resources to properly test.

Contrast this to Linux: which runs on a wider selection of hardware than does MS Windows - you rarely hear of such breakage after an update. Even with manufacturers that only support MS Windows, once a device work it tends to stay working.

So: which is the 'hobbyist' operating system I wonder ?

Should there be a legal maximum size of company ?

For companies in more than one market sector. Such that when it exceeds that size the new sectors must be sold off.

I agree that a mega Amazon might be able to negotiate/sell-at a lower price than anyone else, but where is the benefit to society if you can only buy xxx from one source ? OK: this is more complicated than I suggest, but stopping companies from getting too big must be good.

I would much rather live in a pond with many minnows than one inhabited by a few sharks.

Barton Gellman defended auto-updates, arguing they do more good than harm

you try telling that to someone who's laptop no longer works. So: will it be HP or Microsoft that pays for the repair & a bit to compensate for the inconvenience ? What do you mean 'neither' ?

It looks very nice

Phone calls, texts, address book, tethering - that is all that I really need.

It would be nice if they provided the source code so that it could be verified, but they won't -- shame.

Nystagmus is hard to fix 340 miles up

Let's hope that they fix it.

Gyros seem to be a perennial problem, I suppose that since they have to move (spin) all the time they suffer wear & bearings break.

One thing that I just learned is that the gyros are used to detect Hubble's orientation, and that reaction wheels are used to move/rotate it.

Who gains by this ?

If we assume that Bloomberg has got it wrong and also assume that Bloomberg would not want to dent its reputation by asserting bollocks then a lot of effort must have gone into pulling the wool over Bloomberg's eyes. Knitting that wool is probably beyond the abilities of pranksters and would need to be state actors.

What would a country gain by hurting Bloomberg ? Maybe one that wants to make it harder for us to distinguish between fact and fiction, one that generates fake news that it does not like reputable journalism from showing that the news is fake. If we do not know what is true or false then we become confused and less able to make good decisions.

Another possibility is that the five eyes were in on this and do not want it exposed. This I doubt.

This is affecting the enthusiasts ...

those who have downloaded it voluntarily. These are, presumably, those who know a few things about computers and who will have maintained some form of backup.

Will this still happen to the hapless home users who will have the update happen without them asking for it ? These are the ones who have probably forgotten to do a recent backup, or who never realised that it was a good idea to do so.

One wonders if this is part of the MS push for users to keep a copy of their files in the MS cloud - with all that that implies?

Durh! Why should I bovver ?

Will be the typical reaction of most Internet users. If it takes more than 10 seconds to implement a change then they won't bother.

Yes: some of them might have heard stories about abuse of data by the facebook & friends, but they have not seen the sky fall & don't understand why these apps that let them chat to friends, the purveyors of pictures of kittens are in anyway malign. Then they forgot about the stories.

Much as I applaud Solid they are unlikely to get more than 1% of users (most of whom will be the sort of techno nerd that visits el-Reg) - so the data abuse will continue. Solid is going to need to come up with exciting must-have features to attract users ... features that the big boys will copy in a trice. Most people do not consider security & privacy. They are not must-have features that Sharon from Essex thinks about.

It runs Linux

Almost a year ago Red Hat announced Arm server support for their Linux. So, all the hard work is long done. I notice that CentOS (aka Red Hat) was working on this in February, so they have probably knocked the bugs out by now and this is ready for real customers.

Reason why ...

because it is obviously better to give the money to banks - can't have their funds drying up and not being able to pay the usual mega-bonus.

This is because bankers are obviously much more valuable to the country than physicists because ..., err, umm, gosh - I am certain that there are lots of reasons ... I seem to have temporarily forgotten any of them!

Then check the new terms ...

in all known human languages, just in case they are offensive in Mongolian, or something.

They will then need to wind up the DeLorean to 88 miles per hour to check that the term does not become offensive in years to come.

A better way of effecting change

Rather than suing BA for about 1/3 of last year's profit, something that will be regarded as a business cost and forgotten in a few years -- the individuals responsible for failing to ensure secure systems (eg BA board & top level Web managers) should be fined; something like 80% of their assets (ie house) and their pension pot. This will be noticed by directors, etc, in other companies who will then ensure that the same thing cannot happen to them.

I assume that customers who suffered losses will have those repaid by BA; something for the inconvenience would also be good.

Oh dear, a fan

pity because it is something that moves & so may fail, especially in a dusty environment, where otherwise it might be expected to just work for years.

If CNIL wins would it mean ...

that Barbra could force Wikipedia to remove this page: https://en.wikipedia.org/wiki/Streisand_effect ?

Is porn that damaging ?

Yes: some of it is 'meat market, wham bang thank you marm' stuff that disrespects both sexes**; it does little to help kids build good relationships as adults. However I would rather that they looked at porn than some of the blood & guts stuff where people are killed with little thought. What does that do to build a respect for others' lives ? Then don't get me started on the religious stuff that encourages people to believe in whatever nonsense that they see just because it sounds good - without any checking for reality.

Is this really the right target ?

** BTW: I gather that female porn stars are paid more than the men that the f**k, should there not be a move to pay them both the same ?

How long before the Gov't backdoor ...

is for sale on the dark web ? Probably at a hefty price, but available ?

Russia's GRU, and other state spooks, will probably have it before then.

Lots of lovely fines sent out all round ...

by HMRC to companies who have not been able to make their accounting systems compliant by March 2019 to the rules that will have been modified (again) in February 2019.

There are many who run accounting systems that have been developed in-house to deliver what the organisation needs.

This is on top of MTD (Making Tax Difficult) that everyone, including your house-to-house window cleaner) is supposed to do from next year.

Muppets.

ISP or DOH end points; who do you trust least ?

If you wanted to see globally who was visiting where it would be easier to compromise the 8 DOH end points than to get into the thousands of ISPs all around the world. NSA, GCHQ, ... must be rubbing their hands in anticipation.

However if you live under a repressive regime having the NSA/... spying on you might be preferable to your own government. But expect $REPRESSIVE_REGIME to force their Mozilla users to use their own DOH end points.

Who do you trust least ?

Extended validation certificates

What is the point of them ?

OK: I know that they are supposed to give the visitor extra confidence that they are going to somewhere trustworthy & all that, but how many even have a clue what the green padlock means ?

That is the problem: most neither know nor care. So why pay for something that few notice ?