* Posts by Tom7

239 posts • joined 3 Aug 2010


Open source databases: What are they and why do they matter?


Free is, well, free

It seems odd to talk about how FOSS databases are dominant in startup culture without mentioning that an Oracle database license costs five figures per CPU. If you're using Postgres or similar and you become capacity constrained and want to expand, you shell out an extra $10 per month to AWS or whoever and spend a few hours configuring it all. If you run Oracle and want to do the same, you call your local salesman and tell him you're bent over, ready and waiting. In a time when software scalability is everything, what sort of startup wants to expose themselves to the risk that they'll be successful and need to buy more Oracle licenses at whatever the hell the going rate is then? It's not like you'll have a choice; shell out or your service will fall over.

The crime against humanity that is the modern OS desktop, and how to kill it


Re: It does suck

I agree that Windows 7 was the peak of Windows usability. 10 was sort of okay and sort of not. I haven't used Windows regularly since 7.

IMO the current Ubuntu / GNOME desktop gets it right. I'm keyboard-centric so the 'super key + start typing' thing works really well for me; it's the Windows 7 scheme without the folder-structure to fall back on.

The only drawback I could understand is that it doesn't work very well for touch. The Android-like page after page of unsorted app icons is not exactly usability plus.

I think the author has missed one of the key reasons that OS makers keep on messing with desktops - they're still searching around for a desktop metaphor that feels equally natural when you're sat at a screen, keyboard and mouse as it does on a tablet or phone. Moan as much as you like that tablet UIs have no place on the desktop, but personally I have a laptop that folds around into a tablet and turns into a touch screen. Which UI metaphor should it use?

This tiny Intel Xeon-toting PC board can take your Raspberry Pi any day


It has 16 digital IOs. The specs make no mention of any peripheral controllers on them. It's hard to see that as more useful than the Pi's 27 GPIOs, most of which can be configured to some alternative function (I2C, SPI, UARTs, PWM).

Or, for that matter, an ESP32's extremely impressive list of peripherals and very good RTOS.


No mention of any GPIO, ADC, touch or PWM peripherals accessible on the board. Also no mention of WiFi. It's hard to see this as an RPi competitor. It's just a SFF PC. Impressively SFF, maybe, but it doesn't offer any of the things that make the RPi distinctive.

Modeling software spins up plans for floating wind turbines


Re: Oil rig technology?

Yes, for a given value of "solved". An offshore oil rig is pumping thousands of barrels of oil per day, some of them hundreds of thousands. A barrel of oil is equivalent to around 1.7MWh of energy, so an offshore platform is producing anything up to around half a million MWh per day. A 10MW turbine, operating at a 30% capacity factor, produces about 75MWh per day. Not all oil platforms are that big, but neither are all wind turbines. A turbine support structure has to cost about 15% of what an oil platform's support structure does to make the economics comparable. That's before you consider that a turbine also needs a cable capable of carrying XMW back to shore installed, while your average oil platform stores it all internally until a ship comes along and takes it away.

In the medium term, I think wind turbines will have chemical plants built into them that produce synthetic fuels. There is a pilot (onshore) plant in Iceland producing 1.4 million litres of methanol per year from geothermal energy; there's no particular reason that the same could not be built into a turbine tower. Then, again, the stuff could be stored until a ship comes and collects it. Similar chemistry is available to produce ethylene and ammonia, major energy-intensive feedstocks for industrial processes.


Re: Oil rig technology?

It's a crap idea. The life of a wind turbine is already largely limited by the life of the blades under constant flexing from wind loads. So someone's invented a turbine that requires much more flexing of the blades to control it. Slow clap.

The challenge with deep-offshore wind is not the bit above the water but the bit below it. People have been prototyping floating conventional windmills for well over a decade. If this new turbine was a good idea, it would be a good idea on land as well as offshore. it isn't.

The thing about deep offshore is that you can't just let it bob around aimlessly. You still need a grid connection to each turbine that's capable of carrying several MW (or whatever the rated output of the turbine is - some are up to 10MW these days). So you've still got to lay a cable on the ocean floor and that upsets environmental types because no doubt there is some fragile sea grass somewhere on the path between the turbine and the shore. You then also need a way to anchor the turbine to that location, in a way where it's not going to break loose, snap its grid connection cable, smash up any other turbines in its path and become a hazard to navigation in rough weather. This all makes it terribly expensive to install. There are enough shallow-water locations where turbines can be installed but haven't to make deep-water offshore wind a solution to problem we don't have yet.

Why the end of Optane is bad news for all IT


Re: Insane

In a way, I think Optane was a good idea poorly timed.

Ten years ago we all had spinning disks in our laptops and how transformative it was to replace the spinning disk with an SSD five years or so ago. Workloads had been disk-bound for decades while everything else on the system got orders of magnitude faster; suddenly, storage caught up several orders of magnitude. For most people, most of the time, their systems are now fast enough for their needs. Most people now look at their laptop and see how much slicker it is than five or seven years ago; the idea that storage could improve by another order of magnitude just doesn't hold that much attraction. If we'd had another ten years to get used to SSDs, we might be feeling the limits a bit more and faster storage would be more attractive.

To interact a bit with the author's ideas, they write this as though we could have jumped straight back to a 1960s paradigm because Octane appeared. Never mind that back then software amounted to hundreds of bytes and running a programme was expected to take hours or days; the idea of having more than one programme running at once simply didn't make sense to people then. Attacking the filesystem as an abstraction for managing storage is all very well, but unless your software is going to go back to being a single process of a few hundred bytes, you have to have *some* sort of abstraction for managing it. No-one really seems to have done any work towards figuring out what that abstraction could be. Saying you just install an application into primary memory and run it from there, where it maintains its state forever is all very well; how does that work if you want to run two copies of the same piece of software? If your answer is to separate data from code and have multiple copies of the data, how do you tell your computer to run a new one or pick up an old one? There is a new category of thing that is persistent process memory; how do you identify and refer to that thing? How does that model even work for something like a compiler, where you feed it a file and it produces another file in output? Is persistent state even useful there? If not, how does the abstraction work?

UK Info Commissioner slams use of WhatsApp by health officials during pandemic


Re: we all know one big reason

This is just paranoid conspiracy-theorising.

Go have a good look at the data protection practices of your average NHS trust. Use of WhatsApp for staff communication - including discussion of patient information - is absolutely rampant. It's a data protection and management nightmare but no-one seems to be doing anything to rein it in. This has come from the bottom up, not the top down.

I'm personally aware of two cases where a whole ward were required to join a WhatsApp group and a member of staff used the resulting access to personal phone numbers to stalk other members of staff. Nothing can be proved because he deleted all the conversations from WhatsApp soon after they happened and no-one thought to screenshot them.

US Supreme Court puts Texas social media law on hold


I'm not really sure this is good news for the platforms

They argue companies have a First Amendment right to exercise editorial discretion for the content distributed on their platforms.

These platforms have spent at least the last decade arguing that they don't exercise any editorial discretion over their content, in order to benefit from the section 230 safe-harbour provisions. If they're now arguing they exercise editorial discretion and need to do so, haven't they just opened themselves up to liability for anything that's posted on their platform? In particular, they become the publisher of any libellous speach...

Appeals court unleashes Texas's anti-Big-Tech content-no-moderation law


Not an easy area of law

It's curious that most of the arguments against this law, at least as presented in this article, are not constitutional arguments, they're arguments on the lines of, "But if you do that, the internet will become a really bad place." It very much gives the impression that the legal argument really is, "We don't like the effects of this law, let's try to find a constitutional argument to sink it."

The difficulty for the platforms is that they want it both ways. There have been various attempts to classify the social media platforms as common carriers. They don't want that, because they want to be able to exercise some sort of control over the content they carry. But the alternative is to exercise control over the content they carry - and that then makes them responsible for the content they carry, removing the "safe harbour" protections.

It's hard to see the current situation surviving - the platforms are saying they don't exercise editorial control over content and have the safe harbour protections from liability, until the content is some type that they REALLY want to have control over.

The law needs to change here. Platforms need to be able to exercise some control over content without losing the safe harbour protections. I'm not thinking about control over political content here. But StackOverflow should be able to restrict the content people post to content about software development - exercising editorial control - without becoming liable for everything that every user posts on the site. Currently, it's not obvious that they can do this - either they exercise no editorial control and have safe harbour protections, or they exercise editorial control and are liable for content. The court have worked around this by basically ignoring the issue, but it can't last.


Re: Only a sith deals in absolutes

I blame the people who objected to paying taxes to fund the troops protecting them in the first place.


Re: Both are un-Constitutional

That's the same as saying that a state can't ban or regulate the sale of any goods, so long as the customer is from another state - plainly ridiculous. Congress has complete power to regulate interstate commerce - but that doesn't stop the states regulating it, so long as that regulation doesn't conflict with federal regulation.

Intel energizes decades-old real-time Linux kernel project


There are two Tom7s? Wow. I've been using it since 2010, though it seems you did get there first.


Yes indeed, although how many people will manage to use it correctly is debatable - most RasPi GPIO seems to be done in Python, which rather defeats the purpose.


Not really. There's a reason that desktop operating systems don't generally use hard real-time schedulers; they don't usually produce the best user experience. TBH it's been a long time since linux desktop performance has had problems other than memory exhaustion for me - and this won't help with that.

Ubuntu applies security fixes for all versions back to 14.04


Re: Your scheduled bit pedantry whenever shell commands are mentioned

The usual reason for multiple sudos rather than sudo -s is that it leaves visible traces of what you've done in the system log files, where sudo -s just records that someone has become root but doesn't show what they've done.


Soooooo.... are the fixes important?

OpenShell has been working on a classic replacement for Windows 11's Start menu


With WSLg now able to run Wayland sessions, how difficult would it be to replace the shell with GNOME? I'd seriously consider it. I've been running Ubuntu for my day to day work for so long now that going back to Windows is a pain, finding and relearning how to do everything. At the same time, there are a few apps (though maybe not many these days) that don't cope well running on Wine or similar. A Linux/GNOME session that can run Windows apps natively would be really attractive.

IPv6 is built to be better, but that's not the route to success


Re: Won't happen in my lifetime

You should want that. The reason Facebook, Twitter, TikTok and so on have massive amounts of power today is because IPv6 hasn't been adopted, devices don't have a public IP address and peer-to-peer networking is impossible.

Hand me a global internet where every device has a public IP address and tomorrow I'll give you a social network where you actually connect with your friends instead of connecting to Facebook. Until then, any attempt to build it will drown in user complaints that it doesn't work. Or doesn't work on some of their devices. Or doesn't work when they're at work or at their friends' house. Or doesn't work when they roam onto the wrong mobile network. Actually, none of those things; the complaint will be that it just doesn't work because the average consumer has no idea how to figure out that it's related to any of those things and shouldn't have to care.

Web3: The next generation of the web is here… apparently


Re: Ummm, Do you work in IT?

If you have one friend, it's possible but unlikely. We're talking about both of you changing your IP address at exactly the same time.

By the time you have five friends, it is vanishingly unlikely.

Recovery involves either being physically close enough to a friend for NFC to work or being on the same subnet as them.


In what ways exactly? Not having Facebook scrape all your data for advertising? Not having advertisers insert themselves into your communications with friends? Not having nutjobs promoting content to you? Being able to communicate without people without a corporation trying to make money off it? Only sharing content with friends instead of friends+platform? Having granual levels of vouching for someone's actual identity? Being able to "delete" your identity without pleading with some corporate department?

I sure there are downsides, but there are some hefty upsides, too.


Yes, if everyone in your "circle" changes their IP address while the IP address change notifications are all in flight, you lose connectivity. Excuse me being skeptical whether this is a realistic situation. If only one person's IP address doesn't change while the notifications are in flight, they'll receive all the notifications and then everyone else will (eventually) ask them where to find everyone else.

True that a lost/damaged/stolen phone poses problems. At least someone can't social-engineer your phone company into giving them your ID.


The thing is, web3 should be a thing and it should be completely decentralised... it just shouldn't involve cryptocurrency. It should involve cryptography.

OpenPGP has had almost everything you need for years. Here's a brief outline of how a decentralised social network works:

You start by installing an app on a device which we'll call The App. When you first start The App, it creates as self-signed OpenPGP identity.

Next time you see a friend of yours, you convince them to install The App. You use NFC to cryptographically sign each other's identities - in OpenPGP terms, this is a "Positive Certification". On each of your phones, The App notes at which IP address they found each other.

Once you have a circle of friends created in this way, you might accepting remote friend requests by certifying someone else's identity (and them certifying yours). These work in the same way as NFC certifications, but they are "Casual Certifications" rather than positive ones. You can gauge how likely it is that a friend request really came from the person it claims to come from by seeing how many of your friends have given them positive certifications or casual certifications; their identity can be given a score by The App on this basis.

The App keeps track of how it contacts your friends (ie their IP addresses). Whenever your device's IP address changes, it sends a message to each of your friends saying, "Hey, my IP address has changed." You use your OpenPGP identity to sign this message so they can tell it's really from you.

Whenever you post new content, The App sends a signed message to inform all of your friends. The App on their devices can decide whether to download the content immediately from you or wait until a later time or ignore it entirely, based on user preferences, network conditions etc.

If The App tries to contact a friend and gets either no response or a response not signed with the right key, it starts asking all your other friends in turn, "Do you know where this identity is?" If no-one has a valid location for them, it means that everyone's device has changed IP address simultaneously (or close enough that the address change notifications didn't get through). It's not entirely impossible - say if everyone in your circle turned their phone off overnight or there was a really major internet outage or something. But on the whole, it's pretty unlikely to happen. And it's mitigated in two ways. Firstly, The App on devices on the same subnet uses IP multicast to find each other and check whether they've signed each others' identities. And secondly, friends who are physically next to each other can use NFC to reconnect. If one person falls off the network somehow, it only takes reconnecting with one person to then reconnect with your entire network.

This is proper social networking. It's not mediated by anyone; you decide who you trust, what you want to see, what you share with whom. Nothing is stored on a server anywhere; the only server involved in the whole damn thing is the one you install the app off of. There is no way for advertisers to advertise on it. There is no way for political parties / conspiracy theorists / antivaxxers / whatever other nutjobs to push their content unless you actually know them. Implementing end-to-end encryption of all the content is trivial, if that's what you want; at any rate, it's all signed. Decided you don't like your identity and want to start fresh? Just uninstall the app and reinstall it. You'll have to reconnect with all your friends with your new identity, but that's what starting fresh is actually like.

There are three problems:

* Almost every device is behind a NAT gate these days. This makes direct connections between devices impossible to do with any reliability. Once IP6 is universal and every device has a publicly routable IP6 address, this problem will go away. We are not there yet. I would not be surprised to find that Facebook is actively discouraging ISPs from implementing IP6 to prevent exactly this sort of thing.

* There is no way to monetise it. Or not that I can think of. You could perhaps sell the app. But someone will just write a compatible client. It will be worse and have crypto backdoors and will inject advertising into the network but it will be cheaper than yours and people will use it. Which leads to the third problem:

* No-one has done it yet.

HP's solution to running GPU-accelerated Linux apps on high-end Z workstations: Rely on Microsoft's WSL2


Hardly only their high-end kit

HP consumer kit is also notorious for crap Linux support. (eg I own an HP 2-in-1 that I still can't put to sleep and wake up again).

HP's approach to ACPI appears to be to throw any old junk in because it's too hard to get right, then sort it out in Windows chipset drivers.

Twitter's machine learning algorithms amplify tweets from right-wing politicians over those on the left


My thought too - this is likely to be a simple "regression to the mean." It's difficult to boost content that's already reached 99% of Twitter users through ordinary people re-tweeting it.

And the cynic in me rather thinks that Twitter might have a vested interest in this result.

Fancy joining the SAS's secret hacker squad in Hereford as an electronics engineer for £33k?


Re: No comment

My thoughts exactly. I think we all know the sort of skillset they'll actually get for that kind of money.

An anti-drone system that sneezes targets to death? Would that be a DARPA project? You betcha


Especially if it's loaded with half a kilo of plastic explosive.

It's interesting that the interceptor appears to be a sort of drone but one that uses two contra-rotating propellers and (presumably) variable pitch to control attitude rather than just using another off-the-shelf quadcopter, especially for demo purposes.

39 Post Office convictions quashed after Fujitsu evidence about Horizon IT platform called into question


Re: System Failure

You do need to put this in context a bit. There were more than 700 prosecutions of subpostmasters over this time. This appeal dealt with 42 of them. The court allowed three to stand and quashed the convictions of 39 others, but based on the summaries of the cases given in the judgement, it seems likely that some of those 39 were guilty. These convictions were not quashed on the grounds that the defendants can be shown to be innocent, but on the grounds that the process used to convict them was grossly unfair. That doesn't make them innocent.

These 42 were referred to the court of appeal by the criminal cases review commission because they were the ones where convictions seemed most likely to be unsafe; three of them were allowed to stand because their convictions didn't depend on Horizon data. It seems likely, then, that the 700-odd other prosecutions were also based on evidence other than Horizon data. What I'm getting at is that these convictions didn't just happen out of the blue, but as part of a much larger number of prosecutions where the defendants probably were guilty.

When you see 39 subpostmasters have their convictions quashed in a group, its easy to wonder how no-one saw the pattern; when those are less than 5% of the prosecutions of subpostmasters over that time, it's a lot easier to understand how they seemed to fit into a different pattern.


Re: Perjury?

It is pretty clear from the Court of Appeal judgement that the Post Office knew there were problems with Horizon from very early on and concealed the fact.

They were, at the time, also in the position to ask Fujitsu for data from the keylogger they installed on every Horizon system that would have been able to show whether the shortfalls were caused by the people they prosecuted or by Horizon, but Fujitsu would have charged them a fat fee to deliver that data so they almost never did it. Even where they did request the data, they didn't use it to investigate whether the crimes they were alleging had been committed, they just handed it over to the defence team who had no idea how to use it. The judgement comments on this repeatedly as a breach of the prosecutor's duty to pursue all reasonable lines of investigation.


Re: Perjury?

It's even worse than that. Their own lawyers told them they were breaching their legal obligations as prosecutors by not disclosing documentation, so they shredded some things and stopped writing things down in the hope this would either prevent the creation of more documentation they would have to disclose or at least hide the fact they failed to disclose it.

"Startling" is the strongest word the Court of Appeal has for prosecutorial conduct and they use it repeatedly.


The court of appeal judgement comes very close to saying in as many words that Fujitsu expert witnesses perjured themselves in the course of these trials. TBH, given the conclusions they reach, it's hard to see how it could be otherwise.

God bless this mess: Study says UK's Christian beliefs had 'important' role in Brexit


Re: Lies, damned lies, and statistics...

Yup. Religion was a net influence for remain but, you know, blame religion for Brexit, why not?

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?


Don't assume malice here

I've been doing some work for a client recently who develops access points with 4G and Ethernet connectivity. It's surprisingly easy to get this wrong. Suppose you want to fail over between links at most 5 seconds after the link becomes unresponsive; that means doing some kind of connectivity test every 5 seconds. Most of the internet treats "I can ping" as exactly equivalent to "I have internet access." A normal ICMP echo packet is 86 bytes, multiplied by two to include the reply. At every 5 seconds, you're sending 17,280 of those a day and you've just eaten roughly 100MB per month.

It doesn't take many other services that poll every few seconds to see if anything's happened (hangouts, gmail, play services, assistant, maps, location sharing...) to make "only" 250MB per month look pretty good.

OnePlus 8T: Solid performance and a great screen make this 5G sub-flagship a delight


Re: But did you turn off the high refresh rate?

[checks quickly] No.


It's a bit disappointing that the battery barely lasts you through the day. My 7 Pro still normally lasts 36 hours between charges and when new often did me for 48 hours. The 7 Pro's screen is good; the 8T would have to be a *lot* better to justify cutting the battery life by that much, in my view.

NHS COVID-19 app's first weekend: With fundamental testing flaw ironed out, bugs remaining are relatively trivial


Old iPhones.

It's good to see it here. A remarkable number of people I know seem to have old iPhones, though, and it seems to be a horrible battery drain on them.

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher


Re: What problem are the certificates solving?

...and trust the BBC to manage the certificate at the root of a chain of trust. It is better for a few specialist organisations to the do this than for every media streaming service to manage its own rarely-expiring root of trust.


Re: What problem are the certificates solving?

But the problem is fundamental: in some way or other, the client needs to verify that the server it's sending credentials to is actually the server it meant to send those credentials to and not some other server that's stealing those credentials.

There are all sorts of ways that that verification could be done and PKI certificates are only one of them; but they are a good choice for it precisely because they have a chain of trust with differing expiry intervals. The root certificate, which allows you to verify servers, expires rarely and the security precautions around it are extreme; the server certificate expires often but that doesn't matter because the client doesn't need to be updated when the server certificate is updated.

Anything you can suggest to replace that is almost certain to be worse.


Re: What problem are the certificates solving?

The most pressing reason for using certificates from the end user's perspective is that many of the services accessed from the connected kit require logins and if you don't verify that the service you're sending credentials to is the right one, someone steals your login. For an example of what goes wrong when the certificates aren't validated, see this 2015 story.

Samsung made an internet-connected fridge. Yes, it's one of the dumber ideas ever, but apparently some people want email notifications while they're cooking. The fridge didn't bother to validate server SSL certificates, which made it possible to mount a man-in-the-middle attack. Since the fridge had access to email accounts to give email notifications, this allowed stealing of email credentials.

As someone has pointed out, once the certificate expires, you are in a hard place. If you don't verify the server certificate when you download a new firmware package, you have to assume that you've just installed malware on your customer's LAN. If the certificate fails verification, you really really ought to refuse to install the firmware update. In the case where your root certificate has expired, this leaves you in a place where you can't install the update that would fix the problem. In some cases, it will be possible for end-users to download and install an update. In other cases, the bit of kit is effectively bricked because either there is no feasible way for an end-user to install an update or because the average end-user is as likely to figure out the process as they are to grow antennae on their foreheads.

What do we want? A proper review of IR35! When do we want it? Last year! Bunch of IT contractors protest outside UK Parliament


Someone hit the publish button a bit early?

So it's rather a shame that Saj is no longer chancellor...

Remember when Europe’s entire Galileo satellite system fell over last summer? No you don’t. The official stats reveal it never happened


Re: WTF?

Ah, yes, the vaunted "two sevens" reliability standard.

Oi, Queenslander who downloaded 26.8TB in June alone – we see you


Someone hit the publish button a bit early?

It's a little more complicated than that because you need to find out whether nbn's numbers include the encapsulation overhead (and find out what the encapsulation is) and then decide if you want to include the encapsulation bits in your numbers. But thereabouts, yes.

OPPO's Reno 2, aka 'Baby Shark', joins the deepening pool of high-spec midranger mobes


Two things to note

I've recently purchased a OnePlus 7 Pro which also has a mechanically-extended selfie camera. It's rather unnerving; for some reason, every time I open eBay in Firefox, the selfie camera pops up briefly - I assume it's taking a photo of me. Of course, on any phone with a fixed selfie camera you just won't know this is happening.

The other thing that midrange phones almost always skimp on (and which is not mentioned in this review) is waterproofing - and the Reno 2 is no exception here.

This fall, Ubuntu 19.10 stars as Eoan Ermine in... Dawn of the Stoats


Someone hit the publish button a bit early?

See here


Someone hit the publish button a bit early?

The link still only shows 18.04 LTS and 19.04 downloads.

Don't mean to alarm you, but Boeing has built an unmanned fighter jet called 'Loyal Wingman'


I sure wouldn't want to be flying the manned half of this if the unmanned half has weapons...

Go, go, Gadgets Boy! 'Influencer' testing 5G for Vodafone finds it to be slower than 4G


Looking at the graph of download speed, it's pretty hard to argue that it'd reached its peak.

OneDrive is broken: Microsoft's cloudy storage drops from the sky for EU users


The Register was keeping quite a useful count of Office365's actual availability in these articles, but that seems to have been abandoned, possibly due to the complexity of defining whether "Office365" as a whole is "available".

By my rough count, we're somewhere down around Office352.

Huawei MateBook Pro X: PC makers look out, the phone guys are here



It tops out at 8GB RAM. Yes, you can fit more - because when I buy a new laptop, the first thing I like to do is throw away the RAM it came with (because the chance of there being a free slot is PRECISELY zero) and spluring another £150 on it.

13.9" is a little on the small side for my not-as-sharp-as-they-were eyes.

But oh my, it's pretty.

Agile development exposed as techie superstition


At the same time, asking for randomized, controlled trials of methods of managing large projects is kind of unreasonable. Why not go the full medical-grade route and ask for randomized, controlled, blind trials? Engineers aren't allowed to know with management method they're using...



Biting the hand that feeds IT © 1998–2022