Posts by HereIAmJH 530 publicly visible posts • joined 24 Aug 2010
By next week, the US will be planning a national copper stash. Prices will rise even faster.
Stable Genius has just announced a 50% tariff on imported copper. So we're already raising our prices. I'm not sure that is what America First was supposed to mean.
Our demand will be dropping, that should ease the cost to the rest of the world though. You're welcome.
My system administrators never had access to my app or it's data. They had the proper security clearances to manage the OS, but not to see the data. So they could delete my databases, uninstall my apps, shut the whole thing down. And be unemployed within the hour when system monitors started screaming at a level to alert upper management. But they could not see the data or even connect to the database. I suppose they could install wireshark and capture encrypted packets, but that would trigger a different system monitor.
It's all about layers of security.
It's not storage encryption vs TDE, at least for performance reasons. They are different levels of security. I have worked for large corporations that were not comfortable with disk encryption, worrying that they might not be able to rebuild systems after a disaster. That is probably old thinking, but it still exists with corporate decision makers.
I remember when we first got the requirement to deploy TDE on SQL Server. There was a lot of concern over performance, so we did extensive testing. We were surprised that server load was negligible during the initial encryption and not measurable during day-to-day operations on a high volume transactional database.
I think if individual tables / fields were encrypted then it might but there would are all kinds of weird corner cases to think about, like full text search, GIN indexing and other weirdness.
Column level encryption only gets implemented on new systems or during a serious upgrade because it requires the application to be redesigned to encrypt/decrypt. Along with a full system outage while the app is upgraded at the same time the database is converted. And it's not just full text searches, it's all searches and indexes become difficult to impossible to implement. As far as table encryption, I haven't seen a use case where encrypting a whole table provides any benefit over TDE. Encryption is usually driven by specific column values, like SSN or cardholder data.
Real world experience, file system encryption is not sufficient. Not on the server, not on the SAN. There is too much phishing and privilege escalation. Too much crappy software used by businesses and mediocre staff. Would you leave your doors unlocked because you have security cameras? No reason to lock the server room, they have to get into the building fiirst...
If I get access to your server, I'm seeing every file there,
Secure database systems are what I do, and it is this exactly. I have worked on systems where PCI DSS is the minimum requirements, and data is generally much more sensitive that that.
Encrypted mounts only protect you until it is mounted. Then, anyone with access to login can take your data. TDE, while not the ultimate in DB encryption, means they have to get access to your database system as well to get unencrypted data. Most TDE integrations also encrypt your backup files.
If your data is worth keeping, you should be using TDE.
My first thought on seeing this article is; finally.
How about we don't use the term 'fallout'. Iran may not have nuclear weapons, but they do have a bit of processed uranium. If Iran is backed into a corner, Trump won't be able to protect us from unconventional warfare (terrorism and dirty bombs). Also note, Iran has been testing their drones in Ukraine against the defense systems we sent them. Israel's 'Iron Dome' isn't stopping everything, no matter how much it was hyped. Even though you are much larger than a rattlesnake, it doesn't mean you should poke it with a stick.
And what do you mean, doesn't every president sell their own personal version of the bible (that he can't read), and gold plated crap phones? Nothing gets in the way of the grift.
It's reasonably free of annoyances.
Two things about Vivaldi really annoy me. Address bar auto completion. How is it possible that a site that I visit every-fucking-day is not only not the top option when I start typing, but sometimes isn't even in the list at all. I have tried a multitude of options in the settings, and even when I find something reasonably close, the next update for some reason resets my preferences.
The other thing is restoring the previous session when you accidentally exit a window with multiple browser windows open. On several occasions I have had other apps on top of my main Vivaldi window freeze, requiring multiple clicks on the X to shut them down. Only to have one fall through to Vivaldi underneath and close it too. Restoring the session (which is always 'yesterday') launches duplicates of all the other windows that were still open as well. Yet sync is just minutes old and knows all the windows and workspaces. I 'only' have 70 tabs open right now, so the mess is significant.
Is it a suprise to anyone that Trump and the republicans are all for cutting funding to science related government spending?
They are only being realistic and preparing for the future. With the DOGE dismantling of the US Dept of Education, and the administration's attacks on higher education, we won't be producing citizens capable of doing the science, much less any form of critical thinking. And when you limit foreigners to white Europeans, the talent you can import gets pretty small. So might as well kill the science and save a few pennies. (we don't make them anymore)
The question is, how is his tiff with Elmo going to affect the ISS and moon projects? Maybe we just concede space to China as well.
But hang on - Discover isn't yet another .deb package manager, it's a KDE package manager for distros running KDE but which might have .deb, .rpm FlatPak or something else as their packaging format.
Discover uses packagekit-qt6 to talk to the various package managers. I have seen some threads about issues with Arch and pacman from last year. The system that is causing problems is Devuan with apt. I haven't had time to track it down. I just wanted it to browse to see what apps are in the repository. I was sure there'd be a JDK that wasn't 3 years old.... I'll drop to a command prompt for updates anyway. I've got another system to build next week on a completely different hardware spec, I'll see if it has the same problems.
PS: C'mon, with all respect, your anecdote about installing docker on Linux is ridiculous... docker is for advanced technical users (*), not for the average ones, they cannot install Docker Desktop on Windows either.
Installing docker on Linux shouldn't be difficult though. Using it, maybe. But it should be as simple as telling your package manager to install it and start the daemon.
I don't think too many distros is a problem. Really, there are just a handful that most people would be looking at.
The problem is too many have issues with installs. If you are new to Linux the last thing you want to do is play whack-a-mole with things that don't work after installing. Few people install Windows, all those annoying little problems are resolved by the hardware vendor. They know what components are most compatible with the OS they are installing, and choose accordingly. If you are repurposing a Windows machine, you're using the hardware you have and hoping it's all supported. Then there are the problems that crop up from the options that you choose. I've done a lot of Linux installs lately as I searched for a new distribution. And there are a lot of little things that need fixed. Example: package manager worked fine during install, but once booting under the OS has intermittent problems contacting it's servers. Turn out the the IPv4 DNSs were never making it from DHCP to the network config. And DNS servers are no longer in resolv.conf, it gets wiped at every boot. An then KDE Discover has trouble talking to the package manager because of some library version issue... Somehow it knows that there are updates pending, but it can't pull a list of installed applications.
Lots of distributions does dilute the developer pool some, but I suspect that quite a few that work on niche distros would simply not work on Linux at all if their only option was contributing to RedHat or Ubuntu.
TPM is an expensive issue for sure. My issue is more the push for Microsoft to control the login security on your systems. They continue to make it harder and harder to use local accounts, expecting your systems to authenticate through them. Both on the Home version and the AzureAD (Entra ID) push for businesses. I don't want my logins controlled by SaaS. I don't want my logins dependent on Internet access. I don't want Microsoft determining who can log in. I don't trust Microsoft's security.
Then there's also dual boot.....I have no idea why this sort of article never mentions this, its almost as if its written by someone from the Microsoft marketing department.
The article doesn't mention dual boot because dipping your feet in the Linux world isn't it's point. The point being, for most people Win10 needs to go away. KDE is offering a solution that doesn't require buying new hardware.
And really, how many people 'dual boot' any more? My grub rarely has anything beyond one OS install and the recovery tools. If I have Windows and want to play with Linux, there's WSL, Docker, or a virtual. And if Linux is my base, QEMU, etc. That way there is no need to shut down everything and boot to another OS, only to find out you need something on the OS you just left.
Ahem. The uni I went to, the University of Notre Dame, South Bend, Indiana, has used 'Golden Dome' for well over a century.
Do you want your university to lose it's federal funding by annoying Fearless Leader?
BTW, different companies can use similar trademarks for differing purposes. Unless your uni is also developing a missile defense system, I doubt there would be any confusion.
I wouldn't worry. Does anyone but himself think it can be done in 4 years?
It depends on your definition of done. It will be successful as soon as the first contract is signed because corporate welfare is the goal, not national defense. With the so called 'Fiscally Conservative' party in charge the annual spending is a $2t deficit. And yet it's safe to increase military spending and give out tax breaks. If you were struggling to pay your bills, would you lower your income by quitting your night job? No, you'd cut spending and pay down your debt, then you could think about quitting the second job. The goal is to turn public wealth into private wealth.
Machine generated comments don't work because they are making assumptions about code at a specific point of time. Generally things that are easy to see, like the methods of a class and their parameters. These tend to change over time and the auto-generated stuff never gets updated. It's not really useful anyway. Maybe someday we'll see good AI generation that evaluates what the code actually does, with some prompting from the dev about what it's intended to do.
Comments should NOT be a step-by-step discussion of the code, unless it's obscure or extremely complex. For example, it might include details on how to calculate the check-bit on a UPC or credit card number. Comments should be the intent and expectations of a method or block of code. "This method will sanitize the input string so a random hacker can't rape our system...." It could then add details as it's updated for future attacks. "* added regex to strip unwanted characters" "* clipped length to match the DB field size" etc
Ironically, a lot of what is needed for comments is put in there as methods are being stubbed out, then removed as devs do the implementation. If they had just cleaned up and moved their notes into a comment block for the original stub out, it would have been plenty. It's common for methods to get their implementation changed over time, but what they are attempting to do generally stays the same because when their purpose changes they are either overloaded or replaced completely.
Anyone who doesn't see the value of OOP should at least investigate Borland's VCL approach to the Windows API. An excellent hierarchy poster was included in older versions of Delphi and Borland's C++, I used to have it hanging in my cube in the early 2000s. VCL is one of the things I really missed when I moved to C-Sharp. (along with truly data aware components)
Of course, OOP can be abused. Just look at ORMs like EntityFrameworks. The article you referenced liked abstraction but not inheritance. They go hand in hand, and TBH, I've had more difficulty debugging contractor code due to bad abstraction rather than bad inheritance. Particularly with interfaces.
You can screw up with non-OOP languages too. Buffer overflows are still one of the biggest security threats. We've been talking about them for 30 years.
I need to mention here that the book does not go into Windows programming, OOP, software components, or the Lazarus GUI builder.
Since he is 'distilling' his previous pre-GUI tutorials, I can understand skipping Windows programming, because they stopped at BP 7, and OWL is no longer relevant. And the book is about FreePascal, not Lazarus. But no OOP? That doesn't make sense to me. Sure, skip over Delphi extensions, but OOP is a pretty valuable tool for Pascal programmers.
And this is the helpful Linux community that we have all grown to love. I am so glad that I have retired and only have to put up with it for my own personal projects. Get your panties out of a bunch and realize that some tools are used out of convenience, not because they are the best one. FYI, the 'critical' remote box is a Minecraft server hosted at my other house that has Google fiber. And used to give me access to my security cameras. And since you seemed to have missed it, the point is pacman is seriously flawed if installing an application can upgrade dependent libraries and remove older versions that still have dependencies from the core OS. Pacman broke itself doing a simple app install.
If you want to go systemd free (and why not) why install a version that installs it rather than one that doesn't?
MX Linux was touted as a systemd free disto. I thought I would give it a try because it's closer to Debian than Artix. Artix doesn't install any systemd, but it relies heavily on Arch that does. Causing complications and limiting available packaged applications. As I dig into it further, it appears that MX installs systemd but uses another init system. I have concerns that resolv.conf may be the first of many problems with that approach. systemd is really a cancer.
I haven't tried Devuan since it's early days, I may give it another try. If I had more free time, I'd probably go the Gentoo route. But I'd like to get some servers built for Home Assistant and a local AI.
it's harder to keep M$ running that ANY flavor of Linux.
Really? I have been running linux for close to a quarter century, and that has not been my experience. I do have one Windows (10 Ent) laptop that needs to be reinstalled because for some reason it bypassed WSUS and pulled updates it wasn't supposed to. It still works, but has unapproved updates and I'm concerned it will try to grab a Win11 upgrade or copilot. 3 other Win machines, virtually ignored for the last year. At the same time I had to rebuild an Artix box because updating OpenVPN pulled a new version of SSH and killed the system. Had to drive 40 miles, remove it, bring it home, and rebuild locally. Now it has Wayland and X2Go no longer works, so I need a new remote access solution. Lesson learned, NEVER install an App on Artix unless you do a full system update. Even when that update is going to break something else.
Setting up a new NAS a few months ago I tried distro after distro to find one that would actually install. Finally got OpenMediaVault to run. Still prefer my aging ReadyNAS and all it's limitations.
And then last night I thought I'd try MX Linux. Spent 3 hours playing whack-a-mole building a Home Assistant box. Stupid shit like resolv.conf being linked to the systemd/resolv directories that don't exist, because systemd isn't even supposed to be running, just shims. Kill the link, manually create resolv.conf. No idea if it will work right going forward, it really should be maintained by DHCP. At least for now it can resolve ipv4 addresses and Apt will work. Installed QEMU, can't connect to VMs because Spice isn't installed. Spice is the only graphical console in terminal options. Now I'll have to determine if it's virt-manager or the qcow2 from HAOS that is the problem. Pivot to HA supervised install. A dozen new packages installed and docker install script. Completes fine, but the docker daemon appears to exit immediately after launch.
One of the really big problems with linux is the way all the distros seem to want to do things differently. Am i going to be using Apt, Pacman, RPM (dnf now?) , etc... And a lot of time you search for solutions to a problem only to find that it's either distro specific, or all the solutions you are finding are several years old and there is a completely new way of doing things. Trying to diagnose domain resolution, can't even run ifconfig on the base MX Linux because net-tools isn't installed. Can't install it because the system won't resolve the host for the repositories. Decades of using ifconfig/ipconfig, I'm not thinking about ip at 3am. Lots of heartburn over systemd/sysV, Waland/x11, and new way vs old way on any number of other 'improvements'.
There is a lot wrong with Windows, but if its harder to keep running, the problem is possibly you.
False. Illegal immigrants and temporary visa holders have been deported.
Legal permanent residents have been deported. Canadian and EU tourists have been detained for weeks without being told why. US citizens have been detained and threatened with deportation. All of this is without due process, in violation of our constitution. If these people need to leave, then give them the trial that is their right. If the process is too slow, hire more judges. Don't just wipe your ass on the constitution and cry 'terrorists'.
False, it is still higher than this time last year.
The S&P 500 is currently 111 points above 1 year ago. Down 747 points YTD. Even Buffet had pulled out of most of his stocks.
The Dow is currently 294 points below 1 year ago. Down 4447 points YTD.
False. Now that they are not killing millions of healthy chickens due to a fear of 'bird flu' the price has come down.
Fortunately, I don't buy a lot of eggs. The last time I did they were $1 dozen at Aldi on sale. Today Aldi is selling them for $4.95. So if you think prices have come down, keep thinking happy thoughts.
Rip and replace with Micro services, Kubernetes, AWS, Python/Php/Javascript and Rest API’s … and minimal viable product … and we’ll fix what doesn’t work in the next sprint. Sorta, maybe. Documentation … pfft.
I'm having flashbacks of my last job. Don't forget to put the microservice passwords in kubernetes environment variables so they can connect to the databases... also running in pods.
Equifax, one of the big 3 credit reporting services, was the first to be hacked. It took them 47 days to notice. You'd think not being able to secure all the consumer credit info you have been gobbling up would affect your ability for consumers to trust you. But nope, they are still one of the big 3 and now they have a credit monitoring business to bring them boat loads of cash too.
Does anybody RTFA before racing to comment? Para 4, first sentence, "Boeing issued a free software fix"
Yes, I did RTFA. And I can tell you for a fact that it changed after I posted. I don't know if the part about a free software fix was there before, but the paragraph most definitely changed. The title was a direct copy/paste from the article. And now the article says "with an estimated labor cost of $127.50 per aircraft"
IMO, the airlines shouldn't be responsible for any of the costs associated with fixing a manufacturing defect. If your Ford had a critical recall, how would you feel if they sent you the part and told you to install it yourself? Loss of separation due to communication problems has been a factor in collisions and loss of life, even without radios that turn themselves off.
Cost for who? Surely not the airlines. Isn't Boeing's reputation bad enough without charging to fix a manufacturing defect that could cost them billions in wrongful death lawsuits?
And should the airlines be considering grounding these aircraft until there is a proper fix?
Maybe Boeing is using Broken Window Theory economics. Crash a plane, sell a new one.
First, lets get the COBOL thing out of the way. There is zero chance than ANY of the web site is written in COBOL. At best it's accessing a data repository that is managed by the COBOL apps. More likely, its looking at a replicated reporting database that is refreshed on a nightly basis. This has been a common practice for businesses setting up web sites on legacy systems for a couple decades.
Second, since the DOGE squad started attacking Federal systems, uptimes have dropped dramatically. SSA has even changed their system availability:
This service is not available at this time.
Please try again during our regular service hours (Eastern Time):
Day Service Hours
Monday-Friday 4:15 a.m. - 1:00 a.m.
Saturday 5:00 a.m. - 11:00 p.m.
Sunday 8:00 a.m. - 11:30 p.m.
Federal Holidays Same hours as the day the holiday occurs.
Web site availability hours, WTF?
I suspect this is caused by the push to use login.gov. The Federal government over the last few years has been pushing agencies to use centralized logins. I moved mine from an SSA account to login.gov a couple years ago. But with the mess that DOGE has created, it appears that login.gov has limited hours of operation. Note that the above message came from login.gov, not ssa.gov.
The inevitable result of the US mixing politics and religion
Except that there are no real Christians here. it's a corrupted religion that worships money and power over others. It's like herding cattle. The wealthy have redirected the mindless followers to put sycophants in office. Then rely on pride and absurd misinformation to keep them from admitting that they made a mistake. The rise of televangelists should have been a warning.
I have resigned myself to the idea that a lot of people will have to get hurt before people wake up to how bad things are going to get. Many will even die. It will be worse than COVID, and no stimulus checks to bails us out. You have to take away their SUVs, the fast food, the end of Soccer Moms. The poor and the elderly will take the first beating. I wonder though, what happens when you tell a second amendment senior that they aren't going to be able to buy food because Social Security is an 'Entitlement' that they don't deserve. Then again, maybe the herd just willingly runs off a cliff to their death and this is our future.
Browsers should not be implementing system level services.
I don't want to run all my traffic through a VPN and bottleneck bandwidth. I only want to VPN specific connections leaving my home network. My current use case is only specific web sites, so being implemented via the browser isn't a limitation. It's also nice to be able to tell the browser to log in, connect, and be up and going. I don't need to worry about certificate expirations or maintaining software releases. When I do want full protection, I have OpenVPN.
Just upgraded and tried it out, and it's a fail for me already. It automatically connects me to a server in Houston and I haven't found any settings to override it. Thanks to the wonderful politicians in Texas, many sites that don't want to do age verification block you. Nothing like browsing Reddit, only to find that 3rd party images are blocked because they think you are in Texas (and many other Red states). Apparently you have to use a paid Proton account to select a country or server. Which makes it useless to me. If Vivaldi/Proton are concerned about privacy and freedom, they should be defaulting to servers in less restrictive states.
I personally am only interested in VPN to bypass stupid age verification, which my state does NOT require. But either two ISPs misidentify me as being in a neighboring state that does, or the websites themselves do.
It also would have been nice to only turn it on for certain windows, like private browsing.
The problem is, it's the ones that have the in-demand skills that will leave. Because they're confident that they are marketable and won't be unemployed long. And they take their knowledge of the business with them. The ones that will stay either can't take the financial risk, or they're not competent and aren't really working. Kind of a reverse Darwin effect.
WFH improves work/life balance. Particularly in tech jobs where you are either officially, or unofficially, on call. These employers that want you in the office to promote a 'family culture', are the same ones that put you on salary and then want you to donate 100s of hours of unpaid overtime every year. In addition to wanting you available to drop what you are doing (when you are not working), log in, and solve whatever crisis they think they have. Nothing like carrying your work laptop on your vacation to encourage a sense of community. And as soon as you stop, it's "what have you done for me lately?".
And as someone else pointed out, it improves my 'sense of community' when I don't have to spend my day dealing with the smelly stuff in the microwave (sorry, popcorn should be banned from offices), the people who choose to stand in the aisle in front of my desk and chat with each other about things I care nothing about, or who complain all day and put in minimum effort. None of which are on my team, because we were all in different regions of the country and meet via Teams or WebEx.
The thing that got me more involved with my coworkers wasn't bullshit conversations around the coffee pot. It was instant messaging. If they want more sense of a community, they should encourage more group chats that aren't laser focused on work.
I believe the big shove from DOGE is intended to iron out the legalities.
The legalities don't matter if no one is ever prosecuted for the crimes. And no will ever be held accountable for the damage done.
If I burn down your house, and the gov't refuses to hold me accountable, does it really matter if it's illegal. Your house and all your irreplaceable possessions are gone.
That is what they are doing. They'll call it 'move fast and break things' like this is some software project. But the WHOLE point is to stay ahead of the courts and do as much damage as possible. Assuming they even listen once the court rules against them (see USAID), there has been too much damage to restore the agencies. They are hauling off computers, cancelling building leases, selling off property. Would they be held accountable if the DOGE boys simply destroyed the servers and all the backups? An organization could never recover from that, and DOGE wins.
the insulin smuggling at the international cost price must be costing US company megabucks considering they charge like 15x the actual worldwide retail price to their captive American market.
I don't know what insulin costs at Canadian and Mexican pharmacies, but it would have to be really cheap for US insulin to be 15x the cost. If you are going for common insulin (R or N), you can get it from Walmart for $25 a vial without a prescription. Novolog (or equivalent) runs about $35. The overpriced versions that are in pens are much more expensive, and should be avoided if you don't have insurance. But some of those will be coming down too, unless Trump rolls back the progress Biden started on drug prices.
I believe there are multiple separate electrical grids on the North American continent
There are interconnected grids, particularly east and west coast. Canada feeds a lot of power into the east coast grid covering New England states.
It was one of the reasons that Texas blacked out a few years ago during the cold snap
Texas' grid has limited connectivity because they don't want to be burdened by federal regulations. It was compounded by the fact that "it never get's cold here" mentality and natural gas facilities either didn't have sufficient heating for their equipment, or if they did it was electric. Grid strained, gas plants froze, electric generation plants had no fuel. Feedback loop brought the whole system crashing down. But lets blame it on ice on the solar panels.
It's all for show
Except it's not. He literally renegotiated NAFTA to USMCA, and as soon as another shiny object caught his attention he ignored it. He's abusing his tariff authority 'defending the country', and even when they make concessions he comes back and attacks again when the mood suits him. It's like paying off ransomware.
The problem isn't that Canada and Mexico aren't doing enough, it's that they aren't kissing his ass to suit him. For us average citizens, we'll get to pay for his vanity. Potentially for generations. The day could come when other countries decide 'the juice ain't worth the squeeze' when trying to sell to us. If tariffs push us into a recession, the general public will need to stop buying lots of stuff, which will make us a smaller market and much easier to replace.
BTW, for a lot of small purchasers (think Temu and eBay purchasers), tariffs aren't the biggest problem. The uncertainty around de minimis is. Many times even a 20-25% tariff will still be cheaper than buying the same thing from a US seller. But if there is also a ~$40 administrative fee per package, the buyers have to go back to the middlemen. That doesn't necessarily reduce imports. It just means a middleman like Amazon gets to add their tax on the consumer.
Maybe there is a bright side for US farmers?
Of course there is, more free time. They won't have the $$$ to buy the fuel to plant all their acres, or the fertilizer to get a good crop.
It won't matter what John Deere produces because the farmers won't be able to afford new equipment.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
