Posts by dajames

Re: No money in it

the user has paid for the 'phone ... the ROI on security updates is zero.

Not really ... I bought a Moto phone in part because the word on the street was that Moto were good at releasing timely patches. Unfortunately the joke seems to be on me, because in 18 months it hasn't been updated to Nougat or Oreo, and hasn't seen a security patch since January last year. There is allegedly a release of Nougat for at least some versions of this handset, but I haven't seen an OTA update for mine.

My point is: I would definitely pay more for a phone that was guaranteed to receive OS updates a reasonable time -- say version upgrades for three years and security updates for a couple more beyond that.

For me, it would have to have an SD card slot and a user-replaceable battery ... so the Pixel and the iPhone are both ruled out.

Re: All Pi's need USB3!

AFAIK there is no SBC with USB3.0 and gigabit ethernet, much less one for $35.

No ... but you can get the Gigabyte GA-E3800N for around £40, and that has USB3.1 and gigabit ethernet (and a couple of SATA ports, RS-232 and Parallel, etc). That has an AMD APU and isn't fanless ... and you'd need to add a RAM DIMM or two ...

It's not quite Pi-small, or Pi-cheap, or Pi-quiet ... but it's not a world away.

Re: Certificates are an illusion of trust and security

Why should anyone trust any CA?

They are set up to make money selling certs.

Yes, that's the reason.

A CA depends on the money it makes from selling certificates. No CA with any business sense will deliberately issue certificates that cannot be trusted, because that would damage the CA's own reputation, and lead to users not trusting the certificates it issues ... which will lead to customers going elsewhere for their certificates, and the CA losing money.

That said, it's important to understand what a certificate means. All a certificate tells you is that the CA has reason to believe that the private key associated with the public key in the certificate belongs to the purported owner (the "subject") of that certificate. For a cheap/free EMail certificate the CA may do no more than check that the address to which the certificate is to be sent is the same as the address in the subject ID while for an expensive ECommerce certificate the CA will carry out offline checks on the identity of the certificate requester, and will insure against any fraud arising from misuse of that certificate (which is why such certificates are expensive).

All a certificate really tells you is the identity of the owner of the certificate (and the associated key); you are left to make your own decisions about trust.

Not either/or

I'm thankful they got rid of the headphone jack, let me buy a superior DAC that makes music from mobile sound awesome

You can use USB headphones with their own DAC even on a phone that has a headphone, jack, you know. Removing the jack just removes user choice.

I'm not sure that this is correct. If they issue £700m of new shares, then their cash position increases by £700m. The balance sheet just shows a movement between assets and capital. It shouldn't in itself, have a significant affect on the valuation of the company.

That's right ... but the price per share on the markets will fall, which is what gets reported in the news.

Re: Aircraft Carrier

Of course, if Crapita get the contract to paint, it'll work out more expensive than buying real aircraft, and they'll paint the wrong type of aircraft as well.

They'll paint F35s, you mean?

"a case of luckly to be looking in the right place at the right time."

In the field of observation, chance favors the prepared mind. Pasteur.

Nice one. So ... he was lucky to be looking in the right place at the right time, but at least he has the nous to understand what he was seeing.

Seems fair.

User Manuals

No, it's because no one expects to need to read them anymore. If a device isn't pick-up-and-play intuitive without directions, it's considered too complicated.

Nevertheless, I know people who complain that they can't use modern software because they haven't got a manual to read. The idea of FWITIW (Eff With I Till It Works) doesn't seem to appeal to them.

Some modern software just is user-hostile crap (and a manual would make that failing more obvious) but some users do seem to need a manual even to use the best-designed programs.

Re: Router code is just as crap

If(packetBuffer.IsFull() == true)

Or even just:

If( packetBuffer.IsFull() )

... because, you know ... Boolean logic.

The compiler will probably emit the same thing in each case, but the shorter way is easier to read/maintain.

Re: "there are much more suitable options for that"

... "real programmers don't use an IDE" ...

Yes, that may have been true when IDEs were all toys. Things have changed.

It used to be that real programmers used commandline tools because it was easier to get real work done with those tools than with the rudimentary IDEs of the day. Now IDEs have become more sophisticated; you can do everything you need with a good IDE ... and it hooks into the version control system, the bugs database, the build server, and loads more besides.

Unfortunately this has made IDEs and their accompanying baggage so complicated to configure, maintain, and use that I find myself nostalgic for the old days when I had some time free to write code as well!

Re: Best plate I ever saw...

The most laughable I ever saw was "CLA55Y" ... on a dung-coloured Ford Granada, of all things!

Re: Next time, Dell

Oh, and Lenovo has the Fn key in the left corner of the keyboard, where the Ctrl key *should* be. The position of the Fn key is, no kidding, one of the main thing is take into account while looking for laptops.

You can -- at least on my 18-month-old T460p -- swap those around in the "BIOS" (aka UEFI firmware) setup.

What's really stupid, though, is that the Ctrl and Fn keys are different sizes so you can't swap the keytops around to remind yourself that you've done so.

Sigh.

Re: I had alarm keys twenty-five years ago...

I had electronic "keys", not yet "tags" to enable/disable the alarm system twenty-five years ago already. They don't need power - like a phone app - and don't depend on your phone age, make or OS. Far more comfortable to keep in pocket.

The trouble with 'tags' is the way people use them -- they invariably put them on the same key-ring as their house keys. This means that if you lose your keys and they are found near your house the finder can walk down the street trying your keys in all the front doors, and when they find one that opens they know they have the tag for the alarm.

Two-factor authentication it ain't. A passcode is much more secure.

Tags do have their uses -- people who can't remember a passcode will nevertheless be able to use a tag, and on systems that are operated by a large and rapidly-changing group (an office with a lot of short-term staff, for instance) management of passcodes can be a challenge -- but for most domestic situations a passcode wins hands-down.

Pay attention at the back!

Has everybody missed the fact that even though the villain in this piece (Pho) had Kaspersky's product on his computer, it was still riddled with malware?

The article says that the NSA code that Pho had illegally taken from work and copied onto his home PC was detected as malware and reported to Kaspersky. There's nothing to suggest that any of this code or any other malware was active on his PC.

Not quite how it works ...

- The judge* decided on the law in interpreting a contract

- It then became impossible to challenge the judge's interpretation on appeal because it was now a fact and the appeal couldn't redetermine facts.

I am not a lawyer, but this is not quite how it works, as I understand things (in the UK).

Once a judge makes a ruling on a point of law (such as the correct interpretation of a contract term) that sets a precedent in law. Other judges judging cases in the same court (that is: at the same level) will defer to that judgement.

However, a judge in a higher court (an appeal court) CAN overturn the original judgement -- that's the point of the appeal court. Judges with more seniority and experience get to reexamine the decisions made by more junior judges in lower courts and either uphold or overturn them. It's a legal "second opinion".

Re: So Close!

When phones only had 4 or 8GB of storage, an SD card would be a 'must have' feature. However, in these days of phones with 128GB storage, it isn't as crucial ...

Large internal storage capacity is nice to have ... but the great thing about an SD card (formatted as portable storage) is that if/when the phone dies or gets broken you can just pop the SD card and all your most recent downloads and photos (the ones you haven't backed up yet -- you do DO backups, don't you?) are not lost.

Re: CIS software

Does anybody remember a dial in software for CIS called Orzak or similar.

There was a reader called OzCIS, that came, I think, from some people called Ozarks West Software. I never used it, though, because I had already found WigWam when I first heard of it.

Re: Just get the best tool for the job...

If you need to retrain all your staff to work with Open / Libre -Office while they're already fully familiar with MS Office then going open source might not be the best of ideas for that specific part.

How did they become familiar with MS Office -- was there training for that? If not (and there hardly ever is, which is why most users use office software so ineptly) why would you think you might need to offer retraining for different software?

If you think MS Office 2003 users would have needed retraining to use LibreOffice I hope you also accept that they should have been retrained to use MS Office 2007 with it's radically different UI.

Re: Horsecrap - MyffyW

Bought from Google - 1st party

Bought subsidised from phone company - 3rd party

No, I think you're missing the point.

Google-branded phone with unmodified Google Android - 1st party.

OEM-branded phone with the OEM's own customization and skinning - 2nd party.

OEM-branded phone bought subsidized from airtime provider with customization by OEM and by airco - 3rd party.

What's relevant is the number of customizations that would have to be re-applied to an Android update in order to upgrade the device. The closer to Google your device was sourced the more likely it is to see an upgrade.

Re: shouldn't we be past the buffer overrun exploits?

Thank fuck for Android's super updates system!

Ah, Irony! We don't use that here.

Re: I'm wondering on how efficient this all is

... I have trouble with the sentence : "the open-source community has to provide alternatives". With all the faith I have in the coding abilities of Open Source volunteers, they are working from home.

Not all of them work from home. An awful lot of them work for big companies like IBM, Microsoft, Google, Facebook, Oracle, and Amazon ... not to mention the likes of Red Hat, Canonical, and SuSe ... and not forgetting the Linux Foundation!

I think that it is mostly to companies like these that the article refers when it speaks of an Open Source community.

Re: Seems sensible

The trouble is that business won't like this as it would mean they would have to factor n-years of support into the price of their product rather than sell cheap and hope the product outlasts the consumer guaranee/warranty period.

Good.

Eliminate the cheap shit from the market and you push up the entry-level price to the point at which manufacturers can afford to build a properly thought-out, easy to maintain, product that is worth supporting for ten years. Most of the sillier IoT devices will just not be made because nobody would buy them at those prices -- but that's no loss to consumers, only to companies trying to make a fast buck out of cheap IoT Shit.

Re: 3.5mm jack

How many people were more worried about a phone being waterproof than they were about being able to use it to listen to music? Fucking no one.

I was ... or rather would have been if the Pixel had been cheap enough for me to do anything but laugh at.

I use my phone out of doors quite a lot -- both as a phone and as a map/GPS -- and sometimes it rains so I want a waterproof phone. I do also use my phone to listen to music, but not so often, and not so much when out and about, and I do still have an MP3 player (and Bluetooth speakers, for that matter).

I do agree that dropping the 3.5mm jack was a daft thing to do, and not likely to win any friends. The idea, presumably was that you can use USB headphones (and not charge the phone) ... but having a 3.5mm jack for compatibility with all the millions of pairs of wired headphones that already exist would not stop the phone supporting USB headphones, it would just give the user a choice.

Choice is a good thing ...

Re: Outlook/Lookout

At one place I worked, Outlook was referred to as "Lookout" by some in IT.

It's known as "Outhouse", around here.

Re: Slight problem?

... SMS where the thief can move the sim card to another phone to receive the 2FA code.

Unless, of course, the SIM card is PIN-locked ... which is probably a good idea in any case.

Re: Strontium Dog

Proly because the Judge Dredd ones weren't massive hits....

The more recent one -- with Karl Urban and Olivia Thirlby -- deserved to be ... apart from being scarily reminiscent of a shopping trip the local Arndale centre on an Saturday afternoon ...

Re: Widespread Linux on the desktop remains elusive.

Don't say LibreOffice. It looks like a 1998 shareware application.

You say that like it's a bad thing!

Microsoft used to publish some guidelines on application GUI development that encouraged the use of common GUI designs and metaphors in an attempt to achieve consistency across all applications on their platform in the interests of ease of use. Because of this the better shareware applications back in 1998 had very similar look and feel to Microsoft's own applications.

Along with that came helpful features like, for example, the F1 key bringing up context-sensitive help from any part of any application. I miss that.

I really don't hold with this strange notion that an application's GUI should look "modern". What's important is that it should work well and enable the user to be productive. The appearance is secondary. An awful lot of time is wasted in our industry changing UIs for cosmetic reasons that bring absolutely no benefit other than making this year's version of the software immediately distinguishable from last year's. If only that effort could be spent on making the applications more useful, less buggy, and more secure!

Re: Built-in obsolescence

I have the same phone, none of the same problems with battery.

I'd be rather weary to extrapolate a sample size of 1 of a particular model to the whole manufacturer's portfolio.

I did find some discussion online between other users who were experiencing the same problem with the Z1 Compact, so the sample size was at least a little more than 1. There was some disagreement as to whether simply replacing the battery would fix the problem, but it worked for me.

However, my intention was not so much to grumble about this problem with this particular phone, as to point out that it is a real pain in the proverbials not to be able to change the battery when it needs to be done.

I do understand that waterproofing an IP68 phone isn't trivial, but other manufacturers have managed it so it's not exactly rocket science. (See the Samsung Xcover for example (link to gsmarena).)

Re: ...the attacker would have to be on the same base station as the victim...

If that's the case then it is somewhat analogous to a locksmith demonstrating the ability to come round to your house and pick the front door lock.

A better analogy might be a locksmith demonstrating that he can open all the internal doors in your house when what's important is that he can't open the front door from the outside.

Of course, if you let him in he has the run of the place.

Re: Unlikely

Microsoft claimed the exploitation of this bug was "unlikely" in the wild.

Mostly because S/MIME is an essentially dead protocol, that only a handful of people have ever bothered with....

S/MIME isn't dead. It's the standard protocol to use when encrypting internet mail within a PKI. The other common mail encryption protocol is PGP, but that isn't used within a PKI. If S/MIME is not much used it's because most people don't actually bother to encrypt their mail.

I would think that Microsoft regard exploitation of this bug as "unlikely" because they don't think anyone sends mail in plain text, nowadays.

Re: Why do we need bezels ?

I do not understand why it is not possible to remove bezels completely ?

I can see some attraction in the idea of a screen with no bezel ...

... but when it is a touch screen on a mobile device, I find myself wondering how the hell one picks the damn thing up without causing input.

Surely the bezel is there to give you somewhere safe to hold it?

Re: OC

I can't think of an intransitive use of the verb "display".

Methinks I have heard it said that some species of wildlife are known to display (intransitive) in order to attract a mate.