Posts by dajames

I assume you are as competent to judge the quality and efficacy of my code as I am to write it, and thus validate my assertion that I am in fact a coder of some 40 years experience.

The question isn't about code. They're not interested in the solution you give -- being, as you suspect, incompetent to assess it -- they're interested in the way that you answer, and whether the question itself worries of flummoxes you. They may not know how to judge your coding competence, but they know about people.

... and you can be sure that they will be able to call in an expert who IS competent to asses your work, if it comes to that, and you can wait in a nice uncomfortable office for a day or so while they get hold of the right person.

Why not just set the Master Password in your browser's password store?

What makes you think that the Master Password in the browser is any more secure than any of the purpose-written password managers being torn apart here?

In any case, most people use more than one browser on more than one system, and locking a password away on one browser doesn't help when trying to use it on another.

IME allowing the browser to remember passwords is the best way to ensure that you don't remember them when you need to, and don't have a backup copy when your PC dies. I always recommend turning that facility OFF.

Re: Do people actually want robots/computers that only communicate verbally?

What people want is for stuff to be quick and easy. Verbal commands are one way of doing that.

What people also want is for stuff not to be error-prone, that's much harder to do when instructions are verbal rather than typed or chosen from a menu.

Sure, there are a variety of use-cases in which one has to communicate with a machine when one's hands aren't free for typing or touch -- and it's great that Sony and others are doing the work to make that possible -- but most people, most of the time, are not so constrained.

Re: "Why does the size have to be identical? "

To verify the hash meaningfully, no matter what kind is used, you need to know what the output of your hash computation should be.

We're talking about signed PDFs, here. You know exactly what the hash should be, because it is part of a signature block that's been signed with the document author's private key.

[The article is about weakness in the hash process, not about any shortcomings of PKI, so the validity of the hash in the signature block can be taken as a given.]

That is no different from knowing what the size should be.

It's very different, because the size of the document is not part of the signature block.

Definitely something up with your system. This Windows 7 box has been up for 20 days ...

Windows systems can be quite stable, but can also not be ... it depends on the mix of components you have, and how well they're supported.

Back in the day I had a fancy dual-CPU workstation running Windows 2000. It was generally rock-solid but after a few days it would start to get very slow and need a reboot. A little investigation showed that all the RAM was in use -- by something!

Further investigation revealed a memory leak in the little resident program that monitored the UPS. It leaked about a kilobyte of RAM every second, and after about a week it was using 600MB or so, and nothing else could run without swapping like a mad thing. The easiest solution was just to reboot every few days.

Apparently the UPS software was fine when using a serial connection, but I'd connected it by USB because I was using both my RS-232 ports for test kit and there was a fault in the USB comms.

In this case, though, the fault was not Microsoft's -- there's not al awful lot an OS can do to police a memory leak being perpetrated by a daemon process.

Re: RDP from weedy hardware can be good

...copes fine with taxing stuff but obviously does have a bit more grunt than a Pi (think sub 100 quid smartphone spec)

Methinks a Pi 3 has more grunt than a sub-100-quid smartphone ... you don't get a lot of grunt in a phone for less than a hundred!

Re: Windows tablets - when the touch screen driver craps out...

How do you fix a tablet when the touch screen driver craps out?

The tablet has an HDMI output, so I could have plugged-in a monitor too I suppose.

This is not something that only Windows tablets can do.

I could do that with my old (2012) Samsung Android tablet, too. My more recent Asus Android tablet even came with a clip-on keyboard and touchpad (but the HDMI port is micro-sized and I haven't got the right cable to try it).

Many Android apps work surprisingly well with a keyboard and touchpad ... which is probably why it's so annoying when one doesn't.

Abbreviation Hell

Female seeking male? Absolutely not.

I stared at the letters FSM for an embarrassingly long time before the words "Finite State Machine" trickled reluctantly to the forefront of my consciousness. It wasn't until I read further down the comments that "Flying Spaghetti Monster" even occurred to me.

Does that make me a bad person?

The problem with these big IT companies like in Microsofts case, is the brains that made Windows, Office, SQL Server etc have long since gone, you have newbies looking after the code.

This is true.

This is what you get when accountants run a company to maximse profits...

Well, yes, probably ... but in the case of Windows it's because the system has been around for so long that most of the people who worked on it in the early days have retired or even died.

Dave Cutler (wikipedia link) is 74. He still has a position at Microsoft but I doubt it is full-time, and I doubt he does much maintenance work on the NT codebase any more!

It's inevitable that there will come a time when any mature codebase will have to be maintained by people other than the original design team, who may not be fully in-tune with the design methods and goals of that original team. There may or may not be documentation to help them, they may or may not read it if there is, and it may or may not actually help if they do (yes, I've worked on software projects in the real world).

Even without that problem, code gathers cruft. Bug fixes and added features change the structure of the original code, which may or may not have been clean to begin with. Maintenance gets harder, not easier, as time goes on, bugs slip in unnoticed, and quality falls further.

Meanwhile, advances occur in our understanding of the software process. New tools and languages are developed that make it easier to develop software that is robust, efficient and safe. There comes a time to throw out the bathwater and the bath (the baby has long-since grown up) and start again.

Conventional wisdom tells us that rewriting an existing product never pays, but this view overlooks the high interest rate on technical debt. If you can't let go of a dying codebase you'll lose market share to a competitor whose code is cheaper to maintain (for whatever reason).

Forgive the desultory rambling ... it must be Thursday ... I never could get the hang of Thursdays.

Re: IPv6 usage soaring?

1 in 6 is a bit low considering how many users are on large ISPs which have enabled ipv6 like Sky and BT.

I wonder how many users of the ISPs like BT that have now finally started supporting IPv6 are still using routers and other networking equipment that can only handle IPv4?

It's only very recently that IPv6 support has become anything but hard to find in domestic/SOHO networking hardware, and there is a lot of kit out there that is too old to have it.

Re: At 7 bytes per stored phone number

My 2005 Moto RAZR could store numbers on the flash memory in the SIM card.

That's a standard piece of SIM card functionality. My 1995 Nokia could do it, and my current Android phone can do the same. It's not something I've ever felt the need to do on Android, though.

The SIM card is more limited in the details it can store for each contact, though, IIRC you are limited to one number (and no other fields) per contact name, and the name is limited in length and stored in upper-case only. Hardly ideal.

Re: Mis-named Wireless

Tests suggest that Qi can be around 60% efficient.

60% efficient means 40% wasteful.

Mobile devices don't require a lot of power, but increasing the energy consumed while charging to compensate for an unnecessary 40% extra losses merely in the name of convenience leaves me feeling a little uncomfortable with the whole idea.

I'll stick with wires, thanks.

Re: daft

People often forget that just because it's open source it doesn't mean it's free of costs. They are just elsewhere - software is free, and you get free support if you are willing to wait for responses from commuinty/do your own research. But if you need support on business critical things - then don't rely on that.

That's true. If you use someone else's software you should expect there to be a cost. You may have to buy a licence, you may not. You may get free support, or you may have to pay. You may get to deal with a responsive team of developers who are willing to listen to your requests and suggestions for improvements to the product, you may have to pay them to do it, or you may have to commission someone else to fork the development and make the mods for you (or give up on the idea).

Whichever way it works for you, you may get some of it free, and you may not have to pay very much for anything that costs.

It would be foolish to switch from Windows to Linux thinking that everything will be free. You have to look at the costs of hardware, software, support, and training using both OSes and the raft of applications software that you will be using under each, and make an informed decision. If you run a small business that doesn't have a dedicated full-time IT department you may want to get help from an external support company, and that will have a cost ... but that doesn't mean that there can't also be savings.

Re: hmm

I am also slightly surprised about how often the "car manufacture" is mentioned when it's totally foreign owned producing cars for the UK and the rest of the EU.

I did a double-take at that, too, but I imagine that "car manufacture" was listed among high priority industries to appease Nissan, who are about to spend a ton of money building new production capacity in Sunderland.

This list comes from politicians, so nobody will expect it to be taken seriously ... not for long, anyway.

Google's so-far-winning argument is something like that it is OK to break someone's copyright ...

Pay attention at the back! Google's argument is that Copyright law does not prohibit what they are doing with the Java APIs, and the courts seem to agree. That is very different from arguing that it is OK to violate Copyright.

Re: Welcome to the UK

The only country in the world to have given up *both* a working space program and a working supersonic plane.

Of course, being British, we called it a "Space Programme" (if we actually used the word "Programme" at all, which seems a bit left-pondian to my ears) ... but let's not let spelling stand in the way of a telling observation.

Re: How many tablets does a person need?

You can pick up a brand new padfone for about £100

[snip eBay link to Asus PadPhone 2]

Maybe ... but that's just the tablet part of a 2012-vintage phone/tablet hybrid/combo thing running (probably) Ice Cream Sandwich and upgradeable no further than KitKat ... and you'd need to buy the phone as well.

If you can even find the phone, it's a LOT of security patches behind the state-of-the-art.

Ah, those were the days . . . when kids didn't understand what their parents were saying. (And when the former were never to be heard by the latter . . . and preferably, not seen, either.)

Ah, yes: The Victorian notion that small children should be obscene but not absurd!

Oh no, silly of me, this is the real world we're talking about.

No, it's a university ... it's where people go to avoid the real world.

Re: Just get some easy names

Intel have:

i7 for people who need full power

That's rather too simplistic ... and what about "Pentium" and Celeron and Atom?

It's nice to know, though, that "i3" means two cores and Hyperthreading, "i5" means four cores, and "i7" means four cores and Hyperthreading ... except in the case of mobile processors which all have two cores and Hyperthreading ... except when they don't!

I agree that AMD need some cuddly names -- what happened to "Sempron", "Athlon" and "Opteron" ... meaningless, but at least they kept it easy by only having three ... oh, and "Duron" and "Turion" and "Phenom" ... maybe it wasn't so simple after all?

Maybe there are just too many CPU types?

ARM, anyone?

My name is Ozymandias, king of kings:

Look on my works, ye Mighty, and despair!'

Rather ironic that the Ozymandias of Shelley's verse was none other than the Egyptian Pharaoh Rameses II. You know, the guy whose works include the temple at Abu Simbel, which was moved in the 1960s (so that it wouldn't become submerged under Lake Nasser after the building of the Aswan High Dam) at a cost to UNESCO of some $40 million.

The remains described in the Greek poem upon which Shelley based his work were those of a different (and rather more ruined) temple: Rasmes's mortuary temple at Thebes; but even so, methinks Rameses II is one of a very few people in history who had a right to say "look upon my works, ye Mighty, and despair!" and not be laughed off the stage.

...the CEO is going to replaced by another woman, Tristia Harrison!

Doesn't "tristia" mean "sorrow" in Latin? Seems about right for Talktalk.

Re: Double agenda?

... if I go to a website "website.org" which is using a certificate issued by 'website.org' then isn't it a tad obvious that we're dealing with the same party?

Obvious, maybe, in a misleading kind of a way.

If someone has hacked DNS so that you are directed to a server that isn't "website.org" but has a self-signed certificate claiming that it is, then you tend to accept that even though it's a lie. If they have to have a certificate signed by a well-known CA the subterfuge becomes apparent.

It so happens that a mailing list fulfills the task perfectly...

A newsgroup (perhaps on a private NNTP server) might be better, but not everyone likes to let NNTP traffic through their firewall so a mailing list is a pragmatic choice.

... next, you'll say they need a nice new tiled touch-only gui to go with it ?

Hah! Kids these days ...

Re: Change in mindset is needed IMO

...what is stopping a software vendor from being his own CA?

Nothing stops anyone from setting up a CA and signing any certificate they like. You can do it, I can do it.

The problem is that your OS comes preloaded with a list of root signing certificates for CAs that the OS vendor trusts, and we implicitly trust those CA certificates and all the other certificates issued using those keys. Unless you can get your your CA certificate onto that trusted list, or persuade your users to add it, there is no chain of trust and the keys you certify will not be recognized.

Of course, this prompts the question: Are we right to trust the CA root keys are installed on our systems? That's a tricky one ...

Re: Is it just because I'm over 40?

No, I think it's because you're over 15.

There are lots of use-cases for voice control, mostly where the user has both hands full attending to some other task (like driving); voice control isn't perfect, but in these places the compromise is acceptable. The one place where voice control is almost never needed is in the living room, where one usually has at least one hand free and is usually at liberty to free up a hand or two if necessary.

Alexa looks very much like a solution in search of a problem ... but I have no objection to Amazon (or anyone else) doing the research needed to improve the technology. It'll be valuable somewhere.

Re: HTML5 can do WHAT?!

Guess you don't like full-screen video-on-demand playback, then.

There's nothing wrong with full-screen video playback, but full-screen anything is something that the user should select -- or not select, according to taste -- and not something that should be selectable by software without the user's consent.

The security/usability balance isn't all about absolutes.

Re: what does android updates have to do with ads

And the global market has spoken loudly that people don't care about getting OS updates (there is a vocal minority that does care of course).

[Citation needed]

For me of course I'd like to get security patches(I'd even pay for a subscription service ) but I don't want UI changes.

That's a problem for the OEMs, because keeping multiple versions of an OS patched and up-to-date costs more than just keeping the current version secure. Upgrading to the latest OS version is seen as the way to get the latest security fixes.

Also would be nice to have the ability to roll back any update whether OS or app in the event it causes problems.

I can see the attraction, but given the extra cost to the OEM in keeping the older versions patched I can't see this happening.

I'd be perfectly happy to update everything to the latest OS version to keep it current, but I would like to see OEMs actually support devices with OS updates for far longer than they currently do. I should like to see at least five years of updates (so long as the hardware supports all the latest features) as a bare minimum.

Re: S40 essential part of Levenson

S40 is part of the implementation of the Levenson recommendations, which all right thinking people should support.

"Leveson"

I quite agree that the major newspapers need reining in, but S40 is not the way to achieve it. The very notion that someone might be made liable for legal costs of an action that they did not start, and in which they are found blameless, flies so hard in the face of justice that "all right-thinking people" should recognize the iniquity that it embodies.

Amazon want you to spend money, the whole point of these systems is to make that easier. Just like one-click purchases years ago, they want to make impulse purchases more likely.

That's no reason not to get the system to read back what's being ordered and ask for confirmation. The confirmation would still be in the "impulse" time-frame so those "hey, that's neat!" purchases would still go through, and only the genuine mistakes would be stopped.

Amazon can't really want to bear the cost of handling the returns of all the good ordered by mistake, can they?

The cheaper it gets to provide call centres, the worse the products/services will be.

I can well believe that. What a deeply unsettling thought with which to begin the year!

Time was, companies would pride themselves on the excellence of their products and services, and it was those who excelled that were successful.

Re: A fair round up.

I'd like a new tablet. My Nexus 7 (2013 model) is getting a bit long in the tooth, a bit battered and out of the support upgrade window, but I can't see anything to replace it with which isn't stupidly expensive.

I know what you mean. I'd like a new tablet, too ... in fact I'd settle for an OS upgrade for my 2013 Samsung (Galaxy Note 10.1): a lovely piece of kit, but stuck on KitKat with no sign of further upgrades. I'd even pay a few quid for a supported Samsung release of Marshmallow or Nougat for it, but it's basically abandonware now.

With that sort of attitude from even premium manufacturers is it any wonder that the public have stopped buying?

Re: I keep hoping

It's poor interface design that alienates users. I'm hoping Pixel fixes that.

Pixel is basically a tweaked LXDE (running on Debian), and feels quite LXDE-like despite the tweaking. It runs nicely on a Pi -- and I would expect it to be even snappier on a decent PC -- but don't expect a leap in sophistication beyond what you can get from, say, Lubuntu on a PC today.

I like it, but your mileage may vary.

Citation Needed

... Java is still (by far) the most widely used programming language in the world, with millions of commercial (especially enterprise) applications written in it.

Are you sure about that?

Depending on what you're actually comparing -- and I know Java is big -- I'd have thought it had a way to go to catch C in terms of applications written in it.

Re: before the column goes to the cricket, the beach, etc

... going to the beach would be the fast route to hypothermia.

Some sort of coat might seem to be in order, then?

I much prefer beaches in thin grey drizzle to when they're blisteringly hot and heaving with slowly reddening bodies and reeking of sunburn lotion ... though it can be difficult to find anywhere open to buy an ice-cream when it's wet!