Posts by Ascy 43 publicly visible posts • joined 25 Nov 2011
Exactly! I think they should be taken at their word and then asked the follow up question: "Given that you take security extremely seriously and yet failed so miserably and something so basic, does that mean you're in fact completely incompetent?"
My calculator says that if this mythical engineer is working 20 days per month and 8 hours per day, then they will be each and every one of those hours reviewing 6,250 lines of code. So either they have done incredible performance enhancing drugs at Microsoft, or they plan on just hand waving unreviewed AI code through into production. As a very experienced software engineer who uses AI a lot, I can say with complete confidence that putting AI code straight into production without looking it over is going to not end well for Microsoft.
Or more likely, the person who came up with the North Star quote is actually from Microsoft's marketing department and hasn't figured out how to use a calculator.
I've always thought people that use these web based password managers are nuts. Keep your passwords secure, except give them all to one company? I've been in the software dev industry long enough to know that the majority of fellow devs out there don't really understand the first thing about encryption, so unless their solution is open source AND you are going to inspect the source code yourself AND you trust that the code you've reviewed is the one that's actually running, why risk it?
You don't get the same level of team audit and granularity as you may get with some web based solutions, but just put your passwords in a KeePass vault and use encrypted cloud storage to sync the vault (eg Filen, Sync.com, iDrive, etc). Then there are two layers of defence and you don't have to fully trust either solution (though are obviously hoping that one of them works).
Considering they bundled the Logi AI Prompt Builder thing with their Logi Options+ software that you have to go in an frickin' disable, despite never asking for it, it's a bit rich for Logitech to say something like that. I love AI, but AI that I specifically want to use (like Claude) and not their crapware (that you didn't even know was there until you wonder what the heck is using CPU cycles). Yet more proof that hypocrisy doesn't have mass. Because if it did, we'd all be living in a black hole.
Not really sure the point that this article is trying to make, but it doesn't bear much relation to the headline. So one person that is a light AI user doesn't get that much benefit from it? Quick, sell your shares in AI everyone! Or not...
I've been a software engineer (plus other labels) for a good number of years now. This year I worked on an AI project and have done a LOT of learning about AI. Before I get into that, I will say this:
- About 70% of people in my personal experience that claim to be developers aren't competent. At best, a lot of them are bad coders, but there's a lot more to software development than just coding (and if you are going to be just a coder, at least be good at it).
- The software engineering industry is full of cowboys and people that don't know what they are doing. Things don't actually seem to be getting better, sadly. Instead, non-technical people go on a 3 day Scrum course, get a BS certificate and think they know the first thing about running a software development project (they don't, and in all likelihood, neither did the person teaching them on the course).
- Be very afraid of anyone that prefixes any statement about software development with, "I used to be a developer". As a good software engineer, you can often earn around a similar wage (if not more) than a CTO, so the primary reason to no longer be a developer is either you burnt out or weren't very good at it.
Onto AI: if you'd told me a year to a year an half ago that you could get an AI agent to do half or even more of the coding for you, I would have thought that you were quite stupid and incompetent. Today, I not only believe this is possible, but am actually doing so myself.
So what are some people doing wrong and why are some people able to get good results, often using the same models, such as Sonnet 4.5? The answer is 'context', which is the data that you send into your LLM. Copilit isn't very good at this. The best indexing that it does of your codebase is when you have your source code checked into a Github or Azure DevOps. The problem with that is that once you start making modifications, then that index is out of date and it has to fall back to looking at modified files. And not everyone has their code in ADO or Github.
So which tools do have really good context engineering? The two I've found are Augment Code and Warp.dev. Sadly, though both put up their prices recently by 3x or more based on previous tiers, so I'm going to continue with Warp.dev, but also see how I get on wih BYOK (Bring Your Own Key) with it. Both Augment and Warp create really good hybrid indexes of your codebase so that it knows how files and modules relate to one another, the same way that a long time developer working on it would. You can use these systems to add features to an existing codebase and write meaningful unit tests which following existing test (patterns and frameworks).
Copilot is OK for simple stuff, a few pages closely related. But asking it to work and understand the full codebase is most likely beyond what it can do.
Other things you could try at Claude Code with an MCP tool that indexes your codebase and store the vectorised embeddings (which may not be a term with which you are familiar, but it's basically a high dimensional datastore of something which captures the meaning of a thing based on their attributes, which are stored as vectors. Other items close by in that dimensional space are judged as similar. Such as Toast and Bread).
But context is king and you need to clearly ask for what you want, but also provide enough of the existing codebase as the correct context. Augment and Warp do this Automatically. Another thing they do is build the solution, add in tests and keep going round in iterations whilst they fix their own mistakes, which is great.
Compare this to some tools such as Cursor (on the trial, I could only use GPT models) and the results were horrible. Windsurf has gotten far, far worse and was the only AI agent system to corrupt my files multiple times (so perhaps requiring that the Windsurf devs do 80 hour weeks wasn't a great idea after all. Who could have knew, right?!).
At the end of the day, all AI is going to do for incompetent people is to continue them to be incompetent, whilst being a huge help those that take the time to understand how it really works and how it can benefit them.
Output from AI absolutely does need to be reviewed. I've had several situations where the proposed solution was hiding that something wasn't possible (such as a specific local embeddings model wouldn't run in LlamaSharp, though the code pretended it did). If you don't understand, nor review the code that's produced, they you're going to end up in real trouble. But if you're a good developer, then take the time to try out different tools, learn how they work and they will save you many, many hours doing dog work or trying to understand how some spaghetti code works in an old solution.
I'm actually quite positive about AI and it's ability to help people at all levels in software development. I just would be very careful about juniors using it for anything other than to help explain bits of code to them. I would advise them to not use AI to generate code in their early years or at least take days off from doing that. Learning to get unstuck is a crucial skill and it can primarily only be learned by getting stuck.
AI can speed up learning of subjects. I still pay for many training resources, PluralSight, loads of Udemy courses, have had CLoud Academy subscriptions in the past and I really am liking my recent Mannings subscription service where you can even have books read to you. Would probably avoid LinkedIn Learning as I've seen the odd course on there that I feel was full of crap or just plain wrong. But then you can get AI to explain a thing that was glossed over in a training video or book or just answer your specific questions about something. It really is an incredible technology and I fully expect more and more of us to be running local models over the next ten years.
I would highly recommend that any developer spends a good amount of their time developing AI skills and understanding how the technology works at a deep level. Having a strong core foundation about a topic is the only upon which true expert knowledge can be built. Look on Udemy for courses by Ed Donner, they are really good and go into the details of AI.
Yes, AI can generate bad code. It can generate code that works, but wouldn't scale well past one user. But if you're a competent software engineer, you'll quickly spot these problems and be able to get the agent to put them right. So a full circle round of that may take ten minutes, including telling the agent that the first version was wrong and what it should do instead. Ten minutes is far quicker than anyone could have written the code correctly in the first place, so you really can make big gains in coding. And then you can get 100% test coverage for the new code that's just been written, written using the same style and libraries as your existing tests. But again, software engineering isn't just coding, so AI doesn't replace the software engineer. It just means that a 1 person team really can create, test and deploy a full application all by themselves. Many fewer people required on each team.
So to anyone that's not seeing a benefit from AI, then either:
- You are using the wrong tools. Or the right tools badly.
- You are using an obscure programming language.
- You are using brand new frameworks and libraries (which tends to be the case with AI libraries at the moment - agents really struggle writing C# for Semantic Kernel because that library is changing so quickly and things that are still in the readme of the codebase have been removed from the actual code!)
Good luck everyone and be happy: AI can do most of the grunt work, whilst leaving you to do the real thinking. Okay, so perhaps that's not great news for everyone, but it should be.
I think it's more of a society / world / capitalism issue. Whilst I'd be very suspicious of any new system (because I'm doing quite well out of the current system, thank-you very much), I personally think that for many years now, a lot of jobs are pointless and don't actually need to be done. That includes some of the software projects that I've worked on.
If you think of it from a 'needs' perspective in terms of:
- Food
- Shelter / housing
- Energy
- Healthcare
- Clothing
- Infrastructure
- (Whatever else I've missed)
how many jobs are there, especially in the UK, that aren't anything to do with the above categories? And how many exist that could already be automated way before this current set of AI technologies? The issue is very much, how does society work when only a small number of people actually need to work? Does everyone become a YouTuber? Does all the wealth concentrate at the top of companies that are involved in necessary activities whilst everyone else languishes in poverty?
I don't have the answers, but I sure wish we'd start thinking about them. The earlier that I can retire because the 'make work' has been done away with, the better.
As a JetBrains customer, I reckon they've been secretly using this tool for years. It probably explains their rubbish new UI which, despite many requests, still cannot dock a panel at the top of the window.
Some of us thought that JetBrains were just being difficult or getting non-technical people involved in software development (which always ends well). But it turns out that they were likely using this 'no code' tool and weren't able to fix the many issues. Perhaps their AI model is actually sentient and the HUGE horizontal tool window tab labels (which need to be turned on) were a demonstration that even AI can have a sense of humour.
Anyway, it's good to see JetBrains spending their time on stuff that really matters to us developers. I wonder what's next? A dancing cat meme generator?
Sad to say it, but I suspect the once great-ish company is in need of some 'restructuring'.
I'm fine with TPM storing the keys for my disk encryption, much easier than inputting a password. And whilst there may be ways to obtain the keys from the TPM once the OS has booted, in practice it's going to be easier to guess most people's boot password than it is to have the skills and required hardware required to extract the keys from the system. Skills which I'm going to guess that your run of the mill burglar or opportunist thief doesn't have. So unless you have something of real importance on there (eg documents that would threaten national security or real cutting edge research) that would make you a target of a professional data thief, a TPM is likely to do you just fine.
Now if only Ubuntu can sort out the abysmal hibernate situation in Linux (ie so that it a. actually works, and b. doesn't hibernate to the swap file or partition that's potentially already full up, and c. is encrypted), then I might be persuaded to give it another go.
This is one of the reasons why I gave up on trying Ubuntu last year on a laptop that wouldn't initially install Windows 11 (due to the CPU, which was easy enough to get round in the end). I hibernate pretty much every day in Windows, only rebooting to install an update. And I find it absolutely nuts that the memory is written to the swap file during hibernation for the very reason you mentioned: it might already be too full. It's like the feature was written by drooling morons. On top of that, I think I'm correct in saying that the swap partitions aren't encrypted by default.
The TPM didn't work, either, so I had to go back 15 years in time and enter a password to boot up the laptop. The final straw was Vivaldi (which is the best web browser by a large margin - with visual tabs their killer feature copied from the 'original' Opera) looking like crap. I just thought to myself, I haven't got time for this nonsense.
I've tried Linux on the desktop a number of times over the years, but I can't say that it's come much further from the boxset of SuSE which I purchased way back in 2001 or 2002. Even getting basic things working can often take hours. It might be fun when you're in your 20s and have too much time on your hands, not so much these days.
Hopefully a new OS will come along that's supported by most app vendors before Microsoft decide that the taskbar can only be docked in the middle of the screen. And no, I don't want a Mac, with Apple being far, far worse than Microsoft.
Just got the e-mail myself.
First of all, I never enter my real date of birth into any site that doesn't have a good reason for asking for it (so use a fake DOB for pretty much everything except insurance and banks). I do wonder why M&S need it?
The e-mail also screams 'non-technical people involved in software', which often doesn't help. So my question is, if no password data was retrieved (presumably including any hopefully uniquely salted password hashes), then why do I need to change my password when I next log in? That makes no sense unless they don't believe their own statement.
Hopefully their loss in market valuation will make other companies take IT and security a little bit more seriously and encourage the raising of the competence bar (let's face it, it couldn't get much lower in the software development - my - industry). Though, I won't be holding my breath.
Whilst I pay for Microsoft services and have a Microsoft account, I always insist on creating a local account on my multiple machines, so this isn't great news. MS are an odd bunch and I wonder whether they are slowly going downhill. The new windows taskbar is a disaster - apparently, it's too difficult on a technical level to allow it to be docked anywhere other than the bottom of the screen. As a developer, either their devs are morons or they are talking nonsense. The right click menu that hides all the other options that you want is also unwelcome in Windows Explorer. Thankfully, ExplorerPatcher fixes this nonsense, but it really shouldn't have to be this way. Rather than new features and constant nagging to use one of the world's most naff browsers (Edge), I'd much rather MS concentrate on making the OS more polished, more customisable, more performant and more secure.
As for the people crowing on about moving to desktop Linux, what do you guys actually do on there? I've tried Linux for over 20 years on and off and it's just a complete disaster on the desktop. I admit that I was very impressed with a boxset of SuSE that I purchased back in the early 2000s, but there just weren't the apps to keep me on there. My last attempt was within the last 6 months or so when I tried to put Ubuntu onto a laptop that initially wouldn't upgrade to Windows 11. First off, the TPM didn't work with disk encryption. Then, I tried to get hibernation working, but for some reason, the geniuses that work on Linux think hibernating to a swap file or swap partition is a sensible idea. Except, as they should know, a swap file is used (I'm over simplifying here) when the RAM is full, so you may go to hibernate and find there's no space left. Also, even with space available, it didn't work. And then I installed Vivaldi on there and it looked awful. There are also quite a few applications that I like to use that won't run on Linux.
So I thought to myself, I can either spend 3 days of my already busy life getting basic things in Ubuntu to work and continue to face more and more problems the longer I use it, or I can go back to installing Windows on my laptop (there was a workaround for the older CPU support which was blocking the Windows 11 upgrade) and be up and running in less than an hour without any problems. Linux and an open source OS is a nice idea in theory, but the current state of Linux on the desktop is real amateur hour stuff, surely for those with far too much time on their hands. So out of Mac, Linux and Windows, the latter is the best of a bad bunch. I just wish MS would make it better, though I'm not holding my breath.
I've heard rumours in recent years of the possibility of a B5 remake. JMS has apparently been shopping around for a buyer to fund production after some network pulled out. Getting DARPA to turn it into a documentary instead is a genius move and I really didn't see that coming. Would love my own real White Star. No more motorway jams for me.
Hopefully DARPA have budget to do Farscape and Lexx, whilst they're at it, both of which have some of my favourite lines of all time, such as:
"Bend over tubby!"
"It's not you, it's me. I don't like you. "
It also gives you back your old taskbar (which can be docked on any edge) and start menu.
One of my monitors is in portrait (great for programming, email, writing docs, reading web pages) with the taskbar at the top, whilst my other monitor, in landscape (great for viewing screen shares and watching cat videos), has the tasbar docked to the right. All in Windows 11.
Oh, and I use PowerToys' Run (same idea as Launchy) instead of the start menu most of the time.
Sadly the new version is still a half-baked bag of spanners. 'Chat' and 'Teams' are still separated, meaning that you are likely to miss messages in one or the other (I generally stay on chat and ignore teams). Also, you go to a chat, the scrollbar changes whilst the chat history is loaded. You go away from the chat and then back to the chat again and the whole chat history loading starts again. It's like someone is learning to write their very first desktop application.
Then there are the other issues which I'm pretty sure won't be fixed (haven't used it long enough to check):
- Multiple people on a video call requiring a dev spec machine (try having a video call with 3 people on a 'mobile' processor Core i5 laptop and then try opening a Word document at the same time - about a minute later, you may get to see your document).
- Interruptions: sometimes I just want to get on and work without popups, flashing taskbars, or the taskbar icon highlighted red. Teams is always like 'Hey, you, hey, hey, hey, hey' when 99% of the messages don't require an immediate response. Take away Teams and similar apps and I'd bet you'd see a massive productivity boost. The only way completely stop the interuptions in Teams (without Outlook randomly scheduling you focus time) is to use the browser version of Teams and not enable desktop notifications (even DND mode doesn't properly work).
- Sometimes drag and drop of images into a chat works and other times it doesn't.
Teams was such a mess and is still such a mess.
I use a Sculpt daily and haven't had a problem with batteries, including the numpad. I want the numpad anywhere but on the right hand side, which is where my mouse (that I use much more frequently than the numpad) goes.
It's not perfect, though. I'd prefer a much bigger gap in the middle.
One of my sites is back up, while the other isn't working from their restore. I have e-mails again, BUT I'm missing over month's worth of e-mails from all accounts I have with them.
I had a chat with their support, for which you need to wait hours before you get to talk to someone, with those who have paid for premium support pushing in front of you. They told me that they have suffered a malware attack (as another commenter already indicated) and that their backups were also affected, so they don't currently have anything newer to restore. I asked them whether they were going to pay to get their files decrypted and the chat representative said that nothing had been announced yet - so basically he is as clueless as the rest of us.
Way before this incident I've written reviews of A2 Hosting online which slated their technical support as being incredibly poor and also their indifference to security at offering Webmail without SSL (yes, in 2018 and probably still today - their support claims that some system they use doesn't support SSLs for each account, but they didn't seem to grasp that they shouldn't be offering Webmail without SSL). But even I didn't expect this kind of level of complete incompetence from them. If they don't manage to get my e-mails back, they can expect to be reported to the ICO by me.
If anyone would like to recommend a quality budget hosting alternative which provides ASP.Net hosting, then I'd love to hear about it. I'm currently looking at eUKHost, but aren't sure. I used to be with ICDSoft which were amazing, but sadly they don't do Windows.
"The vast majority of problems users had were with compatibility – with sites not following the standards and Opera following the standards. It’s now compatible with most sites..."
So what, now Opera is using a rendering engine that doesn't follow standards? Well done, congratulations, that's definitely worth removing all the features for that. The reality is that I can't remember the last time I couldn't use a site because it didn't work with Opera - that was a problem from years ago. And, should such a problem occur, it takes only a few seconds to launch another browser and copy the URL.
I'm dumbfounded that they've released a browser that doesn't even have bookmarks, let alone the rest of the features that made it great. I showed an sys admin the visual tabs recently by dragging the tab bar down and he said, "Wow, looks like I'll be installing Opera if you don't have to pay for it anymore." Now what is Opera's USP? What makes it unique? An Opera badge? The fact that it has less features than any other browser? And browser speed hasn't been an issue for years either - the latency in the network with modern large page sites is the biggest problem in that area.
What a complete bunch of idiots that must be left at Opera now. It isn't even that they changed their rendering engine, it is that they released a browser based on it with no features. What was the rush? Were they really that desperate to show the world how stupid they are? My only hope is that all the people responsible for this mess lose their jobs before the current 12.x code base becomes too obsolete to resurrect.
Oh well, given the pile of featureless crap Chrome is, once Opera 12.x is no longer being supported, seems like I'll be a Firefox user.
Looks very similar to my Windows 8 start menu icon (courtesy of Classic Shell), except mine is grey (changes to lime-ish green on mouse over) and without the skew. Oh, and it opens a proper start menu. Microsoft you bunch of to$$ers, just realize that your new launcher is crap and abandon it. It might be alright for launching your first application, but once you're working on something, why do you want to be slapped in the face with the concentration busting, attention grabbing, full screen (even hiding the task bar) application launcher page?
Sod the start menu though, I use Launchy (from launchy.net) 99% of the time - it's amazing and free (though I like the thing so much I even donated). What you should have done is paid the Launchy dev(s) a load of money to include it in Windows 8 (don't bother trying to copy it, you'd only mess it up). Set to use the black glass skin, it's the pinnacle of unobtrusive functional design.
After years of using Opera (all the way back to when I used to pay for it), I may finally ditch the thing. Where are the visual tabs (one of the best features of Opera)? Where is the menu bar (especially Tools->Quick Preferences)? And they are questions are just thirty seconds of running the thing, god only knows what else is missing. It looks like some kind of Chrome or IE 10 wannabe.
Whoever's in charge these days is in real danger of doing an 'eMusic' whereby you stop providing for your core customers in an attempt to copy someone else's business and end up losing all your customers in the process. Really hope this is just an early version which will be fixed.
I e-mailed my MP about the Net Snooping Bill and was sent a response back from someone on behalf of the government laughably stating that encryption wasn't a problem, but they couldn't explain how they'd get around it. I can't believe that there exists a person so stupid that they think anyone who had the intelligence to raise the technical points that I had in the e-mail, would buy such crap. On top of that, they reckoned they would just record endpoints of communication, not the traffic itself. They didn't explain how a cheap encrypted VPN connection to another country with more liberal Internet laws would not thwart their incredibly expensive plan to spy on everyone (because it would, making the whole thing completely pointless for general, population wide snooping).
I think government needs refreshing from top to bottom with people who are at least almost competent at their jobs, as opposed to the clowns we have had these last 15 years.
...and got a reply back from some government department (which I plan on responding to, but have been too busy thus far). One of my points was that the general public haven't got a great deal to fear from any of this, but MPs have. Can you imagine how much private investigators would pay some minimum wage worker in TalkTalk for some MP's browsing and e-mail history? I bet foreign powers and big business would all love this information! I was told not to worry as the Information Commissioner was going to make sure all the data was protected. I can only assume that the person who actually wrote the reply letter was from an alternate universe, one where the IC didn't sit idly by while Phorm spied on BT broadband users and Google went round slurping up wifi data.
The best bit of the letter I had, though, was when it was stated that the government have ways round encryption, but for obvious reasons they couldn't tell me what they were. Now I'm no cryptography expert, but I am a software developer (for the enterprise) and I have raid the odd beginner's book on cryptography, and that statement just shows how technically illiterate people working for (or advising) the government) really are.
And you're going to make your dynamic MS websites in what, JavaScript (I'm sure node.js is amazing, but really...)? C++? And what about enterprise, where they are JUST starting to move to Windows 7? Other than Paint.Net, I can't really think of many .Net consumer desktop apps I doubt it would affect too many jobs even if .Net did disappear from the consumer desktop (which it isn't about to do). And can anyone (in their right mind) seriously imagine people who have to enter any substantial amount of data doing so using a touch interface (enterprise will remain with the classic desktop for a LONG time to come)? A mouse and keyboard are much better input devices.
But what I really love is how we're going to learn about the technical direction our careers should take based on the predictions of a recruitment agent. The Register has lost its god damned mind, I tell you!
BTW, this isn't me being defensive, I love learning new technologies and languages (I started out with Java at uni). It's just this whole .Net is dead thing is complete bollocks.
Patents are utter BS! Can you imagine someone way back when patenting the spear? The bow and arrow? It's a stupid system - humans copy from each other, it's what we do. It's why we speak the same language. The problem with the world is stupidity and laziness - there are lots of people who are daft enough to believe the crap about patents helping innovation and allowing for people to invest. Then there's lazy people (like myself) who know this is a complete rubbish, but can't be bothered to do anything about it. How can stopping someone from using an idea help innovation?! It just keeps a wealthy few wealthy while killing real competition. This is especially true when it comes to software and, as someone who writes software for a living, I am completely against software patents. If someone can rip off my idea and do it better than me, then good luck to them!
Then there's the sick position of patents on medication, where people literally die because they can't afford to pay the steep price of medication. And would the giant medical companies go bust if they were forced to sell their discoveries to people who required it at a price they could afford? I'd bet a great deal of money that they wouldn't! The day that anyone I care about is on death's door, but could be saved by some drug that's too expensive for them to afford, then that's the day I'll come for the CEO of that medical company. Though sadly, I think I'm probably in the minority there.
Well the obvious new name was Ortem - sticking up two fingers to any trademark nonsense.
Still, this whole Metro crap reminds me of The Onion's Macbook Wheel sketch, where the newsreader lady says something at the end like "And it's yet to be seen how the business world will react to the Macbook Wheel, where computers are used for actual work and not just dicking about." Replace 'the Macbook Wheel' with 'Metro' and the same thing could well apply.
I tried a PlayBook in a shop the other day and really liked it, initially appears to be much better than Android on my Galaxy Tab 8.9. For a start, there's no stupid bar that takes up part of the screen which just looks plain ugly (yes, you can hide it if you've rooted your device, but you need to keep enabling it and disabling it, causing apps to resize and it's just not nice). Whoever came up with that idea should be given the sack.
I've had a go with a PlayBook previously, but didn't buy one because there wasn't a decent PDF reader that remembered reading position for it. Now you can run most Android apps on the tablet (albeit, repackaged), it has a much larger number of decent apps (one of the best things RIM did for the platform, if you ask me). I really like the fact that RIM's business isn't spying on you and selling that information to advertisers. I really like the swiping from the sides doing things. I really like that the 32GB model only costs £150, so I've put in an order.
If RIM can pull off a decent touch screen phone (the London?) next year for a good price, my next phone may well be a BlackBerry running BB10. Though I'm happy enough with my Galaxy S running an unofficial ICS at the moment (but battery life could be a little better, at least it doesn't suffer from the performance problems Samsung introduced with the last two updates).
Assuming they are telling the truth, SpiderOak is pretty good for keeping items secure as it lives encrypted on their servers and they don't know your password and thus how to decrypt the data themselves. So providing you keep your password safe (and use something sensible and not just 'password'), your data is pretty safe (though, as with all encryption, with enough computing power and access to the original data and encryption algorithm, good old brute force guessing would still decrypt the data).
The SpiderOak client isn't great and I've no idea whether their employees leave files around containing customers' email addresses, but if you'd like to sign up then use the link below and we both get an extra 1GB of storage.
https://spideroak.com/download/referral/7f8fc358f1e5084bb21cd6a13047657b
I understand how salting is required, I'm just wondering how the salt can be random without storing it somewhere (and I would guess that this location would be in the user table, along with the hashed password). So in my blog, I recommend hashing something like the following:
moo@test.comNVIDIA_SECRET_SALT_[user password]
What NVIDIA seem to be doing from what i've read is hashing the following:
[random text][user password]
If the random text is truly random on a per account basis, there must be a record of it somewhere in order to be able to hash it with the user's password in order to produce the correct hash (so the user can log in). I'm curious as to how NVIDIA handled this random hash - if they stored it in the user table, it won't provide a great deal of protection against hash table lookups as it will quickly become obvious the the criminals who obtained the data that they simply need to subtract the details of column 'X' (or whatever it's called) from the password to get back to the user's password. Admittedly, you have the same problem with my approach as it will become obvious that 'NVIDIA_SECRET_SALT_' is appearing in all the passwords.
Am glad they have informed me (though quicker would have been better) and they do seem to have done the right thing with their passwords (salting and hashing) as I recommend in a blog post of mine. However, I'm curious about this 'random salt' part. Does each user have a unique, random salt? If so, is that appended to the password or stored in a column in a row. Either way, not sure what a random salt would add over hashing, say: [e-mail]+[nvidia_global_salt]+[password]. Modifying the result further in a custom way would also help obscure the password against hash table attacks (eg XORing against the hash of the e-mail), but I wonder how much better that would be in practice (a question for somebody knowledgeable in cryptographic maths). My guess is that, to a certain degree, the more steps you add, the more likely an attacker is to give up before discovering a method to reverse the password - provided it doesn't impact on the effectiveness of the original hash.
I don’t think ideas should be restricted. Can you imagine the first spear or the first bow and arrow being patented? It’s ridiculous - copying other’s ideas, other’s behaviour, other’s way of speaking, it’s what we do! Somehow we’ve be tricked into putting made up restrictions on that behaviour for the benefit of a relatively small few.
I do think some rules need to exist. Thus, you shouldn’t be allowed to sell a band’s performance of a song. However, you should be allowed to do your own performance (copying lyrics and notes) and sell that. If you can make a Ford Fiesta cheaper or better than Ford, then why can’t you? Because Ford came up with the design first?
Contrary to the popularly held belief of progress being stalled, it would probably be sped up - no restrictions on the copying of ideas, no lawyers stopping someone with a slightly improved tablet selling it. The world wants new, better things and as long as money changes hands for those things, people will keep improving items and doing research, even if they can’t then restrict others from benefiting from it also. If I write an amazing program or a fantastic website and someone else wants to copy the look and functionality and thinks they can sell, maintain and run it better than me - then good luck to them!
The only thing that should be protected is a name - so you know from who you are buying something with, say, Sony written on it, that you really are getting the Sony produced version of that product. There would be some details to sort out for novels and news stories, and even performances of songs by another band - they should clearly have an original source attribute.
I would have thought it obvious that you's need root access to add a printer or wireless network! There are a lot of good arguments for this behaviour, as the point of root (as I understand it) is so that users cannot make changes which affect the system and other users. On the upside, at least his daughter could find drivers for the printer...
Apologies if anyone's already posted this, but in the time it took me to read the article I came up with a better idea - which begs the question how do these idiots get funding! Why not just float beside the piece of space debris and then ram it like a snooker ball, knocking it off course down to Earth, while leaving your DustStar (TM) free to target further junk until it's supply of compressed gas (or whatever for thrusters) runs out? You could attach something to the ramming side to make it so it didn't even have to be that accurate (like a bowl). If you need to control it around obstacles, just set up a few relay points. Or use the Hubble Telescope to focus sunshine and turn up bits that way.
There's so many other things you could do too, harness the kinetic energy of the debris, while sending the debris itself down on a slow path to Earth. Use the debris as a fuel source depending on what it is...anything, do anything but this crap idea!
Brand loyalty is the most pointless thing ever. Why would you buy an inferior product for more money simply because you've bought that brand in the past? It's not like after 20 years of buying XYZ brand, that company is going to turn round to you and be 'loyal' back. "Oh, you can't afford a phone these days - well, you've been buying our phones for twenty years, so have a free one on us." Don't think so.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
