The Linux community...
The word 'community' does seem to work overtime, given that it frequently seems to mean 'people who hate each other's guts' in addition to its more benign interpretations.
3354 publicly visible posts • joined 6 Sep 2013
District heating systems, particularly in the UK where we don't seem to do communal infrastructure very well, are not without their practical problems.
I looked at a new estate with such a system and not only would it have been significantly more expensive than traditional heating, you were dependent on a monopoly, private-sector supplier with no obvious incentive to invest in maintenance or control costs.
Having a joined-up plan for energy supply that involves multiple technologies would be easier if there were some sort of national organisation, perhaps with representatives elected by members of the public, tasked with long-term responsibility for delivering a solution.
I find, after a period of significant improvement, Visual Studio is now becoming rapidly more cumbersome and more unreliable as it integrates ever more stuff into its increasingly cluttered UI. For my taste, it's become an overly-integrated development environment and I would find it less confusing if chunks of functionality were broken out into separate tools. It might also then be easier to maintain.
VS Code currently seems nimbler, but I suspect it will, over time, accrete much of the bloat that plagues its elder sibling.
However, the one big takeaway from all this is that Microsoft still don't have a real solution to the cross-platform UI problem. Having three separate development platforms seems like a huge waste of effort.
One of the reasons our roadsides are littered with trash is that drivers perceive the artificial private world inside their car as more real and important than the actual world outside and hence they'll just chuck stuff out of the window to ensure their personal environment remains attractive without really considering the consequences.
There probably is something genuinely "meta" about an increasing number of people cocooned in virtual worlds while the actual world burns or drowns just beyond their peripheral vision. But not in a good way.
I note Amazon has one described as:
No Touch 100% Hygienic Hands Free Infrared Close Coupled Toilet Cistern Complete Fitting Kit Bottom Supply
It's just the close coupling to the bottom supply that has me a little concerned.
But at least it's hands free - not even one click.
Lots of programs produce the wrong result - there's an oft-quoted statistic that nearly 90% of spreadsheets contain errors and the results of those errors can be far-ranging.
Whether that's a "security" issue depends on the context of the program's use.
The paper appears to imply that a program that crashes in the face of a specific type of error is more "secure" than a program that doesn't. My view is that a bug that can reproducibly crash your machine is as much of a security issue as a bug that silently fails to check credentials correctly and that it's a category error to suggest they're inherently different things and therefore the "security" label shouldn't be applied to one and not the other.
Or am I missing Something?
Don't think you are. The paper acknowledges this, but says:
it is still possible for a vulnerable executable to see its control-flow redirected to call it with untrusted data
Which, I think, means you could potentially alter the data in memory so branching and looping conditions were changed and so unexpected data was passed to sandboxed functions. Which is hardly surprising if you're starting with a fundamentally unsafe language like C.
There's also an implication that it's somehow "better" if the program crashes because an out-of-bounds memory write trashes the stack than if the program continues but gives the wrong result because only its data was compromised. My view would be that programs that run but produce the wrong result don't really fall under the "security" heading.
why can't owing these fines disqualify you
Under the circumstances in which directors do get disqualified, new companies still spring up in the name of Mrs. Disqualified or Mr. Disqualified-Nephew. Prison would probably be a more effective option, but even that isn't infallible.
SQL Server has had a relatively short window of popularity, governed as much by its licensing as its features.
When the web first arrived, Microsoft insisted you have a SQL Server licence for each individual user (authenticated or not) of any web application making use of it, which meant it didn't see a lot of use in that area until the terms changed.
The problem with cloud-by-default is that systems are built to facilitate scaling at the (literal) expense of being able to control costs. There is a real risk of unbounded and crippling bills resulting from the behaviour of a malicious actor - or 'going viral' that simply doesn't arise with a physical box and fixed bandwidth.
I'd be fine with Azurification if I could pre-pay and know I'd stop being charged when the credit ran out: I don't particularly want to have to accommodate kit on premises or attend to its care and feeding. Microsoft is somewhat better in this area than other cloud providers, but I'm not using any of them in anger as long as they require a card number.
That's greater than the world population and probably several times greater than the number of people with scrapable photos,
Even if they have a low percentage rate of false positives, that sounds like an awful lot of potential mismatches in absolute numbers and that number will, presumably, grow as more images are added. Not sure it's useful, never mind ethical, except as a marketing brag.
It's a long time since I've been in Prague, but, in those days, almost everything was pickled. Including the inhabitants. And the central reservations of the approach roads were full of scantily-clad women chasing after lorries. I can't help feeling that Gary Lineker levels of 'bland' might actually be an improvement and a sign of greater economic security,
There's still journalism out there, but few people actually want to read it and still fewer to use it as the basis for active political engagement - and almost no-one will pay for it in hard currency.
I'm afraid if "content providers" got a greater proportion of ad revenue it would simply be used to create more fungible clickbait - because that's what people now expect to read.
Finance may be one weapon for attacking the Tech hegemons but unwinding the damage caused by an addiction to controversy and lack of personal agency is going to be an almost insurmountable task.
I am just reacting to the article
Have to say it's interesting not only that Raj Jain's paper is still regarded as a baseline almost 40 years later, but that (at least) two thirds of the comments on this article so far come from his contemporaries at Digital. The company certainly cast a long shadow...
The issue here is that you're essentially relying on the providers of transport stacks to "do the right thing". It's a fundamental of connectionless network layers that it's up to the endpoints to police the rate at which they throw packets into the network and there's only the most basic feedback (discarded packets or, at best, a congestion flag) to indicate the rate may be too high in relation to other traffic. For any individual endpoint, the best response to that indication may well be to increase its traffic rate by sending out multiple copies of the same packets, increasing the chance - relative to well-behaved endpoints - that at least one may survive the queue drops that will occur at the point of congestion and there's no real defence against that.
Existing congestion algorithms don't really fare well if there are multiple network paths - the connection will get throttled to the speed of the most congested - and the transport protocol itself doesn't really lend itself to, for example, prioritising latency over reliability (actively encouraging routers to drop rather than queue packets).
Where you have more control over the behaviour of the network layer (knowledge of or even control over bandwidth, latency, etc) and perhaps some notion of resource reservation you can clearly do "better" than in the case of the Internet at large - but that may well mean new transport protocols as well as different traffic-control algorithms.
And if you're going that far, some distributed ingress control (to put a lid on DDoS) might be worth considering too.
That's interesting given this year's Nobel prize in economics was won for research showing how an increase in the minimum wage doesn’t hinder hiring and immigrants don’t lower pay for native-born workers.
And the capitalist rich bastard chancellor of the exchequer has just hiked the minimum wage substantially.
Perhaps it just means nobody knew what they were voting for.
Well it isn't
I'd expect anyone handling personal data to have training, especially in a registered charity: it's pretty fundamental to their operation.
However, it would help mitigate careless errors if MTAs had sensible defaults. It's extremely unlikely that CCing more than a handful of people is ever useful and perhaps anyone trying to do so should get an email back explaining why.
The earliest piece of software I wrote in exchange for money was precisely to discourage this behaviour in Commodore owners. As I recall, it involved disassembling the system ROM and working out how to execute code in the tape buffer to unscramble lightly-obfuscated code (about all you could manage with a 6502 and 128 bytes). I have no idea whether it was ever deployed or, if so, succeeded in its aims.
But I did spend an inordinate amount of time loading files from tape and, frankly, it was painful even though I knew I was being paid. Can't see why anyone would repeat the experience voluntarily.
or require you to use "the cloud"
It would equally add cost to securely communicate with "the cloud", but of course it's cost you can recover through monetization, whether that be subscription fees or managing the lifetime of connected hardware to ensure continued upgrades.
When it comes to security, security of revenue will trump all other considerations.
I have a Brother laser printer I've used for years without any problem.
I got a Brother multifunction printer largely because it was the cheapest way of buying a scanner with an ADF. It will, fortunately, scan without ink because at random intervals it produces a "not detected" error for one of the four ink cartridges and refuses to print until the perfectly good cartridge is replaced with a new one: I suspect an expiry date may be programmed in to the on-cartridge chip.
It does seem to be the "razor blade" economic model that applies to almost anything containing an inkjet printer that's responsible for them being a pain.
On the other hand, you would imagine that the future trend would likely be for an increasing proportion of "serious" processor sales to go to cloud providers where you really need the flexibility to move workloads around between identical systems.
Unless that's actually the target: Amazon or Google or whoever can get cheaper chips for no-frills workloads but run more-demanding workloads on the same hardware when required by temporarily enabling the different features, reducing the different hardware platforms they might otherwise need.
I quite like the idea of handing some money over to a company and their then depositing gifts randomly on the doorsteps of unknown strangers. It would make the whole ritual consumption process much less of a chore and remove all of the responsibility for unwanted presents.
Or maybe we could collectively fund the breaking open of some of the stranded containers at Felixstowe and have a sort of festive-tat-based pick-your-own.
I was just looking yesterday at some video posted of a break-in at a local gym. The first thing the fully-masked intruder did was to walk directly to the indoor camera pointing at the entrance - whose location he obviously knew - and pull it off the wall. It's unlikely that the brief video alone would be enough to identify the culprit.
Video surveillance might deter an opportunist trying door handles, but so would ensuring your door is locked. I'm less convinced about its usefulness in deterring determined criminals or careless vandals and I suspect the potential value of these products for "peace of mind" is being exaggerated for marketing purposes - much like burglar alarms.
There's literally a (former?) member of the communist party of GB on SAGE.
There's literally a former member of the Revolutionary Communist Party and publisher of Living Marxism who was ennobled by Boris Johnson for her services to Brexit and hence can now shape our laws.
This.
There are loads of preventable diseases we know about already that we do little to remedy. Latest forecast is for 10% of the UK to be diabetic by 2030: the solution to that problem is not medical, it's diet and exercise. Life expectancy is now falling in poorer parts of the UK with a quoted 27 years difference now between a resident of Kensington and a resident of Blackpool. The solution to that problem is not medical, it's socio-economic.
We already have the knowledge to improve the health of, literally, millions of people, but we choose not to. We have a long way to go before we exhaust the improvements we could make now.
I think this is the real point. This security theatre simply adds to the pretence that these cloud services are places you can unthinkingly store data that is of value to you.
By all means store copies, encrypted with your own keys, for relatively convenient remote access. But not your only copy. And without any reliance on the security offered by the vendor.
There are so many ways you can arbitrarily be denied access to your data either temporarily or permanently and other ways in which it may accidentally be leaked.
If your business "depends" on Service X, over which you have no control, what is your plan for the time when Service X is unavailable? Because that time will come.
only one of those is perceived to be a problem
Untrue. The lack of men in teaching (particularly primary), nursing and care is widely perceived as a problem and there are programmes in place to try to address it.
You just don't hear about them because, for some unaccountable reason, attempts to recruit more men don't trigger their bretheren to foam at the mouth.
The Foundation says it exists to promote a commercially friendly open-source ecosystem.
That's always going to be a problem because there is necessarily going to be commercial tension between Microsoft (a vast commercial enterprise) and small-scale open-source developers trying to stake a claim in the same territory. Particularly if they're looking for financial "benefits" to get a leg up.
I'm afraid it's simply in the nature of open-source software that unless your contribution is of critical economic benefit to a commercial undertaking, you need to seek your reward in Heaven.