Posts by DrXym 4650 posts • joined 18 Jul 2007
I think this is more the case that Facebook gave them a large sum of cash to stink up the phone experience with an app that people could install for themselves if they actually wanted it.
Secondly, I've already suggested one way that OnePlus could take cash from Facebook (or whoever) without not pissing off people who don't want it baked into their phone.
One of the (previously) nice things about OnePlus was the lack of bloatware. Out of the box you got a lightly skinned Android phone. This is starting to change and as an owner I find this ominous and off-putting.
What's most annoying is how unnecessary baking shit into the firmware even is. Instead they could just show a welcome page that *asks* if you want apps installed as part of setup. If you choose no then that's cool but OnePlus can charge companies to be on this list and be additionally compensated for any that the user elects to install. But no, that's too easy so they're going to ram that garbage and piss people off.
Kotlin isn't Java though. It was initially created to run on a JVM and interact with Java but it's outgrown that purpose and can also compile to mobile and natively where "native" means via LLVM to various backends.
I think its popularity has increased because Google promote it for Android development and of course Android Studio (Jetbrains) ensures it has good IDE support. Google were getting fed up being tied to Java 7 and the never-ending lawsuit against Oracle. For devs, it's a terse language similar to Swift, Go and Rust so it means typing less boiler plate.
I assume you mean EPUB which is basically just a zipped up subset of HTML, JS and CSS in a particular layout. But it supports DRM and most purchased content is DRM'd. The DRM can differ from one vendor to the next so Apple EPUB files are DRM'd with Fairplay whereas Kobo EPUB files are DRM'd with Adobe Digital Editions.
BTW I'm aware there are some DRM-free EPUB vendors out there selling mostly niche content but they don't represent much of the market and probably never will.
Fortunately Adobe Digital Editions is relatively easy to remove using a Calibre plugin and I think it's prudent that the first thing anyone does with a new book is strip the DRM and back it up somewhere. I don't know if Apple's DRM can be stripped but it shows how even using an "open" format is no guarantee of owning the work or being to read it on unblessed devices.
Amazon's own format used to be a standard called MOBI but has morphed into a proprietary AZW format. There are Calibre DRM removers for that too but I don't know how well they work.
Tangential again, but I watching a YouTube video about PinePhone which is some new Linux powered phone and under Ubuntu it took a full SIX SECONDS from tapping the icon for the calculator to launch. I immediately knew this phone was screwed because if a simple calculator app takes that long then the entire user experience is going to be awful.
User perception matters a lot and if that means preloading apps, or bundling them in a way that means they launch faster than that's what a modern GUI needs to do. I do find it incredibly annoying for software to lurk around after it has been told to quit though since I might be quitting it because it has gone haywire and is interfering with the CPU.
I see it as a double edged sword - no advertiser wants to piss away money on bots. They want their ad impressions to be seen by human beings. So yeah Twitter might have to adjust their figures but at the end of the day if they have a more refined audience then it doesn't materially hurt then at all.
These fuckwits managed to concoct a ridiculous pizza parlour paedo sex trafficking ring conspiracy out of thin air and name dropped Chrissy Teigen and others into it. And now Teigen had to block a million accounts from these morons who either sent her death threats, abuse or liked abuse sent by others.
A million accounts. I assume some are bots and trolls but it also points to how determinedly stupid these people are. Twitter seem to be taking them a bit more seriously but I wonder why the service doesn't make it harder in general for trolls / bots to operate, e.g. by restricting new accounts and throwing more captchas and other spanners at accounts that appear to be operating abusively.
Clear your cookies when you exit or use private browsing. This works okay for the Washington Post although they still make you click through a cookie acceptance popup for European visitors.
A few more tips
1) Some websites that truncate articles are still readable if you hit esc in the time between them loading and their paywall / article truncator Javascript kicks in
2) Others don't truncate at all if you use Firefox's reader (F9) mode
3) Tunnelbear and other VPNs circumvent those blocks that some US news websites put on European visitors. If you ever wondered why they do this then it's because they must exploit the ever loving f out of US visitors with hundreds of scrapers, trackers etc. and have chosen to block Europeans rather than fix this.
Er yes. If Bad Thing can happen in one language and not in another then yes it can be said to have been caused by that language.
C's main strength is that it lets the programmer do what they like and trusts they know what they're doing. But even the best programmers make mistakes and those mistakes translate into bugs, time, money, even injury / death. Did you know that the automotive industry defined a subset of C called MISRA C (and spawned a veritable cottage industry of compliance checking tools) to lessen the chance of something calamitous happening? Why not go one step further and use a language that is designed to be safe by design?
Rust doesn't use raw pointers in safe mode, it uses references (borrows in Rust parlance) and it makes sure that you cannot hold a reference outside of the lifetime of the thing it points at. All this compiles to zero at runtime.
There are runtime checks for other things generally there is better practice ways of doing those things in Rust, e.g. using iterators and slices instead of non-const indexing on arrays.
You can use pointers in unsafe blocks but you'd have no reason to except at a boundary interface, e.g. C calling Rust or vice versa and your unsafe block would encapsulate the action and no higher.
The "other things" include an unwind mechanism that lets you get a nice stack trace. I mentioned you can turn that off to save memory - just abort instead of unwind. If you absolutely want small binaries you can do it. People are using Rust in embedded programming.
The point is that on a desktop, especially when developing code it is better to have useful diagnostics when things go wrong. And yeah maybe that overhead is wasted on a program that says hello. It's not wasted on a program that something meaningful. What you call bloat is actually a feature.
C lets you declare a buffer and gives exactly zero shits if you write off the front or end of it because it was not designed to stop that. Likewise it doesn't care if you call a NULL, which in itself is a magic number with special meaning. Or if you feed some other garbage pointer into something.
Rust stops those same issues at compile time or with an orderly panic at runtime. Ergo yes it is a problem caused by the language because it does not happen in this other language.
By default Rust enables symbols and some other things to yield more useful runtime errors if code panics. i.e. if your hello world did a panic!() then you'd get a nice stack trace telling you the exact line it happened on.
If space was a premium then you can strip symbols, change the panic to simply abort, do link time optimization and even build a stripped down stdlib. There are articles on the web where people have built really tiny executables in Rust, e.g. a 10kb Windows app https://www.codeslow.com/2019/12/tiny-windows-executable-in-rust.html
But for the common use case space really isn't a big deal and it's better to have some useful debug messages if something goes wrong.
Go and look at the CVEs for the kernel and note how many are caused by the language - double frees, null pointers, buffer overflows etc. A good half of them could have been stopped by Rust providing the code is running in safe mode as much as possible.
So that's the reason. I think the biggest issue is not the language per se but that it's underpinned by LLVM and to parse C bindings requires Clang and a bindgen tool so potentially there are issues with GNU keyword extensions in headers and the workflow to work out.
Turn the question around and ask yourself why you're compromising your own security and privacy to watch cat vids and selfies.
And the security threat isn't just to the individual but in aggregate. Look at the way Cambridge Analytica stole data from Facebook (which itself hoovered it up from users) to send targeted ads to a small fraction of people in Leave.EU and Trump's presidential election, enough to swing a vote. Social media has been weaponised and it can undermine democracy.
It's not hard to envisage how Tiktok could also do this, especially if it was under state control. But in general you are better off not putting social media apps on your phone, or at least denying them permission to limit their damage.
The only cross-platform adoption I've seen of .NET is in the middle of Unity which uses a fork of Mono that calls mostly to a proprietary gaming framework.
For general purpose programming I honestly don't see .NET having any attraction because most real world software would be tainted by Windows in some way. And any software that is intended to be cross-platform from the beginning would have chosen a portable language / framework.
Yes you could do all that but you'd be the proud owner of something that was unmistakably stolen. These city bikes are so obviously city bikes that even if you resprayed the thing everyone would know. I doubt you'd last long before a cop or someone decided to have a closer look. And probably the parts are deliberately proprietary to prevent them being cannibalized.
Scooters are a different story. First off they can phone home so good luck with that. And even if you take out the gps & mainboard you need to replace it with something that works instead. And a charger. And the simple countermeasure to people doing that is to pour epoxy resin around all the internals - battery, mainboard, electronics, screws etc. so that the effort required to "hack" the thing becomes excessive.
Most free bike schemes require you to check the bike out of a station and into another. So they know who took it, how long its been gone and also who to fine if it disappears.
A docking station is vital to this sort of thing. US cities were littered with scooters because many private companies used systems that allowed them to be dumped anywhere when they were done with. Cities would impound them, people would steal them, business owners would dump them in the trash. They became a blight.
Make everything internal, take the minor hit on page load times / traffic and remove one potential attack vector.
As for archive.org being the CDN - I expect some idiot release engineer or programmer just cut and pasted the url in without realising what they were doing.
If a 12 month cert is common practice in those that need it then why does it need to be enforced, even in aggregate? If the argument is that certain keylengths or hashes are weak, then deprecate those certs, don't impose blanket rule that even a strong cert needs to be replaced.
As for random gardening website (or the gazillion small websites) , they aren't going to be attacked by state actors using hash collisions. And perhaps some hosting providers do make it easy to renew keys. Many don't. And many that do charge money for it. Even free services like Let's Encrypt don't integrate with some providers and have a cost associated with setting them up. There is always a cost to this and it yields nothing to these sites.
Browser makers have it in their power to simplify this. They want sites to use encryption but they make the process more onerous.
it doesn't even make sense. It should be the weakness / strength of the key length, cipher and hash that determines how long a key is acceptable for, not some arbitrary period of time.
A five year old cert generated with the same settings as a cert generated yesterday is no less secure in 99.9999% of use cases. Perhaps if I were a bank, NGO or government I might want to renew keys more frequently. But if I'm some guy maintaining a gardening website or small business then now I have 5x the work to keep my site secure for no benefit at all.
One thing I notice on Windows in 6.4 is a serious rendering issues when resizing windows. For example, if I resize the window frame horizontally or vertically the repaint of the content lags badly behind. In the meantime it suffers nasty layout juddering and gaps with black / garbage and/or suffers clipping issues depending on the new size being larger or smaller.
So changing the background is great and may speed rendering a little but the perceived experience to the user matters too. A little spit and polish on the user experience and usability would a go a long way to making the suite more popular.
Holocaust deniers, antivaxxers, creationists, moon landing hoaxers, 9/11 truthers are all birds of a feather in that regard. They start with they conclusion they want to be true and systematically disregard or ignore evidence that leads to another conclusion.
And since they have no facts on their side they employ the same tools to attack the established explanation - pseudo science / history, cherry picking / misinterpreting of data, quote mining, nitpicking inconsistencies, choosing the less credible evidence over the more credible etc. And if you engage in conversation and debunk their nonsense they'll play a game of whack-a-mole. Anything they can do to attack the established explanation and hope in the confusion it their crazy, evidence-lite explanation becomes true.
I still remember the road bumps caused when Apple went from 680x0 to PowerPC and later to Intel x86. And also from MacOS 9 to OS X. I used to have a lovely Power Mac G4 at the time which migrated through one of these transition periods. But at least in those earlier cases, the new architecture was sufficiently powerful that the emulation worked pretty well and smoothed the transition.
I don't see that being true in this case at all. We already know from Windows on Arm that x86 emulation is abysmally slow and that assumes Apple even provide emulation. And either way Macbook owners can kiss goodbye to Boot Camp and the ability to run Windows 10. I can't see much if any benefit in this to end users at all really. It might save Apple some money but that's small consolation to Macbook users who suffer detrimentally from it.
Most companies say this and it is one of the first things they rescind when they want to make life shit for their workforce.
IBM and Yahoo both did it and for the same reasons - to make working there suck so badly that people quit which is much cheaper than making them redundant. Of course the flipside is that only the upwardly mobile people quit and all the deadwood and oldtimers cling on tenaciously so the whole operation goes down the tubes.
These days it's just a knockoff of Chrome / Chromium right down to it's icon. The UI is so like Chrome that you have to compare them side by side to see the superficial differences - practically a skin.
I'm not saying I used the old Edge for a whole lot either, but at least it stood on its own two feet.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2020