* Posts by DrXym

4620 posts • joined 18 Jul 2007

E-scooter fanboy so hyped for Teesside to host UK's first trial

DrXym Silver badge

Re: At Pen-y-gors, re: they know who you are...

Yes you could do all that but you'd be the proud owner of something that was unmistakably stolen. These city bikes are so obviously city bikes that even if you resprayed the thing everyone would know. I doubt you'd last long before a cop or someone decided to have a closer look. And probably the parts are deliberately proprietary to prevent them being cannibalized.

Scooters are a different story. First off they can phone home so good luck with that. And even if you take out the gps & mainboard you need to replace it with something that works instead. And a charger. And the simple countermeasure to people doing that is to pour epoxy resin around all the internals - battery, mainboard, electronics, screws etc. so that the effort required to "hack" the thing becomes excessive.

DrXym Silver badge

Most free bike schemes require you to check the bike out of a station and into another. So they know who took it, how long its been gone and also who to fine if it disappears.

A docking station is vital to this sort of thing. US cities were littered with scooters because many private companies used systems that allowed them to be dumped anywhere when they were done with. Cities would impound them, people would steal them, business owners would dump them in the trash. They became a blight.

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript

DrXym Silver badge

Banks shouldn't really use any CDN

Make everything internal, take the minor hit on page load times / traffic and remove one potential attack vector.

As for archive.org being the CDN - I expect some idiot release engineer or programmer just cut and pasted the url in without realising what they were doing.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

DrXym Silver badge

Re: Shake down time

So your solution to certificates becoming a pain in the ass is to suffer more pain by moving provider in order to alleviate some of the other pain. But for something the website didn't need in the first place.

DrXym Silver badge

Re: Shake down time

If a 12 month cert is common practice in those that need it then why does it need to be enforced, even in aggregate? If the argument is that certain keylengths or hashes are weak, then deprecate those certs, don't impose blanket rule that even a strong cert needs to be replaced.

As for random gardening website (or the gazillion small websites) , they aren't going to be attacked by state actors using hash collisions. And perhaps some hosting providers do make it easy to renew keys. Many don't. And many that do charge money for it. Even free services like Let's Encrypt don't integrate with some providers and have a cost associated with setting them up. There is always a cost to this and it yields nothing to these sites.

Browser makers have it in their power to simplify this. They want sites to use encryption but they make the process more onerous.

DrXym Silver badge

Re: Is there any advantage left by using commercial certs?

It also doesn't work well at all with some providers like GoDaddy.

DrXym Silver badge

Shake down time

it doesn't even make sense. It should be the weakness / strength of the key length, cipher and hash that determines how long a key is acceptable for, not some arbitrary period of time.

A five year old cert generated with the same settings as a cert generated yesterday is no less secure in 99.9999% of use cases. Perhaps if I were a bank, NGO or government I might want to renew keys more frequently. But if I'm some guy maintaining a gardening website or small business then now I have 5x the work to keep my site secure for no benefit at all.

LibreOffice slips out another 7.0 beta: Spreadsheets close gap with Excel while macOS users treated to new icons

DrXym Silver badge

Changing the backend is one thing

One thing I notice on Windows in 6.4 is a serious rendering issues when resizing windows. For example, if I resize the window frame horizontally or vertically the repaint of the content lags badly behind. In the meantime it suffers nasty layout juddering and gaps with black / garbage and/or suffers clipping issues depending on the new size being larger or smaller.

So changing the background is great and may speed rendering a little but the perceived experience to the user matters too. A little spit and polish on the user experience and usability would a go a long way to making the suite more popular.

Belief in 5G conspiracy theories goes hand-in-hand with small explosions of rage, paranoia and violence, researchers claim

DrXym Silver badge

Re: So basically ...

Some religious people reconcile their faith with reality. Some like Georges Lemaître managed to be both a priest and scientist.

But yeah by definition religion is matter of faith, not evidence. And reality doesn't sit well with some of them AT ALL, e.g. creationists.

DrXym Silver badge

Re: And I'm not being conspiratorial when I think state actors are fomenting conspiracies around 5G

No doubt they are. Bots and trolls didn't create these divisions but they certainly like to exploit and amplify them.

DrXym Silver badge

Re: So basically ...

Holocaust deniers, antivaxxers, creationists, moon landing hoaxers, 9/11 truthers are all birds of a feather in that regard. They start with they conclusion they want to be true and systematically disregard or ignore evidence that leads to another conclusion.

And since they have no facts on their side they employ the same tools to attack the established explanation - pseudo science / history, cherry picking / misinterpreting of data, quote mining, nitpicking inconsistencies, choosing the less credible evidence over the more credible etc. And if you engage in conversation and debunk their nonsense they'll play a game of whack-a-mole. Anything they can do to attack the established explanation and hope in the confusion it their crazy, evidence-lite explanation becomes true.

DrXym Silver badge

Re: explosions of rage, paranoia and violence

It's that subtle blend of paranoia, stupidity, distrust of authority / experts, Dunning Kruger, alcohol, the wrong medications and a dollop of crazy that goes into making a good conspiracy kook.

DrXym Silver badge

Seems plausible

Paranoia, stupidity and underlying mental issues are usually obvious in these conspiracy loons. It wouldn't surprise me if they suffer bouts of frustration and anger because their capacity to reason or understand people who can is so broken in the first place.

What's the Arm? First Apple laptop to ditch Intel will be 13.3" MacBook Pro, proclaims reliable soothsayer

DrXym Silver badge

Re: It's different this time

Windows runs on ARM and it's basically a chocolate teapot. The x86 emulation is garbage (performs worse than the worst celeron) and there is a dearth of native software. It is the quality of x86 on ARM that should set your expectations this time too.

DrXym Silver badge

Re: It's different this time

That's you. Plenty of people use it.

DrXym Silver badge

It's different this time

I still remember the road bumps caused when Apple went from 680x0 to PowerPC and later to Intel x86. And also from MacOS 9 to OS X. I used to have a lovely Power Mac G4 at the time which migrated through one of these transition periods. But at least in those earlier cases, the new architecture was sufficiently powerful that the emulation worked pretty well and smoothed the transition.

I don't see that being true in this case at all. We already know from Windows on Arm that x86 emulation is abysmally slow and that assumes Apple even provide emulation. And either way Macbook owners can kiss goodbye to Boot Camp and the ability to run Windows 10. I can't see much if any benefit in this to end users at all really. It might save Apple some money but that's small consolation to Macbook users who suffer detrimentally from it.

A memo from the distant future... June 2022: The boss decides working from home isn't the new normal after all

DrXym Silver badge

"Working from home is a privilege not a right"

Most companies say this and it is one of the first things they rescind when they want to make life shit for their workforce.

IBM and Yahoo both did it and for the same reasons - to make working there suck so badly that people quit which is much cheaper than making them redundant. Of course the flipside is that only the upwardly mobile people quit and all the deadwood and oldtimers cling on tenaciously so the whole operation goes down the tubes.

Sure is wild that Apple, Google app store monopolies are way worse than what Windows got up to, sniffs Microsoft prez

DrXym Silver badge

Re: No I am not salty about Windows for Phones dying, why are you asking?

And it's not even a very good walled garden either.

Full stack, C++, and backend developers in demand in this week's job openings

DrXym Silver badge

"Open-minded C++ software developers"

Sounds a bit kinky.

It looks like you want to browse the internet with Chrome. Would you like help? Maybe try Edge? Please?

DrXym Silver badge

Why would I want to use Edge?

These days it's just a knockoff of Chrome / Chromium right down to it's icon. The UI is so like Chrome that you have to compare them side by side to see the superficial differences - practically a skin.

I'm not saying I used the old Edge for a whole lot either, but at least it stood on its own two feet.

Smart fridges are cool, but after a few short years you could be stuck with a big frosty brick in the kitchen

DrXym Silver badge

Nothing smart about "smart" white goods

They cost more, they're pain in the butt to use, they go bitrotten and they don't offer a single feature that even remotely justifies their existence.

Snapping at Canonical's Snap: Linux Mint team says no to Ubuntu store 'backdoor'

DrXym Silver badge

It's not DLL hell, it's the opposite. DLL hell was when (Windows) apps used the same DLL in the same directory and one of them overwrote the DLL with an incompatible version. It is why Windows began blocking installing DLLs into C:\windows and ensuring DLLs were loaded from the executable's folder first. These days if you have 5 different QT based apps, you have 5 copies of QT in those app folders.

These snap apps are similar to that, each installs to their own folder with their own copies of any libs and resources they use. It is so they cannot interfere with each other. And from a security perspective snap allows them to run with the principle of least privilege in a sandbox. So yes they could potentially be vulnerable to something but the threat is also mitigated to a large degree by the way they do run and interact with the rest of the OS.

My biggest issue with snap is not the concept per se but that it's a mostly Ubuntu thing and FlatPak and AppImage are similar ideas. For once it would be nice if the Linux world would consolidate around a single technology instead of fragmenting like this.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds

DrXym Silver badge

I don't wrap on 80 characters - it's an arbitrary limit of old terminals. However I do wrap lines if I think they're not easy to read as a single line. For example a really long function with a lot of parameters. And in a lot of cases, I use the line length to decide it's time to rewrite the code, e.g. does that function really need all those args or should I refactor the function into two or three that only take a subset.

This'll make you feel old: Uni compsci favourite Pascal hits the big five-oh this year

DrXym Silver badge

Re: MODULA-2

Nah it was just a very ornate and verbose language. The Macs we used had one floppy drive, the first had Finder and Macmeth on it, the second was where we had to save our work (since there wasn't space on the first disk). A compile meant juggling disks and so I learned to hate the verbosity of the syntax (and overuse of the shift key) since every keystroke was another opportunity for failure.

Some languages do have horrible compiler errors - C++ in particular is garbage, but I don't see that being due to the language syntax per se.

DrXym Silver badge

MODULA-2

I had to learn MODULA-2 (MacMeth) at Uni. I still remember the horrible frustration of having to swap discs in and out of the Mac Classic to compile code and the pedantry of the syntax meant it took ages to get code right. Anyhow it gave me a life-long hatred of Pascal-like languages.

Visual Studio Code finally arrives on ARM64 Windows. No, you haven't woken up in 2017, sadly. It's still 2020

DrXym Silver badge

Still not much use

Yay great I have a programmer's editor for a platform that nobody supports or cares about.

Trump issues toothless exec order to show donors, fans he's doing something about those Twitter twerps

DrXym Silver badge

The absurdity of that order

Any horrible, vile, racist, trolling content could be framed as "political" with a tiny amount of effort. Is that supposed to mean that Twitter, Facebook shouldn't be able to ban people or block content for those things?

Surprise! That £339 world's first 'anti-5G' protection device is just a £5 USB drive with a nice sticker on it

DrXym Silver badge

Jail time

I hope the people selling this crap get whacked with some criminal fraud charges.

Ardour goes harder: v6.0 brings 'huge engineering changes' to open-source digital audio workstation

DrXym Silver badge

"The Wayland kids". Just stop.

DrXym Silver badge

Re: He's right

I use Qt in my day job and I agree it's a better choice if C++ is your chosen language and you don't mind Qt being your whole world. That's because it's not just a GUI - it has collections, networking, graphics, web browser, Javascript engine etc. It's a bit like the slogan for Royston Vasey - you'll never leave. I expect Qt 6 will not be backwards compatible either so software may stick with Qt 5 for much the same reasons as Ardour sticking with Gtk 2.

As for Gtk3 I think the main benefit is it isn't the whole world, it's just a GUI and the models that drive it. And since it's written in C the bindings for other languages are far better.

So use Qt for the convenience and portability. Use Gtk3 if you just need a GUI and nothing else or if your language isn't C++.

DrXym Silver badge

Your argument flips over half way through. Assuming people wanted Gtk3 to natively render in Wayland then the need for XWayland would be lessened by one less piece of software that was dependent on it.

And besides that the main reasons for using Gtk3 is that code is more portable, supports hardware acceleration better, there are more widgets and layouts, Unicode support is better, theming is better, widgets scale properly on high DPI displays and it supports gestures and multi-touch.

Maybe none of these matter to an audio workstation. Perhaps the effort of porting is substantial and complex because Gtk3 does have some breaking changes to its API. But I imagine that even this software would benefit from button texts and widgets scaling properly on 4K displays.

cmd.exe is dead, long live PowerShell: Microsoft leads aged command-line interpreter out into 'maintenance mode'

DrXym Silver badge

Re: Microsoft only have themselves to blame

Yes that too. Powershell could have supported personas where it can mimic the command prompt or Unix. Then it starts to be compelling since it is instantly familiar with people coming from those environments while exposing powerful new features. But it didn't.

I'm sure whoever wrote it had no consideration for a migration path and Microsoft thought they could coast on awesomeness into this brave new world. Except it didn't happen. And now they're still stuck between a rock and a hard place.

DrXym Silver badge

Microsoft only have themselves to blame

Powershell would be more popular if it had been backwards compatible with the Command Prompt.

For example "dir" aliases onto a cmdlet called "Get-ChildItem" which has an entirely different syntax to either "dir". Why not alias it to a "Cmd-Dir" cmdlet which does what its name suggests?

If Microsoft had done this for all the common DOS / Command Prompt commands then there would have been a migration path. Instead they provided two shells, one supported by any version of Windows and another which was an incompatible, moving target and surprise surprise many people stuck with the former.

That doesn't mean I love Command Prompt but it works and if I needed anything more I'd be inclined to write it in something better than Powershell anyway unless I had no other choice.

Microsoft blocks Trend Micro code at center of driver 'cheatware' storm from Windows 10, rootkit detector product pulled from site

DrXym Silver badge

Trend Micro

We have to suffer this software and I swear the antivirus software has caused us more problems than any virus ever has. It slows down every file operation, it randomly locks files (causing builds to fail for no reason) and it has false positives that kill software we're trying to test.

Document? Library? A new kind of component? Microsoft had a hard time explaining what its Fluid Framework is

DrXym Silver badge

Sounds like OpenDoc smashed into Google Wave

Maybe it will be useful or maybe it will be a confusing mess.

For the price tag, this iPad Pro keyboard better damn well be Magic: It isn't... but it's not completely useless either

DrXym Silver badge

£350 for a keyboard

How do they keep their prices so low and still make a profit?

If you're appy and you know it: The Huawei P40 Pro conclusively proves that top-notch specs aren't everything

DrXym Silver badge

Re: Chocolate teapot

People don't care about apps? If that were the case then phones powered by FirefoxOS, Tizen, Windows Phone, BlackberryOS etc. would be a roaring success. After all, these were all functional phones, except for the selection of apps of course.

And it's fine to say "if only there were a common platform", but that's not the reality of the phone landscape. If one phone has no apps and all the others do, then guess which one everyone buys...

DrXym Silver badge

Re: Chocolate teapot

I have no idea what they do in China but I expect they pair up with Baidu or someone like that. The point being that Baidu is equivalent to Google over there and if a phone shipped without Baidu then it would be as useless as this is.

DrXym Silver badge

Chocolate teapot

Apps are a primary reason people have a smart phone. Maybe Huawei will run its own app store with some prominent apps on there but we've seen countless times before that app vendors won't bother with alternate app stores unless they are paid money to compensate for the bother, time and effort of doing so.

I suppose it wouldn't be too bad if the bootloader was unlocked so at least people could flash it with LineageOS but it isn't. Huawei should be making it easy for people to flash their devices and get Google apps on there through a sidechannel because if they don't they're dead in the water.

Multi-part Android spyware lurked on Google Play Store for 4 years, posing as a bunch of legit-looking apps

DrXym Silver badge

So tell me how you scan an app to ensure it does nothing malicious. The reality is that any way you think you know can be circumvented and you have to impose such draconian rules on your platform that you hobble legitimate software.

DrXym Silver badge

Tens of thousands

I think that sums up the threat of these apps - very little.

Rust marks five years since its 1.0 release: The long and winding road actually works

DrXym Silver badge

Re: Meh

In what sense are these immutable variables not immutable? The value is bound to the variable and is read-only.

Borrowing is simply C++ style references with lifetime checks and to ensure that not more than one mutable reference exists at any given time. Yes it may drive someone nuts because C++ doesn't care if you pass around a reference to something that no longer exists whereas Rust really does. It is trying to protect you from bugs like use-after-free and data races. Most of the time it is implicit so it's not really a big deal.

DrXym Silver badge

Re: The language might be super-safe, not so sure about the installer

Just like installing any 3rd party software then really

Users of Will.i.am's Wink IoT hub ask 'Where is the love?' as they're asked to pay for a new subscription service

DrXym Silver badge

Anything that says "smart"...

... is probably destined to be a brick or lobotomized within a few years. Either because the company goes bust, or they decide it's too much effort to support the old device when they have a new one to sell.

A recent example is the Petnet "smart" feeder - a cloud controlled pet food dispenser except oops the company had an week long outage so animals may have starved if the owners were negligent enough to entrust their wellbeing to the service. And then company went bust a few months later. So much for being smart.

Eclipse boss claims Visual Studio Code is an open-source poseur – though he would say that, wouldn't he?

DrXym Silver badge

I like both

VS Code is basically a programmer's editor with some plugins that can be used to build / debug but nowhere close to the sophistication of an IDE. If you have an ad hoc project or just want to edit files then it's very handy.

Eclipse is an excellent IDE for Java development and some other languages. It's not so good at the ad hoc stuff and I'm not sure I'd want to control an external project because it's never been good at that compared to IntelliJ for example.

FYI: Your browser can pick up ultrasonic signals you can't hear, and that sounds like a privacy nightmare to some

DrXym Silver badge

Easy mitigation

Phones should filter out inaudible frequencies. Make it an option that someone can disable if they wish but default it to on.

Rust core devs mull adoption of alternative compiler front-end for improved IDE support

DrXym Silver badge

Re: Nuthin' up my sleeve ...

Light bulbs are a metaphor in Jetbrains IDEs - I see you've written this but maybe this would be better...

Guess which cloud giant Zoom picked to handle millions more video calls? Bzzt, wrong answer: It's Oracle

DrXym Silver badge

Zoom is enjoying a surge with the general population because everyone is stuck indoors and its security is so lax that anyone can set up or join a VC with the minimum of effort.

When social distancing rules relax the question is whether Zoom will be in that happy place any more. More established chat apps like WhatsApp will probably replicate its features and the likes of Teams will still be used by businesses.

So where does that leave Zoom? I think it will leave them in a very precarious place.

DrXym Silver badge

I hope they thought this through

As this crisis recedes, Zoom's business is going to collapse faster than a dying star. So I hope they'd thought of that before putting pen to paper with Oracle because I don't see it ending well.

Florida man might just stick it to HP for injecting sneaky DRM update into his printers that rejected non-HP ink

DrXym Silver badge

It shouldn't be left to individuals

Governments and the likes of EU should be regulating consumer electronics so they cannot prevent a person from reasonably servicing their own device and to prolong the life of that device. That would reduce consumer waste, planned obsolescence and lock in. For ink jet printers, that should include the right to use cartridges, refills or refilling solutions of their own choice.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020