Posts by DrXym

Re: Modern Problems require Modern Solutions.

Correto is the OpenJDK which some mystery improvements added by Amazon. Especially in the Correto 8 product which has received some backport / security patches.

I think personally I would use the OpenJDK unless I had a reason not to.

Re: Plague Inc. game banned in China

The biggest failing with the game is it doesn't model borders very well. I played one game recently where I infected France completely while Germany next door was totally uninfected. It would be virtually impossible in real life.

Re: Plague Inc. game banned in China

Like most games it has received updates and seasonal content since release. But it hasn't received an official COVID-19 scenario. I'm not sure it makes any sense to ban it even if it did.

Re: Plague Inc. game banned in China

Kind of ridiculous too seeing as:

a) its a game, and an educational one at that

b) it doesn't have a COVID-19 scenario, although you do get to name your pathogen

c) what the hell?

Re: What's this, a bug caused by a language quirk?

Well that's a stupid straw man argument. I never claimed a language like Rust fixed bugs like application logic errors. But it does fix entire classes of problem that C or C++ allow through - buffer overflows, NPEs etc. It should be very obvious why that is a good thing in a language.

Re: What's this, a bug caused by a language quirk?

No, both of these were caused by problems in the language.

- Heartbleed might have been "trivial" but it was caused by unsafe code that would have thrown a runtime exception in other languages and been instantly caught.

- "goto fail" would have thrown a compile time error in other languages where blocks MUST be delimited or goto isn't even a thing.

The point is the language caused these bugs to enter production with massive consequences.

And yes C++ can mitigate some of these things, but the real world says hello. These things still happen and do happen.

Re: What's this, a bug caused by a language quirk?

I'd describe Go as a swiss army knife. The standard library is huge and ideally suited for writing scalable web servers, utilities etc. that compile into standalone executables and run a multiple times faster than if they were written in languages such as Ruby, Python and NodeJS.

I hate the way the language handles errors though which is inexcusably crap.

Re: What's this, a bug caused by a language quirk?

Here is Rust's paradigm - safe by default and portable. Look at the CVE database - it's filled with exploits / vulns caused by null pointers, buffer overflows, data races etc. from code written in C or C++. Realise that NONE of those can happen in Rust because the compiler will kick your ass if you try. The consequence is that compiled code is safer code, slashing the number of bugs which means less development time, better quality and happier customers. Oh and often that code can be more performant because devs can utilitise threading, asynchronous operations etc. because the compiler catches all those aforementioned issues.

Here is Go's paradigm - scaling, portability, stability and convenience. It is very terse, has a very large standard library (crypto, networking, images, math, hashing, encoding etc. all out of the box), is well suited for scaling network applications, and it compiles code into executables. It also does not suffer from the same kinds of vulns as C or C++ thanks to runtime checks.

So yeah you can use some older language if you prefer but you have to realise why these languages exist and it helps to use them to speak from a position of experience. What I don't quite follow is the irrational attitude that always permeates discussion about new languages, as if some old timer sees this new fangled language as a threat or something. Nobody is forcing you to use them, but personally I like to keep my skillset fresh and relevant and using a new language or technology is a way to do that.

Re: What's this, a bug caused by a language quirk?

Every language has pitfalls. Some languages, in particular C and C++ have more pitfalls than others. If there is any doubt about this, search for the causes of the Heartbleed or "goto fail" bugs in OpenSSL.

And regardless of the language, all software can still have application logic errors.

Re: svn vs git

It's not reasonable for multiple reasons.

1. Managers are not developers so complicating their lives for no reason is a recipe for disaster. Dont' make me laugh with the idea of making them comprehend branching, merging, rebasing, staging, push, pull etc.

2. Binary merging SUCKs and always will. How do you merge a spreadsheet?

3. Git bloats with every binary committed to it and every clone gets that bloat. At least a centralised checkout hides it from users. Git LFS is not an option, see 1)

4. Managers often want to checkout just one folder, not the entire repo.

Git is by far and away better for developers. For managers, you're needlessly complicating things by using it.

Re: Fond memories

Linus justified the point if you care to look for his comments. But it's completely borne out by what has happened since.

The main advantage of a DVCS is it allows people to create branches that nobody else sees. It allows them to work offline, and do complicated diffs or merges without choking the server. It allows the central server (if there is one) to be free of useless tags and branches. Devs don't even need to communicate with the server to do any of this so it is MUCH faster. It also allows esoteric and non centralised models (e.g. we have one repo where we pull a branch from one remote source, merge it to another branch and push to another remote branch). The point is that a DVCS is flexible, robust, works in isolation and is FAST.

From personal experience I know this. We used to have some 30 CVS repositories containing about 50,000 files of code. About 6 years ago I got so fed up of tagging / merging / synchronizing taking an hour or more every damned day, that I volunteered to upgrade it all to either Subversion or Git and evaluated both. Subversion works like CVS so migration would have been easy. But the long term advantages of Git (outlined above) outweighed all that so I wrote up a bunch of workflows, dealt with the culture shock and moved everyone to that. It was the best decision I've ever made.

Re: Anyone remember PVCS?

Source Safe was just the worst. Definitely remember situations where somebody decided to have a leave of absence with the file you really needed to change being locked out.

Re: Interesting

Be thankful you never had to use CVS, SourceSafe or Clearcase because you would be scarred for life.

Re: svn vs git

The staging / push concept in Git does look a little strange but it serves many purposes:

1. It's one final ass-saving chance from pushing something which is broken, or to modify your commit before you send it, e.g. if you missed a file or have another change to make.

2. You can make your own local branches without polluting some central repository.

3. You can squash all the commits from one local branches to another or do any other surgery you like to your repo then apply the work when you're ready.

4. You don't need network access except for push and fetch. i.e. you could be committing, diffing, merging or whatever to your own local repo.

5. Your repos don't need to follow some conventional centralised model, e.g. we had a repo with two remote sources - one an open source repository and another which was our own, and we could pull from one and merge to the other.

So it certainly looks a little clunky but it has a lot of advantages.

The main place git doesn't work is document management. Managers prefer to lock files and commit rather than dealing with branches and merging which make no sense in binary files any way. Git also kind of sucks for binary in general although things like large file support somewhat mitigate this issue.

Re: Fond memories

Yes, but the counter argument that Linus Torvalds advanced, if you're trying to fix CVS then you're doing it wrong.

One thing I've noticed is I have a Git repository which is 8 years old and has had 10,000s of commits by various people and it still takes up less space on disk than a SVN snapshot with the pristine folder. The entire history from the first commit. And it works without network access except for push/pull compared to SVN where more or less every operation except for a straight diff against the pristine copy needs network access.

The one place I'd favour Subversion over Git or another DVCS is for binary document storage. It's way easier for managers to work with SVN than it is for Git and frankly there is little need for branching and merging strategies on documents.

Re: Phishing

Aside from scanning attachments, the most effective single countermeasure would be to turn on DMARC message authentication and work with major suppliers so they do too. It allows email servers to reject emails that claim to be from a domain when in fact they were sent from another. And also to verify a signature in the message header against a public key.

It requires a bit of fiddling with DNS to make it happen but it would block most impersonation attempts.

What they gave him are some digitally signed tokens which had no intrinsic value. The ICO requires other people buy in so he could exit. Presumably that was his intention and for all we know what actually happened.

Re: The true star in Segal's films is the editor.

And doubtless there is very a strong correlation between the awfulness of his movies and his personal involvement in their production. His early movies where he had very little creative control were actually quite good.

Re: Celebrity Endorsements

It might not have made a difference but it certainly nailed Seagal to the wall in this instance. And if there are laws that require it then any celeb prepared to whore their good name for a shady bitcoin service should probably do their legal due diligence first.

It needs a gapps package, root and a bootloader with which can stick it on there. But it's doable. That's how you install Google stuff after you've flashed a phone with LineageOS.

Yes but if that were so, Google could offer Google Apps for download to the device since it would be the user of the country who chooses to install it. Instead they appear to be explicitly warning users not to do it or attempt to sideload GApps in the way you might for LineageOS.

Re: Daft or smart?

Sounds a bit fishy to me

Corning have been developing a flexible gorilla glass. I doubt it will be tough as existing inflexible screens and might have bending radius limits but one hopes it is tougher and less deformable than plastic. Whatever Samsung is using on their screen and claiming to be glass clearly isn't.

Re: One born every minute

I've seen this first hand. The "mock auction" was a popular scam on Oxford Street about 20 years ago. People would lose their collective minds bidding on increasingly expensive counterfeit junk because they were so whipped up into a frenzy thinking they were getting bargains.

Re: The pillage of the scammed

You'd think. But people can do things against their better judgment because the scam promises them they desire that is hard or impossible to attain by other means - weight loss, wealth, a longer penis etc.