Posts by bombastic bob

you said it before I had a chance (heh). But my comment would've been something like "Didn't the Dutch boy stick his finger into something else?"

And I heard a rumor about changing the planet's name to "U-rectum" (obligatory reference to Futurama)

Re: Like Java?

amazingly Java still manages to be #1 or a very close #2 on the TIOBE index. But it _does_ run cross-platform. And on Android. But of course what Android apparently does is re-compile it into something native, rather than relying on running Java's pseudo-code. And, THAT causes significant startup delays every time something "upgrades". I HATE that. (let me start my slab up really quick so I can test this... OH @#$% the @#$% @#$% just @#$% had to UPDATE, and now I have to wait for @#$% @#$%^ @#$% to finish before it'll finish starting up, @#$%!!!)

i can't imagine what would happen if you get a WebAssembly "thing" somewhere down the line, where it's forcibly 'optimized' (read: re-compiled for up to a minute or two) while your browser and/or the content on the page has to WAIT FOR IT because, "updates". Yeah, does not happen FOR NOW, because it runs that code with a virtualizer. but that's not FAST ENOUGH, and you know, it COULD become NATIVE CODE, and next step in the "evolution" puts us into the situation I JUST described, and and and (you get the idea). And we ALL know who devs LOVE to SHOVE THEIR UPGRADES into our body orficies, because ALWAYS BETTER even with FEATURE CREEP!

those young whippersnappers... [get off my lawn]

"new generations growing up and re-inventing the wheel because they weren't around for the previous debacle."

Or, in the case of the invasive/pervasive 2D FLATTY McFLATFACE FLATSO FLUGLY interface "design", re-inventing the wheel "for the lulz" "because they CAN" (and TOTALLY b0rking it, out of arrogance NOT going back to what was OBVIOUSLY BETTER BEFORE) and THEN cramming it into EVERYONE ELSE's body orifice and calling it "modern".

Because, after all, it's "their turn now". and everyone over the age of 'whatever' is OLD and STICK IN THE MUD and WRONG and WON'T LEARN and and and... [you get the idea]

yeah having all competing choices (effectively) taken away is the MOST irritating part. Expect WebAssembly to do THAT, too.

Re: I will not use this

"Java plugins in browsers worked by Java having arbitrary access to the machine and then imposing its own (broken) security model. That's why Java plugins are basically dead now."

That's part of it, yeah [probably the biggest part]. However, what makes you think WebAssembly is NOT heading down the EXACT SAME PATH? I suggest that it _IS_.

"Unsafe at any speed" - kinda fits this, too.

Do you REALLY want automatically downloaded PROGRAMS being run by TRACKERS and ADVERTISERS (and scammers) running on YOUR computer? Just like the way I block scripting with NoScript, this 'WebAssembly' crap needs the SAME kind of treatment. Ideally, it can have a finer level of control applied to it, such as blocking 3rd party scripts, block 3rd party WebAssembly, or ALL WebAssembly for that matter...

Re: I will not use this

hopefully NoScript shuts that *#!+ off, too.

from the article: "wasm modules operate in a sandbox that isolates them from the host runtime"

I've heard this rumor about JavaScript, too. And yet, HOW MANY TIMES has it BEEN ABUSED to SPY on us, STEAL CPU CYCLES for crypto-mining, and so on???

FACT: This is 3rd parties RUNNING CODE on YOUR COMPUTING DEVICE, quite possibly inviting RANDOM 4TH PARTIES [advertisers] TO DO THE SAME.

Yeah "no security risk" doing THAT, right?

My hacker-mind ALREADY envisions the potential abuse of THAT kind of "open-ness" on the CLIENT. And it's as bad as the first MS-DOS viruses and MAC viruses that prompted an ENTIRE INDUSTRY of anti-virus tools.

NO THANKS opening my LINUX or FreeBSD box up to the SAME KINDS OF CRAP that Windows users have to protect themselves from...

WebAssembly: *FAIL* (might as well use embedded Java objects, and WHY was that dumped again?)

false flag is as old as warfare. Stealthily attack your enemy, blame their OTHER enemy for it.

Sun Tzu's book is full of stuff like this.

As far as general deception goes, it's like "the art of warfare is deception".

Being 12/7 (Pearl Harbor day for those who failed history, ha ha ha) I ought a leave a nice WW2 example of deception in warfare, of how prior to D day, General Patton was put in charge of a fake army complete with rubber tanks and jeeps, which were basically movie props, moved about by soldiers every day so that it would look like a real army to Nazi reconnaissance. They made it look as best as they could that they were going to invade at Pas de Calais, but it was really Normandy [which we all know from history class]. Anyway, this kind of thing is as old as warfare, too.

any black-hat worth his hat color would assume a few things up front, and most likely know what info is being sent or left behind when malware strikes, and ALSO know what to modify in order to cover his own tracks.

Otherwise he'd be laughed at for being such a "script kiddie". It kinda reminds me of the movie 'Hackers' when one of the n00b guys tries to impress his friends by cracking into "the Gibson", but he did it from his home phone, such that the call could be traced. And of course, it was. Anyway, it (somewhat humorously) illustrates the point that if you do something nefarious, you have to leave no breadcrumbs.

Or, in consistency with the article, plant bread crumbs that lead authorities to the wrong place.

(I'm a white hat hacker with a touch of grey - I'm not opposed to doing things that might be considered 'black hat' if it's for the right reasons)

Re: No winners in this one

seriously, $$$million for "being called a name" ?

Worse things have been said about me on the playground when I was in school... and that's the point - being a hypersensitive snowflake and then getting REWARDED for it [well the lawyers will be rewarded] because Musk is a "deep pocket rich guy" is *WORSE* for society than any of the alternatives.

similarly, treating people different because of how much money they make is *DISCRIMINATORY*. Think about it. Next you'll be wanting to charge MORE MONEY for a loaf of bread if you earn millions per year...

Re: in musk's mind

that's interesting, I wasn't sure what he might have meant

HOWEVER, there are a couple of things that have come out of this case that are important:

a) free speech

b) "deep pocket" victims of frivolous lawsuits

A defamation claim of millions of dollars is ludicrous and obvious greed. A public apology might have been more appropriate. Who knows Musk might have done something cool in the guy's favor if he'd just simply said "hey, I don't like being called a pedophile, why are you doing this?" on the twitter feed. THEN Musk might have had a chance to apologize or explain.

But NOOOooo... rich guy Musk is a "deep pocket" target for lawyers to EXPLOIT, and *THAT* is at the center of the problem.

hyper-sensitive snowflakes notwithstanding...

Re: There ought to be a law

I would expect UL (and other) listings to include a test for this

Re: Boy genius

"success is also more about luck than hard work"

No, I disagree on SO many levels. I won't downvote you, but in a free society, you MAKE YOUR OWN LUCK. Try it, you'll see.

(it's an 80's thing, yeah)

Re: Boy genius

"success is more about hard work and perseverance than about genius."

and EXPERIENCE to augment all of that.

Re: What?

when I read that I knew where the design problems were.

I would just like to say one word: "inexperienced".

This is why companies hire ME to do contract work for development rather than some youngin' that's right out of college. DECADES of experience tell you that you must focus on things LIKE reliability and safety and security when it comes to IoT devices.

a) it must have a safety shutoff (especially to be UL listed in the USA), whether thermal or 'guaranteed off' or a physical switch internally, or whatever. SAFE.

b) it must be possible to operate it WITHOUT THE INTERNET

c) it must NOT be vulnerable to cracking, like so many other things have been (smart light bulbs come to mind)

you focus on these things in the initial design. You prototype it with THESE THINGS WORKING when you solicit major funding. You do NOT rush to market.

But hey, the young and inexperienced must (apparently) do it the HARD way, even in an age where 'teh intarwebs' is SO full of information where you can learn from OTHER people's mistakes...

icon, because, facepalm

Re: Drive the drivers out

let's make ALL updates optional instead, and include a dependency tree, so that if you don't update something, none of the other updates that depend upon it will be "pre-checked" in the list o things to update [except for rollups]. Like it was.

when you say "modern" do you mean all 2D FLATTY with a ribbon and hamburger icon button rather than a traditional menu? "showing its age", yeah, right. I have a zillion pejoratives that are in my head at the moment, and none of them should be uttered.

"Modern" as defined by Win-10-nic is *HIGHLY* overSTATED. It's not "modern" at all. It's MORE like Windows 1.0 !!! [would paste obligatory screenshot archive link, but I'm lazy today]

ribbon, hamburger, fat-finger-friendly icon spacing, 2D FLAT appearance - not "modern" at all.

Re: I've only just noticed...

install Cygwin and use vi. OK I prefer nano or ee, but yeah. same idea.

Re: A good u-turn

"Problem with the store is that not everyone has access to it"

More like, Problem with the store is that it is full of CRapps and full of ADWARE.

The problem started when ALL of the previously included solitaire games were a) converted to UWP/Metro "apps", and b) loaded with ADWARE snd c) moved into "The Store". This happened during the original insider program. I griped. HARD. LOUD. They failed to even listen or respond. And I was not the ONLY one to give such "feedback".

Obviously the kinds of "feedback" that caused NOTEPAD to be "no longer a 'the store app'" was NOT significant enough "back then" to address the SAME kind of problem: "store apps" generally STINK. And replacing a perfectly good NATIVE application (that runs faster and better) with an inferior UWP "The Store" CRapp is just a BAD idea...

At least there's the APPEARANCE that 'feedback' is actually working. Sometimes. Maybe.

And, WHAT did they BREAK in the OS that would require Notepad to be UPDATED anyway???

(backward compatibility - what's that?)

Re: Reboot

I don't believe FCC is doing a bad job. What they are NOT doing is OVERSTEPPING THEIR BOUNDS. You cannot just regulate for the @#$% of it because you *FEEL*. There has to be actual Congressional law by which you regulate and fine people for non-compliance...

So I say THIS is a start of what should have been done in the FIRST place.

(many of you are just angry because Pai isn't using the FCC the way OBAKA would have wanted it used, like cramming so-called "net neutrality" into our body orifices, in a heavy-handed power grab kind of way)

Re: Color me skeptical

I expect Pai will uphold the law. He will HAVE to. The question up until now is whether the FCC already had the authority or not to do what this new legislation wants done.

in my opinion, Congress needed to pass the legislation. Now the FCC has a means by which it can legally go after these idiots who continue to abuse us with their @#$% robocalls.

Wait and see indeed. I don't trust ANY gummint agency to "get things right". Or, CON-GRAB, for that matter.

Re: And now the serious moment is at hand...

so what if a Russian citizen installs Linux or FreeBSD... and does NOT install "the mandatory thing" ?

Re: And the joke is...

nice one. I was wanting to come up with something like this, you got there first.

At least it's not as bad as what China appears to want. No, wait...

Re: Can you trust FFox?

chrome is open source like FF but doesn't even PRETEND to not try to track you, etc..

However, dumping the chrome cache is pretty easy. It's all in the same directory. Just wipe it out, and the entire history and cache goes byby. THAT is pretty convenient, though ti should be an item in the menu to do that while the browser is running. [maybe it is NOW, but I've never seen it in the past]

I like chrome for SOME things, like 'slack' [which I use for work-related things sometimes]. But if the only thing running in chrome are those things you don't care about script/tracking with, it's 'ok' I guess...

(is there a 'noscript'-like plugin that would work with chrome?)

Re: Privacy?

my favorite cookie-thingy plugin [which had buttons on the toolbar] no longer supports >= 57. But it allowed 'memory only' cookies, which would (literally) ONLY be stored in memory. Set that by default and hardly any cookies would be saved. I guess these other plugins do the equivalent of that? looks like I'll have to go look at them now...

Re: Javascript

<i<Plenty of ways to recycle tech.</i>

ack (even a pentium runs Linux well enough to give to a kid to play with)

Occasionally a recycle company will do a neighborhood pickup here in San Diego. Just leave the junk out along with the paper thing they hung on your door and they take it. I once left a large screen broken DLP TV out for pickup that way. Another time there was a drive to bring stuff to a local high school parking lot, so I did that with a bunch of old computers.

(if it's convenient, people will recycle)

Re: Javascript

it won't hurt the landfill to have a little gold, silver, and other 'precious metals' in it. It's only worth pennies to you, and you're just putting it back where it was found (in the ground) anyway, more or less...

Re: Javascript

the constantly maintained youtube-dl pythyon script helps me watch videos. I only watch them after downloading. I get better resolution that way, among other things.

Re: Javascript

I normally just run 'noscript'

and if a web site is SO scripty that allowing its components would either screw up my personal "block JS mode" security model (i.e. allowing sites like CloudFlair or Google Analytics) or else (due to all of the 3rd party servers) requires SO many 'allow' clicks that it becomes IMPRACTICAL, then I do the simple thing:

a) use 'su' to switch to a totally unprivileged dedicated user

b) use the 'export DISPLAY=localhost:0.0' method to run FF on the desktop already running

c) set up FF to allow script, but erase ALL history and cache when it closes [I like this feature]

d) don't open ANY tabs not related to THAT web site

then, any tracking they do will be on what I did on THEIR SITE ONLY, and it all gets erased when I'm done - cookies, 'crackers' (script that stays running when I close a page), history, web cache, yotta yotta. "Track That" - ha ha ha ha!

Now, if their VPN plugin involed the TOR network, I might be interested.

I also can't blame them for trying to monetize their (otherwise free) browser.

I've ALSO been wanting to fork their browser for a while, RESTORE the 3D skeuomorphic menu-based system with NO 'hamburger' icon, like what the legacy UI plugins let you do prior to 57... so maybe a fork like that would DEFAULT TO USING TOR ??? [oh wait, that's been done, hasn't it? 'Onion' browser]

Re: He's completely missed the point of everything being a file in unix

"can you treat a window or an edit box like a file in Linux?"

a file would not be fit-for-purpose for a UI element, just like it's not fit-for-purpose for a single keystroke. however, the connection to the X server is DEFINITELY a file underneath the hood, either a pipe or a socket (really in the POSIX world it could be a serial port and the library would still work).

Yeah I've done low-level X coding. writing my own toolkit even. But my project doesn't "make ink" in El Reg I guess because it's not "sexy" enough, doesn't use "new language of the month", isn't controversial, etc.. [and I keep having to adapt to the moving targets caused by OTHER toolkit/WM makers, who can't just keep system settings as it was, for example, and must change and change again to adopt their OWN way of telling you what colors to use...]

window identifiers are like handles. that's just for events, though, to designate 'who gets it'. Processing events, drawing, etc. is up to your code to perform. And it's VERY low level.

Re: He's completely missed the point of everything being a file in unix

working on kernel code in multiple OSs can give you the same *kind* of insight as someone who wrote one from scratch. You get to see how different architectures work, how easy they are to maintain, etc..

I've done that, by the way. Already wrote what I think in another thread.

A quick summary: The "safety" aspect of Rust is essentially UN-DONE by using 'raw pointers' for things that MUST use 'raw pointers' for performance reasons. This ESPECIALLY includes the network stack and zero copy buffers... and when you use "raw" pointers, you essentially bypass the "safety" part. So there ya have it. No real advantage, plenty of DISadvantages, using Rust for a kernel.

'Rust Revolution'

"lest they get left behind in the Rust-revolution."

just like C and Java got left behind in the "C-pound" revolution, yeah. Heh. Last I looked, C++ was neck-neck with Python, both around twice the popularity of C-pound, "after all these years" and the ZILLIONS of dollars and developer time being thrown at it.

I've looked at rust a little bit. I don't see it as being all that "superior" to C language coding (and is probably NOT in my opinion). "Safer" might be from the view point in SOME cases, for poorly managed/written code, but i don't see it being 'fit for purpose' inside of a kernel.

Just reading about how its memory allocation works makes me think of the worst Java bloatware (say IntelliJ or the Android build process in general) that I've ever seen. ANY form of garbage collection does NOT belong in the internals of an OS's memory, and non-relocatable memory blocks don't, either. And 'smart pointers' could easily be implemented with C or C++ and reference counting, kinda like COM in Windows. Nothing special here. I've been doing things _like_ that for DECADES (like when COM aka OLE 2 was invented back in the 90's).

I can't imagine allocating buffers for the network stack using any method OTHER than what is done inside of Linux or FreeBSD's kernel [they are very similar]. Zero copy buffers also. So in short you'll need "raw pointers" for those which basically GOES AROUND the definition of "safety" for pointers...

And there goes your entire reason for using Rust in the fist place, other than "for the lulz".

Having done a lot inside of kernels (for Linux _and_ for FreeBSD, as well as some inside of Windows) I'd just like to say I prefer using a language that was originally designed for EXACTLY that purpose (note history of C language and UNIX), than trying to make a high level language (one NOT designed for kernel processing) do the same job, better.

Rust sounds like it might be a good choice for web services running in userland. I think it should stay there.

Re: I'm tempted...

" "Everything is a link" seems much more logical and consistent."

I agree 100% (and then some). Having coded for windows as well as for POSIX systems, I totally _LOVE_ the "everything is a file" principle.

But like so many "smarter than thou" (millennial) types, he has to go and CHANGE things (like making every UI into 2D FLATTY when 3D Skeuomorphic was PERFECT, 'nuff on that). What he forgot is that Microshaft (with windows) _ALREADY_ does this, which means that something using a serial port vs a socket vs a pipe vs a console must CODE EACH CODE PATH DIFFERENTLY in the winders world. In the POSIX world, it's generally the SAME CODE for all of them [with a few exceptions while setting it up, as needed].

I call the POSIX way "simpler" and MUCH easier to develop for. It's why (I believe) we're STILL using the UNIX model for so many "non windows" operating systems, for over 4 decades. It was SO well thought out.

Re: 3 seconds boot time?

obsession with boot times might cripple it entirely, leading to NOTHING REAL GETTING DONE.

FUNCTIONALITY FIRST - and THEN tweek it for performance!

Re: 3 seconds boot time?

NOT having SystemD would improve that. Devuan comes up really fast, booting into a GUI window manager (not gdm, I forget what it's called, it's lightweight). Evdn when I had it connecting wirelessly, it was still pretty fast. But ethernet is a bit faster I think. That box has an SSD on it.

Most of the boot time on my BSD boxen is due to all of the daemons I load. I never bother timing it and they all have spinny drives. I've never really minded, since they run for WEEKS (and months) without booting.

if BOOT TIME is all you're concerned about, a dedicated RTOS is probably going to be thee fastest. Whoopee.