* Posts by ebyrob

14 publicly visible posts • joined 2 Jun 2015

Apple squashes security bugs after iPhone flaws exploited by Predator spyware


Amazingly good bad event

It's actually amazing to me. These guys closed up an exploit that is preventing this vendor from doing exactly what their users "clients" hired them to do. Spy on someone else's phone by installing some app on it.

The fact this hole is caught and fixed. This is a high bar of security and good to see I think. Almost scary, but if we simply don't have any "spyware" available because of tight security, I think the world can live with that. (If anything, mirroring and other types of administrative controls should be coming in centrally through the front door only on devices that are purposely built around nanny ware or corporate infrastructure that converts devices to more of a "kiosk" where users are not meant to be trusted.)

Simply installing a random app almost CANNOT compromise your phone. I suppose that is good news? I am a little scared by the Palladium / Right to Read / "trusted developer" model, but if I am free to side-load apps on Android via *.apk files and even root my android phone IF I WANT TO, then I suppose the balance that should exists.

Amazingly tight security Apple and Google (and this third party guy). Keep it up, you're even working together on this. These are amazing times.

There is a path to replace TCP in the datacenter


ZeroMQ is it. I was going to bring this up myself but you already nailed it. I don't know why anyone would use some "HAMA" when tools like ZeroMQ are available. And thing about ZeroMQ is, you don't have to run it on top of TCP. Implement it exactly as you want to take advantage of your network microcosm.

That's it. These problems are already solved. and RPC of all things is hardy generic data transport. So you want to write an application without using TCP? Go right ahead. It sure as hell isn't going to replace TCP!

Perhaps the problem is we don't have 7 whole layers to play with any more like we did with OSI.

Visual Studio Code Server untethers developers from their workstations


Remote Desktop Connection

1998 called, they want their Remote Desktop Connection (RDC) back.

Why on earth would anyone need this in today's world? It's so easy to remote control any computer now.

C: Everyone's favourite programming language isn't a programming language


Re: Nothing new...

I don't know. How many Fortran programmers love Fortran? How many COBAL programmers love COBAL? The fact C is so very pervasive and yet its programmers still love it is very telling.

I've tried to read some of how Rust works. However certain things never make sense to me in many of these new languages.


.read_line(&mut guess)

.expect("Failed to read line");

Why would you chain together operations for input? Doesn't it make more sense to split complex problems into small independent pieces? If anything this looks a lot like an over-loaded function with optional parameters in C++.

So, OK. These new languages are there and OK and all that, but I don't think any of them are "better" than C. (Even C++ really isn't better.) In some ways they have advantages that C can / should never have. Garbage collection, memory safety, true exceptions. But none of that would ever have been possible in the 1970s, and such features have significant overhead.

C really is a great language. There are some others too. Swift and Rust are probably still too new to really tell how good they are.

As to OS calling conventions. If there's a better way to call functions across module and even program boundaries than C API, we should probably try to use it. I'm not sure how "Result" is going to cross language and environment boundaries though (or indeed even exceptions don't do that so well).

JPMorgan Chase readies for post-quantum security world


I don't get it.

Is this saying they built a test network that just pretends it is doing Quantum Key Distribution? Or are they actually distributing the keys quantumly now? I'm not sure how they could actually be doing it the quantum way now if the technology doesn't exist / work yet...

DataStax 'pauses' AIOps database project to figure out exactly what AIOps is


Connection strings need to be so complicated we offer a PhD A.I. to figure it out

connect to:

connect to: foo.com

Is this really so difficult? We really need an "A.I." to do this? I can still remember the time I had to use multiple routers to duplicate the same IP address on a network because some legacy software couldn't be modified to connect to a different address... Such fun.

That's it. It's over. It's really over. From today, Adobe Flash Player no longer works. We're free. We can just leave


Re: Amen....

Except that HTML 5 *is* javascript... Writing software in CSS is a lot worse than ECMA script...

Internet Society, remember your embarrassing .org flub? The actual internet society would like to talk about it


A billion really ain't that much.

Imagine having control of 1/3 of every phone book in the world (every non-profit entry) in 1980. A billion dollars really isn't all that much these days. In the USA alone there are over 10 corporations with a market capital over 300 billion. That's what 5 trillion right there? 1 billion is a pittance in the global information market.

Mirror mirror on the wall, why will my mouse not work at all?


Re: Right click

Wow that's horrible! hidden recovery and fixed drivers.

That's almost how ever laptop manufacturer does it now... I guess they were "visionaries".

Keen to go _ExtInt? LLVM Clang compiler adds support for custom width integers


Optimizing too early?

Donald Knuth can't be rolling over in his grave since he's still alive thank goodness.

Didn't these guys ever learn the old rule: "Premature optimization is the root of all evil" ?

Internet root keymasters must think they're cursed: First, a dodgy safe. Now, coronavirus upends IANA ceremony


Re: Single Point of Failure?

DNS with BIND will likely always be there.

DNSSEC is some scheme that is supposed to make DNS "better" and "more secure". Probably like most of web 2.0 and whatever appalooza is called now, it won't. (slower lookups, complicated configuration, DDoS reflection attacks, etc...)

Clearly if all the special apples have to go into 1 room all at once where a single nuke can take them out, they forgot something inherently present in the old DARPA design.

Cops' use of biometric images 'gone far beyond custody purposes'


Re: Napolionic

> You are either free, or you are not.

You're not. Was that a question? Welcome to the surveillance age.

NYPD head of IT doubles down on Windows smartphone idiocy


Re: I for one

> still mourn the loss of my Windows phone - a cheap Lumia.

You can get an Android for $50.00 or less these days, but no help for software compatibility or usability. Wherefore art thou POSIX?

Secure web? That'll cost you, thanks to Mozilla's HTTPS plan


Re: Destroying Firefox from within

I can only pray this will have the effect of killing off new firefox features instead of killing off HTTP.

Because, I really need/want an audio/video chat app built into my "secure" (har har) browser.