As for calls about my "recent accident" I lead them down a long winded story culminating in the fact I was hit from behind by a flying elephant.
What a dumbo.
1283 posts • joined 6 Jul 2017
Agreed the string handling bugs are mostly a subset of other memory management issues, but they're particularly pernicious due to the traditional nul-terminated representation and string format specifiers (together with sscanf/sprintf and %n meaning even incautious printf can write to memory it shouldn't, not just access).
An open source fund would make more sense!
Thinking of buying a new development laptop, 3% of a neat £1500 comes out at £45, am I any more likely to use this to do whatever it is they think I should be paying for than with a £30 Fire Stick / Chromecast / Roku? Do we have to pay it on our server and storage purchases?
Anyway, this problem is largely sewn up now, access through mobile devices and smart devices means most people are using streaming services for legal access (or semi-legal in the case of youtube videos). If producers aren't getting paid enough then that's the door to knock on. Or maybe do it out of general taxation, after all, I sometimes overhear buskers without paying them and no device was involved there.
Yes, one thing that struck me about the "rootkit" was it required admin to install and appeared to be intended to let gamers spoof location. That is, the real crime is trying to escape corporation control. (And of course it keylogged, because the kind of people who write this stuff are often dodgy.)
This may turn out to be a factor, when people realise their older hardware running linux can do things they are no longer allowed on newer hardware. The same way I still own a RPC-1 DVD drive.
If you or I knew the answer to that then we wouldn’t be having this conversation because one of us would be genuinely clairvoyant and along with knowing what the PRC, Russians and NSA have compromised in our software supply chains we’d also know that this conversation was a waste of time with no positive outcome for anyone involved.
The thing is, we know commercial software has been compromised by intelligence agencies in the past, including holding on to vulnerabilities in Windows, so there's no particular use in asserting open source dependencies are compromised in particular (looking forward to bugs: "Regression, remote access exploit no longer works after commit abc123"). If they want to compromise open source they'll at least have to put some effort into maintaining it. MS have been less dislikeable recently, but as with Apple their goal is user lock-in, telemetry and requiring online accounts are moves towards that goal, the best we can hope for is they see utility and interoperability as a better way to achieve customer loyalty.
Probably mentioned this before, but slightly related. Built a home designed guitar amp intended to run off a 20V DC supply (i.e. laptop power supply to avoid messing with mains), push-pull design (to drag out the most power possible think I was aiming for 20-30W), this normally needs AC, instead used a quartet of beefy audio transistors, and a little 2N5550 transistor balancing ground between the two halves.
Simulation says this transistor takes almost no current, just there to set the bias right. I say little, but they're supposed to be 0.6W. Worked with a test load (not going to blow up a real speaker). However, something about the design was not quite stable, so on the first real test it worked for a couple of seconds, then output stopped, there was a brief pause and then a very loud bang. Half the transistor casing had blasted off as it went from 0.5V to 20V and lost its short but valiant struggle. Changed a couple of resistors and tentatively tried a new transistor... the second one survived. It's been rewarded by sitting around for several years waiting for a cabinet.
If you're only using it for one application then fine, but switching between programmes and maintaining a second login are all a bit of a pain. I use Windows in a VM fairly regularly and would prefer to run applications as if they were native (however because other people need windows too, and it's not just for one or two applications that can be made to work with WINE the VM is the better option in this case).
Before ~2000-2005: Turn on TV, brief pause while the flyback gathers its strength and then the crisp Pfff and gentle crackle of a single electrical raindrop landing as the CRT kicks into life and any fluff within 10 metres gently adheres to the screen. If you're fancy then from the late 90s onwards replace this with plasma screen contemplating whether or not it's going to start this time.
~ 2007- 2012: Turn on TV, wait while digital signal is acquired. Find multiplexes need rescanned.
~ 2012 to present. Turn on TV, wait while it boots its OS, connects to the internet and uploads your recent viewing history to Google. Discover iplayer no longer supported by this device.
Short period, ~ 2005 - 2007. Press power button, LCD comes to life, TV is being watched.
I recently bought a glass cover for an oven lamp from Amazon. They now email me with suggestions for similar glass covers. And, just in case I should accidentally render them relevant by breaking the replacement, the covers are for different models of oven.
Though I do wonder if the "obviously stupid" suggestions are a cover for more subtle stuff.
Not run, have channels named after. After all, Lee himself claims this is about brand representation. Like if you or I were to launch 'Ubuntu magazine'. The real slippery slope would be whether this would affect people like local user groups, but, since you get to choose how far to enforce, that doesn't seem like a problem.
"The passwords / API keys were not supposed to be public; by keeping a copy you are creating the possibility of holding them to ransom for their private data in future, to which they reacted quite understandably."
Not true, as it assumes the researcher is the only person who accessed this publicly accessible data. The assumption should be an unknown number of people with much shadier intentions also grabbed it and kept it without being courteous enough to notify the organisation of their actions. The minimum response should be to change the keys against that eventuality (which apparently was done), at which point that information cannot be used for ransom any more.
I can't say for sure it would have worked, but the default for that (not actually linux) grub screen is usually to boot the default (normally first) option after a certain time (default 5 seconds). So to get here that has either been disabled or a key has been pressed to interrupt it. It's the equivalent of starting windows boot manager and then leaving it there.
Point 3 leads back to point 1, it's not security theatre in that sense, it is blocking explicitly the organisation whose processes are flawed.
I do have some sympathy for the IRB, they are generally there for looking at human research (animal research too in the places that do it), which is very important. It may simply not have occurred to them this was something that needed oversight (which brings us back to point 1, because the institution as a whole must realise there is a need for ethics beyond the medical faculty).
I can sort of understand the model, since the ongoing classes are a service, but they cost more than what my gym membership costs, which gets me access to equipment and some free classes. There is quite a big range in treadmill quality, smallish home ones don't really compare to the heavy duty ones many gyms use, not sure where the tread+ sits in that range. (Though I do remember the council gym back home where the max speed was 16km/h and it would overheat and have to cool down if you went above about 12km/h for a few minutes.)
We've got one of these in the office (I believe it's still there. The tap that is, not the office. Well, maybe the office.), not sure what brand, but it's insufficiently hot for tea. Okay for instant coffee if you're desperate. However, there are a few scattered around my employer of different makes and they all have a safety feature to stop you dispensing hot water by mistake, generally you need to depress or activate two buttons at once. More interested in the lack of a sink for the tap, any drips or accidentally dispensed cold water are going all over the desk.
So, for my non-aviator understanding, the limit is that you need a large enough time window between what I'd think of as take-off speed (Vrotate) and the tire speed limit (hopefully lower than Vr for still days) to actually take off? And accelerating too fast would be an issue for that.
"It is strange that if you mention zero initializing memory in a C or C++ project, everyone says that is inefficient and would laugh."
Not quite the same thing as this:
"Additionally, Rust requires all variables be initialised before use"
Initialising memory does have an overhead, though whether that matters depends what else you're doing. In C you have a choice between malloc and calloc when allocating memory, which is a clear distinction, in Rust you are generally going to be dealing with objects such as vectors, and can do things like with_capacity https://doc.rust-lang.org/std/vec/struct.Vec.html#method.with_capacity to allocate without initialisation. Rust will generally prevent you getting hold of uninitialised memory directly, but you can do it if you really want.
Initialising variables though, in C:
Is absolutely fine, but try to use a before assigning to it and you're into undefined behaviour territory (unless it's global scope, in which case a is initialised to 0). Rust insists on
let a = 0;
Or whatever value. To avoid duck typing and be able to change "a" later too, you're going to need:
let mut a: i32 = 0;
I'm not 100% convinced about initialisation as preventing bugs; generally the real bug is "forgot to assign something relevant to this declared variable later", which this doesn't really solve. It may mitigate bugs, by making them more reproducible and preventing information from the application's memory leaking out though. (And possibly mask a subtler class of bug where you're unknowingly relying on the initialised value rather than the value you meant to assign later, but that's one for testing.)
Much pain could probably have been avoided by providing such functions as an extension to the standard libraries. Sure, many of the functions are the way they are due to efficiency reasons, but think how many bugs could have been prevented by providing a standard asprintf for example.
It's not that PHP doesn't try to hold your hand, it's that it tries to turn your hand into some kind of squid creature, and before you know it it's wrapping its tentacles around your neck, and oh God, they're in my mouth, it's going down my throat, help I can't breathe...
Clarification for section 2
"But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it."
Additionally condition of section 1:
"appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program."
Plus the existence of the LGPL for such a purpose also makes the intent plain.
No, 'data' is not specific enough. GPL says you're only licensed to use the work on another work if that work is made available under GPL too. You can't say, "It's only a little bit." Any more than you could use work available under any other license without following the license terms. What you may be trying to say is this is a collection of information that's copyright exempt, in the way telephone numbers are, but if we're in a world where library headers are copyrightable then I wouldn't be too sure about the status of a particular type of collection unless it has been tested in court.
I've been using Fedora on the desktop at home since it started and am pretty happy with it, one or two things that were not well-maintained have eventually dropped of, but there's generally been some replacement (I suppose that's life). I'm less interested in stuff like Btrfs though, and have been using KDE rather than Gnome for years now. It's not really clear how Fedora can be it's own thing, but also a test ground for RH. Additionally if the squeeze is being put on CentOS in production, then who would now consider Fedora for production and believe the same wont happen?
"login to your institution's library and follow what may be lengthy procedure to get it?"
Generally, if you have an institutional subscription, this is now a very streamlined process. The publisher usually has a 'access via my institution' button and you authenticate through shibboleth or openathens, no need to go through your library site in most cases. (The more annoying ones are those that instead check institutional IP, so with things as they are have to be accessed via VPN.)
I'm not often corresponding author, but I distinctly remember one paper where, at the proofs stage (after acceptance), the copy for approval came back with one real word systematically replaced with another that wasn't in the dictionary (English or American). So even the tampering is not out of the question. (In hindsight, my suspicious mind wonders if this isn't a way of introducing subtle new copyrightable aspects.)
"Most papers are released under Create Commons licenses"
Citation needed? I mean, I'd be perfectly happy with that, but I don't think it's true. We're increasingly expected by funders to publish open access, which is also a good move, but not quite the same thing, and to put our publications in our institutional repository (which I think is now a REF requirement). But, I still see plenty of copyright assignment forms for submissions, even when they're to open access journals. The legal standing for it seems really shaky with, as you point out, no normal form of restitution to authors, but I'm sure there's some way to wriggle out of that, maybe they'd argue that you get 'exposure' in exchange.
Many journals require copyright assignment. As the author or coauthor you have to agree to a statement that transfers copyright to the journal before publication. Despite, as you say, having done the work, the writing and, unlike any other such arrangement, not getting getting a penny from them for it (in open access cases often paying them).
However I'd certainly disagree with goldcd, the journal publishers themselves are not the arbiters of quality you believe them to be, that rests on unpaid peer review and academic editors. Prior to the scooping up of journals by the large publishers often they were run by the associated academic society itself (some of which morphed into giant publishers themselves). Scrape through the title of many of the big publishers and you'll certainly spot some journals which are less than persuasive in their contents. Conversely some influential papers in a few fields are still only on arxiv, not officially 'published'.
Biting the hand that feeds IT © 1998–2021