Posts by doublelayer

Re: The career limiting spreadsheet...

"True but then that's the nature of Excel. A database can handle missing or extra columns as long as they are correctly named."

No, a database cannot handle most of the types of misconfiguration that would come from not agreeing on the schema first. Insert columns firstname and lastname into a table that has one name column. Your statement is rejected. Merge two tables containing ID numbers and pay information, but one of them specifies pay as an hourly amount and one as a yearly amount. Someone is going to get the wrong amount when the winning code retrieves data from that. Merge ID numbers from a database where they were integers and one where they were strings of digits. Probably anybody with an ID starting with 0 will have some problems. At best, if you're using one of the less structured NoSQL databases, you can keep around the custom fields when you imported something with extra data in it and still retrieve them later, but it still won't help when you want to search on it later. Databases do more checking of what you're doing, but that doesn't prevent you shooting yourself in the foot.

Re: I don't why she swallowed a fly

"We do now have the tools that give users more expressive power, I'm thinking here of the combination of Jupyter notebooks and Pandas."

In my experience, these create the same problems that Excel has, just in a slightly different form and only for programmers. That's the case because nonprogrammers generally don't know how to use Jupyter, and even if you can teach them, they'll only learn to run existing ones. But for programmers, effectively you've given them a way for anyone to have their quick and dirty scripts. All of us have some, and they often have some deficiencies like no documentation or a particular input format without which they won't work. This is why all my temporary scripts are on my computer and my backup directory, but not anywhere where my colleagues can get them. If I'm releasing them for anyone to use, they need to be higher quality. If other people need to run them, then I'd better get started on that.

In the one environment where Jupyter was used as a production tool, we had lots of scripts that were supposed to be run. One, for example, would take an input XML file and populate a database. As long as you read the code first, you would be fine. If you didn't and uploaded a file you didn't want to, it would not fail well. It was not idempotent and would cheerfully clobber the database if you uploaded the same file multiple times. It did not do validity checking on most of the data in there. It didn't even preread the file to make sure it all worked before it started firing off SQL statements, and it didn't even have the courtesy to do this stuff in a single transaction that could be rolled back. In short, it had all the same fragility of spreadsheets but in the form of code. A problem with the script or an edit made by someone who shouldn't have been editing could easily have broken things.

While the actual failures weren't so catastrophic, I do remember the time when I ran an analysis script which returned spurious data, only to be told that I shouldn't have run the 2.0 script, I should be running the 1.5 script (nothing said this, so I had gone with the latest from version numbers). Then, when the 1.5 script also produced incorrect results, they mentioned that I had to run a script in a different folder, also labeled as 1.5, which had been forked months ago and was now the canonical one. To be clear, the scripts I was running were in a directory called "analysis", and the script I was supposed to run was under a directory named something like "dev/colleague_username/temp". The colleague in question had left the company. Is this the fault of Jupyter's products? Clearly, no. It was the fault of the process that made running a script like that the expected procedure. The remedy is the same, though. The process, not the tool, is the problem. Changing the tool is probably necessary, but if the process didn't change, the problem probably will stay around afterward.

Re: Deja vu?

I can't really agree. A generative AI can ask more questions and probably parse out the answers a bit better than previous generations, but it's still going to get hung up on the administrative problems that make Excel the process. It would also have been possible for companies to embrace one of the "low code" systems that allow some nontechnical people to set up a database and some forms and pipelines that can work with that. That mostly didn't get adopted, because such systems typically have a few problems that nobody, not even a programmer, can properly fix while not being quite as easy to use as the sales team said it would be. The AI software won't make that any easier, because it will still need to do such things as ensuring there is a server for all the automation and that there is a single point of truth for the data concerned. I don't think any new techniques available to us will fix our problem because they're really no better than what we already had. We have tools that work when people use them properly, and the problems come because some choose to use the wrong tool, not because the right tool isn't available.

I wasn't around then, but the quote sounds like it was intended to be from the point of view of a criminal, as Chicago had been a city with a lot of organized crime groups in it. So if it was a real expression from the time, it's likely not to be an expression common to people from the city, but to criminals. Then again, I didn't read that particular book, so I am just guessing that context exists.

Re: Is it 'Excel is dead' time again?

That's true, but it's still that the negative uses of Excel could be dead if we just took this simple, well relatively simple anyway, step. We all know that won't happen. It's not really about Excel's irritating type management capabilities. Those really don't help, but lots of spreadsheets manage to avoid having any numbers treated as dates and can still manage to completely screw up a process. An AI to detect the most common of problems is not likely to solve the problem of processes that use a tool with no error checking because the tool doesn't collect enough information to do error checking. The same problem happens when someone makes a database that doesn't check what they're throwing into it, since a database will make sure that the "how much to pay this employee today" column is a number but doesn't see a problem that it currently says 2147483647.

A bad workman may blame his tools, but a good workman also does if they have bad tools. It doesn't automatically follow that he who blames his tools is a bad workman. If you disagree, I'm willing to have you do your job with the worst tools out there and see how long it takes you to blame them. If you work in IT, you will be setting up a full corporate network, including user PCs and servers, networking, and security using only MS-DOS, the original version from Microsoft though you can use the latest version. If your a programmer, reimplement every line of code in your projects with a Turing machine, and you can talk to the MS-DOS guy if you need two Turing machines to talk to one another, but synchronizing the one tape each for input and output that each gets to use yourself. You'll soon be blaming those tools for why you haven't gotten anything useful done.

Re: Application abuse

It's getting a bit ridiculous if we're now requiring regulation to make a piece of software accept a format that no other spreadsheet uses and which nobody will use in practice anyway. A format which will not solve the problem. SQLite doesn't have the same type constraints that other SQL databases tend to have. This means that, if your spreadsheet mangles some data as you put it in, having SQLite as the backend format won't prevent that from being accepted, stored, and processed to your detriment. Of course, it would also break all the formulas because rows in a table do not update themselves when conditions change, the caller has to do that. You could put the formulas back by putting in a shim which would effectively overlay a typical spreadsheet over a table, in which case you would lose even those few benefits that remained when using SQLite, because now your table would just contain strings that were processed as cells.

SQLite is a good tool for some purposes, but just like spreadsheets, you have to know which purposes those are. This means that you have to know about its type handling and performance constraints (yes, there is also a performance problem trying to use that as a spreadsheet, but I didn't think I should spend another paragraph on it). If you don't, you may end up breaking something which needs a spreadsheet and not a database while simultaneously not fixing the problem where you need a real database frontend, not a spreadsheet which automatically puts things into a database.

I'm sure it's because they think someone will try to use any IP address they show on the screen, so they go with ones that can't be connected to anything. I've heard that, when they used phone numbers that weren't theirs and were valid, that the people who had those phone numbers received unnecessary calls. I don't know how many people who would do such a thing would also do it with IP addresses, but the writers probably don't want to take a risk. I'm not sure what I would do in their place, since using any invalid address is likely to look wrong when I know the rules, but using a valid one would probably also look wrong when it's identified as coming from a network where the events of the plot couldn't happen, for example routing to the wrong country or a corporate network that's not supposed to be involved. Maybe that's one advantage of IPV6 addresses: it's very unlikely that a random one will be routable because they've only got a few in a 64-bit block for each assigned prefix and they're long enough that identifying valid ones is rather difficult anyway.

How do you know you're not hiring one when you hire in your country? How do you know that I'm not passing on a job to one of them when you hire me? When you hire someone, you generally do some checks on who, exactly, you've just added. This doesn't guarantee they're not a hacker, but it provides you exactly the same information about whether you can trust them if they're in your country as if they're in a different one. You might choose to avoid some countries because you don't want to have their administrative requirements or you think they'll harass your local employees, but that's no reason to ignore all the other countries where you don't have those concerns.

Re: Apple FindMy Network

"I expect other than to disable mobile data, there is no way for an iPhone/iPad user to prevent this from happening"

You assume wrong. Settings -> Apple ID -> Find My iPhone -> Find My Network, switch it off. It is still opt out, but you can opt out. Also, it's a few tiny packets. Your bandwidth costs to keep it on are ridiculously minimal compared to all the other background stuff your phone probably does, let alone active use of the connection. If you have reasons other than bandwidth to switch it off, go ahead and do so, but if you're really only worried about bandwidth, you don't need to be.

Re: It is sad it is taking such a massive case

The analogy is a good one, because serving on a jury is important but often dull. Being a legislator is also important and often dull. If you select people who don't want to be doing it, they'll look for ways to not do it. Oh, sure, they'll try to pass laws that they have a personal interest in, but most important laws won't be like that. Those laws will be things like the exact nature of a internet platform's liability in the case of user-submitted comments. Explaining what that means to a legislator who was just lotteried in is unlikely to work unless you force them to pay attention for hours, but if Facebook or Litigious Law Group tell them what the right answer is, that will be much easier. To some extent, this already happens, but at least a politician who chose the job is at least supposed to be interested in the decisions they're making, so they will spend at least a bit more time understanding them.

I understand the problem you want to solve. I'm afraid that having politicians chosen at random from a group of people who don't want to do it is not likely to solve that problem and will certainly introduce some new ones.

Re: It is sad it is taking such a massive case

Another aspect to this is that the American tax system tries to tax anyone in its jurisdiction for everything they do, no matter where they did it. This applies to individuals and companies. This may be one reason why companies form so many subsidiaries outside the country. It's not just wanting to pay a lower rate offered by some country eager for extra revenue, but not wanting to pay tax on a transaction in the country of the transaction and the United States as well. I've known a couple people who got American citizenship, mostly through birth, but then left the country and earned money elsewhere who were surprised to hear that the US will be collecting taxes on that anyway. If companies form international companies to get around that, they're likely to try to use them for lots of even more dubious purposes as well.

My only solution to this would be to try to form an international set of tax rules about how to decide where something was done and therefore where it should be taxed. So my solution is even harder to get accomplished than yours. I think I'll give up on this getting fixed and just resign myself to large companies being able to find their way around most tax regulations.

It depends what that test does, but if there's any point to having a test, then it has to tell those who are good at something from those who are bad. Ideally, if it can successfully do that, then we'd prefer to have the good ones, rather than the bad ones. If this is not what the test does, then I start wondering whether the test provides any value, and what it meant when someone was tested as "unappointable".

Re: "The NHS suffers from a chronic shortage of anesthetists"

Some of you did. Some others of you refused to use it until they had no other choice, and some others loudly complained about it. I may not have been around for most of that, but I have the internet and it has a lot of examples. Just because some currently old people were instrumental to the design of technology doesn't mean that every old person knows how to use it. I'm fully confident that nearly all of them could learn to do so, but I'm less confident that all who could learn will.

Re: "The NHS suffers from a chronic shortage of anesthetists"

The only problem is that delete has to be next to something. Which menu item is sufficiently rare that it's a safe buffer for delete?

Also, on my Windows 11 installation, delete is now next to share, and since I rarely use that, maybe they now have the requested buffer. Then again, I don't like the new context menu in Windows 11 and typically go to the more options menu where they've hidden the original one. The original one still has delete next to rename as well as my custom menu items.

The insider wouldn't have to write the code to encrypt the files, set up the infrastructure to communicate with the victim without immediately being caught, or negotiate payment with the victim, and would be at least somewhat insulated from the initial investigation. If the article is right, this is also a guaranteed payment whether the victim pays up or not. Those are, unfortunately, terms that might convince someone to do it.

Re: I fail to see what he did wrong....

What kind of wrong are you referring to? Do you mean ethically wrong or pragmatically wrong? Either way, I'd have thought those were obvious:

Ethically wrong: Take a job where you're not supposed to sell secret information, sell secret information.

Pragmatically wrong: Sell secret information for a tiny amount of money, have no backup escape plan for if you get caught, do the stealing so badly that you do get caught.

If you're referring to the various boot software, while I'd like Windows to support it nicely, I'd also like if Linuxes supported it nicely, or if I didn't have to deal with it so much. I've broken that by installing two different versions of Linux on the same disk. No Windows involved. I would prefer if it was easier to have lots of operating systems on one disk, and in my experience, you can eventually get somewhere satisfactory with any combination of operating systems, including Windows and Linux together, but first you're likely to deal with at least some broken things and some time manually changing bootloader settings. This is also why I tend to have different operating systems on different physical disks when the machine supports that and also why I have a machine that runs lots of VMs on one bare metal OS so I can easily test out a new one without rolling the dice again.

Re: "Musk’s changes at X are aimed at making money"

It doesn't, because the debt has to be payed back over years, not right now. If it was all due tomorrow, that would be bankrupt. The hope would be that it can be returned to profitability before the required payments exceed the resources available to pay them. I don't think that's likely, but there's always the option of more money being found from somewhere to pay that bill or the more likely attempt to ignore the bill and the years-long litigation to resolve that process. Somehow, when you're very rich, you can get away with not paying bills longer than when you're not.

I don't have accounts on these services, nor have I ever. However, I think there's a group of people who want to make these things sound more different from forums and newsgroups than they really are. Another uncomfortable truth is that these forums, while structured differently than more general social media, are similar in many ways. The same is true of Usenet and many other places where people who don't otherwise know each other post their thoughts for others to read.

Our little community might get to write more words in our thoughts, or at least we don't have to split them into annoying little chunks like Twitter require. We might limit our discussions to the topics El Reg creates, although there is that user topics area where I never go, so maybe that's not really true either. Still, we post our thoughts for our fellows to read, they reply to us, and we even have our upvotes and downvotes instead of likes and...I'm sure there's a dislike counter on some of them. We even have the same problems that social media has; these forums are not immune to annoying conspiracy theorists and trolls, nor even our own malfunctioning Markov chain bot. If you ask why someone likes social media, the answer is the same reason you're posting here. They just have an interest in a wider community and don't mind the many costs involved.

Re: So how did we find him?

Depending on the severity, that could just make it even harder to find people who want to do that kind of work in the first place. Government already frequently underpays its staff and puts restrictions on them that a different career option might get. That applies to all governments, but there have been several articles here specifically about the U.S. government failing to find the administrators and programmers that they want. Add in a "oh, and if you work on anything important you will have no privacy for the rest of your life" and that will probably not help their case. Especially with techs, you have to have some reason why they would choose a job in government over one somewhere else, and if you keep adding restrictions, the only answers that will be left are the applicant who accepts is a ridiculously patriotic person who will take any punishment for their beloved country, the applicant can't get a job anywhere else and now that the government can't find anyone qualified, they'll have to deal with them, or the applicant is a spy who is willing to take that job because it's the only way to get information.

I wouldn't work for a company that wanted the power to surveil me outside of work hours, or for that matter even during work hours if they went far enough. There's no chance I would agree to a lifetime of surveillance, even if I quit. If others are like me, maybe they'd have to do as at least one American military person suggested and start conscripting people with technical skills. I'm sure that will be popular.

Re: Amiga hard disk partitioning

If you search for a few minutes, I'm sure you can find a copy on good old HTTP somewhere. If you search better, you might find an instruction manual that's less likely to cause you a fatal accident. Whichever one you use, if you're found making explosives, that'll be the major problem and yes, they'll cite your possession of instructions on how to make weapons when they try you, because most of society thinks that making explosives isn't great. The possession might also be brought up if they have a different reason to suspect you, but it's not as if downloading that file will bring the police to your door.

Re: Are you sure

The other side of this is that the prompt absolutely must, no exceptions, contain enough data to know what it's asking you about. Not just trusting that you can scroll up to see the command that launched it, not assuming that the user knows which script they clicked on, the prompt must print that again. If it's really dangerous, maybe make the user type it again to be careful, but that part is at least optional.

Re: cd /tmp && rm -rf *

The other useful parameter is -i, when you need to do something more complex and you're not entirely sure if it will be safe. For example, when I was trying to clear out temp files, but no other files, from a nested directory. I was very careful to specify "rm -i */*/*.tmp". Anything with that many asterisks seemed a bit too dangerous to do without at least seeing some of what would get wiped.

Re: Meta Ferenghi a'coming!

No problem. I understand your concern, and you can deal with it. Simply don't install third-party applications. I have Android devices, and the only third-party app I'll install on them is FDroid (I consider the apps I get through FDroid to be included). There are many others, but since I don't trust that they're reliable, I don't install them. You can make that choice, and I advise you to do so if you're not sure what you're installing. It doesn't mean that I shouldn't be able to install something, though.

Re: It's not whether the App Store is good or bad...

In fact, some of their blocks are to help their revenue, including one of your own examples. They have, repeatedly, refused to allow in apps or even retroactively removed them when they competed with functionality they added to iOS. This isn't a one-time thing. Back when they first released Siri, they removed a few other voice assistants, even though the limitations of iOS meant that nobody was really going to use those anyway. They did the same thing eight years later when they released a tool to report on how often you or your children used the device and decided that others who had written apps to do that when Apple couldn't do it for you would now be banned. Now you may ask how that really did anything for Apple's revenue. The screen time example, although it's not a simple substitution, they were still indicating to developers not to compete with services Apple chose to make, which could prevent developers from trying things that compete with the services from which Apple really does collect revenue. The Siri example is much more straightforward: without the latest iPhone, you couldn't use Siri. By banning other voice assistants, they managed to tell everyone who wanted one that they'd have to buy new hardware.

The example of non-WebKit browsers is much more straightforward, even though you've mentioned it to the contrary. This is true for two reasons. If someone released a more powerful browser that could run web applications that are more complex than the ones Apple allows WebKit to run, that could allow a company to release their app to run in that, bypassing Apple's revenue collection. I'm sure many games would be happy to do so. That's a lot of money that Apple wouldn't get, but restricting the engine to WebKit will prevent a lot of those from running. The other side is that it makes competing web browsers less useful to the average user, meaning more of them will stick with Safari. Apple gets a large payment from Google every year to have Google as the default search engine in Safari. If people were using a different browser, that would be less valuable to Google and Apple would receive less money next year. They evidently decided that banning browsers completely wouldn't work, but they took steps to restrict their usage, such as restricting what they can do and filing any app with unrestricted browsing capability as an adult app that a child's account* could not install. I know at least one app that removed the in-app browser, essentially just calling WebKit, so that it could still be purchased for use in education.

* That is assuming that the child put in their real birth date when asked. When I was a child, I learned to put in a fake date to prevent tracking and that, if I was doing that, I might as well be an adult.

Re: Those who refuse to learn from webcomics...

Oh, it's much easier than that. If I tell the AI I want to be rich, it will create a dubious business model, convince Mr. Son to believe strongly in it, and he gives me free billions. It's worked for others before, and he's proven both that he isn't smart enough to tell the difference and that he hasn't been deposed yet. Until he runs out of money, anyone who gets to him can be rich. Of course, this requires me to be able to take a billion dollars and not lose it, but that doesn't sound too hard when I can send the original idea bankrupt as soon as the AI sends the cash to me.