pendant[sic]?
Hanging's too good for 'em?
Posts by Venerable and Fragrant Wind of Change
300 posts • joined 21 Oct 2019
Beware the three-finger-salute, or 'How I Got The Keys To The Kingdom'
Friday 27th December 2019 11:25 GMT
Re: Back in the day...
First Sun server I ever encountered wasn't anything to do with my work (which was on VAX), but was positioned adjacent to me under the bench on which our VT*** terminals sat.
It wasn't anything on the keyboard that struck. Just a power button that was right in my natural legroom.
How do you ascertain user acceptability if you keep killing off the users?
Fuming French monopoly watchdog is so incensed by Google's 'random' web ad rules, it's fining the US giant, er, <1% annual profit
Tuesday 24th December 2019 10:57 GMT
Re: Deceptive units.
I buy bog rolls by the sheet.
That is to say, I'll look carefully[1] at what I'm buying, and use the price-per-sheet as a criterion in deciding what to buy.
[1] The "carefully" is since I once found myself with slightly-narrower-than-standard stuff that wasn't quite adequate for my fat arse and left the hand rather exposed. Some considerations are more important than price per sheet or unverifiable ethical claims!
Sunday 22nd December 2019 11:27 GMT
Google are the Good Guys here
Google are in a constant arms-race with spammers. Being a bit 'unpredictable' is surely one of their best weapons against all kinds of abuse - from the simple "spam my results" (as kelkoo used to do to the point where I had to exclude them explicitly from all google searches) to those whose agendas include installing spyware[1], ransomware, etc.
Anything google publish to comply with this, we can be sure that those with the biggest budgets to read and use it (rapidly) to game the system will be the biggest abusers. But more to the point, if google are prevented by law from fighting spam, they'll rapidly become useless to ordinary users.
[1] Before replying "google is spyware", bear in mind that google isn't in the business of using a keylogger to collect passwords, or anything like that.
UK's Virgin Media celebrates the end of 2019 with a good, old fashioned TITSUP*
Tuesday 24th December 2019 02:04 GMT 
Call that an outage?
31 hours[1]? Try 31 weeks and you're getting a bit closer to Virgin's ballpark.
I guess being in London gets it noticed and reported.
[1] As per the quote from Mitch Benn. Same argument applies if you treat Dec. 19th-23rd as the duration: never known Virgin to be half that quick.
The time PC Tools spared an aerospace techie the blushes
What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal
Sunday 22nd December 2019 11:44 GMT
That doesn't answer the question. GPL companies can be bought, and a buyer can do things to make it distinctly unrewarding for a third-party to pick up development.
Signal getting bought out seems entirely plausible. A buyer hostile to its GPL heritage is less likely, but I wouldn't care to rule it out.
But yes, of course GPL is better than closed source. No argument there.
Cheque out my mad metal frisbee skillz... oops. Lights out!
Friday 20th December 2019 13:03 GMT
Re: Cheques still relevant... at leastt for someone
Looks like I'll have to pay that by cheque until I can switch: indeed, I've just sought out an ancient cheque book (wasn't even sure I had one). But that's because of EDF's dysfunctional system.
British bloke accused of extorting victims for 'Dark Overlord' hacker crew finally gets his free trip* to America
You leak our secrets? We'll leak your book sales, speech fees – into our coffers: Uncle Sam wins royalties fight against Edward Snowden
Post Office faces potential criminal probe over Fujitsu IT system's accounting failures
Huawei's P40 and P40 Pro handsets will not ship with Google Mobile Services, Richard Yu confirms
Wednesday 18th December 2019 16:52 GMT
Re: Maybe not such a bad thing
The positive scenario here is that that changes, and a third major platform emerges.
If Huawei is custodian and is successful, that puts it on a par with google and apple. Though I suspect they'd have an uphill struggle to get there.
Perhaps a really positive scenario would be for Huawei to sponsor an alternative, but to stand back from governance and make it a community effort. Perhaps also based in a jurisdiction less problematic than China or the US.
Amazon slams media for not saying nice things about AWS, denies it strip-mines open-source code for huge profits
Wednesday 18th December 2019 13:25 GMT 
A festival of pointlessness
Journo writes largely-pointless attack on Amazon. OK, not entirely pointless, it's journo's job to produce columns.
Amazon person writes similarly-pointless rebuff. See above.
Reg hack writes even more pointless attack on Amazon rebuff spot the pattern?
Commentard vanishes up his own pointlessness continued on page 94.
Hate speech row: Fine or jail anyone who calls people boffins, geeks or eggheads, psychology nerd demands
Wednesday 18th December 2019 13:41 GMT
Re: these terms are "divisive and humiliating,"
If you listen to the way "Patriarchy" is routinely used from the position of power and privilege of the BBC, it's attacking men in general. Including the majority of us who are not, nor ever have been, part of any ruling class.
It's a privileged media elite oppressing a downtrodden class on the grounds of a biological characteristic. Just like the classic N-word in a society (if any still exist) where white supremacism is a respectable attitude.
Wednesday 18th December 2019 12:41 GMT
Re: these terms are "divisive and humiliating,"
Likewise.
I think she's missed the point completely. Hate speech happens when you use a derogatory term to put down an 'other' group. Words like 'Remoaner' should need no explanation. Or 'Patriarchy' from the supremacist wing of the Feminist agenda.
On the other hand, perhaps there's another point in there re: the weaponisation of Offence. I was rather bemused by the plebgate nonsense, having described myself as a pleb for as long as I can remember. After all, it's factually indisputable.
Of course context matters. Any of these words should be just fine used in a context (such as academic discussion) where it's clear there is no prejudice or hatred, no divisive "us vs them".
Cool 'joke', bro, you could have killed someone: Epilepsy Foundation sics cops on sick flashing-light Twitter trolls
Wednesday 18th December 2019 13:14 GMT
Wrong target entirely
If you have a serious condition - like epilepsy that might be triggered by a blinking screen - you take measures to protect yourself. What happened to your accessibility settings? After 25 years of animated gifs, any platform/browser that doesn't give you the option to prevent crap that moves should be considered defective and ditched.
Doesn't excuse the alleged behaviour, but surely an organisation working for epileptics should focus more on educating them to protect themselves, and on persuading browser developers to make it easy for them.
FUSE for macOS: Why a popular open source library became closed source and commercially licensed
Tuesday 17th December 2019 11:46 GMT
Re: @AC - I understand where the dev is coming from but ....
Two answers to that.
One, it's nowhere near your claim of GPL code being derivative of BSD code and causing problems for the latter. Unless you're going to claim something about MySQL's heritage?
Two, the issue I mentioned was one of ASF policy never to distribute code whose licence is in any way more restrictive than Apache's own. So we arrived at a point where Apache could bundle a generic SQL interface with drivers for open source (eg PostgreSQL), closed source (e.g. Oracle) and for third-party standards (e.g. ODBC), but a MySQL driver could only be distributed by a third-party. The effect of the FOSS exception was to permit the MySQL driver to be distributed under the Apache Licence, and thus by Apache itself, so lowering the barriers to adoption.
See here for the Debian angle on it (a few months later, the ASF accepted it under the FOSS exception too). And further down the thread, a more serious problem (also here - it didn't go away from non-Debian user-land just because Debian dealt with it) having nothing to do with licencing.
Tuesday 17th December 2019 02:25 GMT
Re: @AC - I understand where the dev is coming from but ....
Some serious nonsense there.
Citations needed on subjects like adverse effects on BSD code.
Oh, and I think I can claim some authority on the subject. It was my work, and discussions over licensing it with folks at Apache, Debian and MySQL, that led to MySQL's FLOSS exception to the GPL (back when MySQL was still an independent company), which in turn eventually led to the Universal FOSS Exception (though I only just now found out about the latter).
Tuesday 17th December 2019 01:58 GMT
Re: Licence
Someone already mentioned MySQL, which is one of the most famous projects to take advantage of GPL copyleft. If you want to distribute it, either you contribute back your changes (participate in the open source community) or you buy a commercial licence.
And GPL has a track record that includes being enforced in courts. I'm not sure that applies to any of the attempts to write a licence that says "free for non-commercial use". Such clauses can beg questions like defining non-commercial use, and are sometimes associated with unrealistic expectations.
Wham, bam, thank you scram button: Now we have to go all MacGyver on the server room
Monday 16th December 2019 13:15 GMT
Isn't molly-guard the usual term for such protection, when this story appears in this column?
The trains have had "in emergency break glass" hammers for as long as I can remember, but they're well-protected against accidental access.
I think my personal nearest to this anecdote is leaning on the wall in an overcrowded conference room.
Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5
Saturday 14th December 2019 12:32 GMT
Yes, nginx was always free software. The company nginx was set up to support it on a similar business model to Redhat with Linux, or Covalent with Apache.
Indeed, you can see other commonality. Just as certain Silicon Valley bigcos have packaged and supported Apache, so Taobao has its own nginx-derivative tengine. Fully API-compatible but with some extra goodies the Taobao folks wanted. I expect there's two-way traffic between the two, though until nginx backports tengine's support for loadable modules, the latter has the edge as a developer platform.
Saturday 14th December 2019 00:15 GMT
Re: Prior Art
I didn't say interchangeable, just that they have common roots. Though they are indeed sufficiently similar that pretty-much anything from Apache 1.3 just needs "changing the plug" to port to nginx.
In fact nginx is probably closer to Apache 1.3 than either of them is to Apache 2.x, but that's because of the different directions the servers have taken, with Apache 2 having added things like its more sophisticated filtering, database connection pooling, etc.
Yes, some of it is entirely different: nginx was way ahead of apache in adopting an event-driven core processing model (which may well have been Syseov's #1 motivation for a new server). But if you want to make an IP claim, you'd have to figure out what's new vs what's adopted from elsewhere. I was wondering whether Rambler has undertaken that not-inconsiderable task.
Friday 13th December 2019 09:58 GMT 
Prior Art
There's a family tree of mainstream open-source webservers. There's a common grandparent (NCSA) and parent (Apache 1.x) to three modern children. Apache 2 (obviously), but also both lightppd and nginx have deep roots in earlier NCSA/Apache. They took common roots in different directions: Apache 2 focussed more on making itself a versatile applications platform, while lightppd and more successfully nginx concentrated on a high-performance core on the premise that applications would be separated out - for example in PHP.
Even today after so many years of divergence, common roots become abundantly clear from the respective APIs if you write modules for these servers.
I wouldn't want to belittle Syseov's own work and the value he added, but in the best traditions of open source (among other things) he was standing on the shoulders of giants. I wonder if Rambler has done (or even attempted) the groundwork to identify IP that can be attributed to Syseov rather than prior art?
The underlying issue - an employer's claim over an employee's work - is one that's been widely known and guarded against in Open Source since the 1990s. For example, the ASF requires legal consent on file from both contributors and their employers before contributors can be granted commit privileges.
Why is the printer spouting nonsense... and who on earth tried to wire this plug?
Friday 13th December 2019 10:13 GMT
Re: The user replied: "The same electrician who changed that plug rewired my house last week!"
I've a creeping suspicion that's who wired my house.
Turning the radio on or off in the office room causes my desktop 'puter to wake from suspend! And it's not even plugged into the same power outlet! That is, if a wired keyboard is plugged in.
Iran says it staved off cyber attack but doesn't blame US
Bad news: KeyWe Smart Lock is easily bypassed and can't be fixed
Thursday 12th December 2019 01:34 GMT
Insewerants
For what it's worth ...
When I moved house in August, I was interested in installing a keyless lock. Not one I could operate from an app (I'm not that dumb), but one where I could key in a combination to open it from the outside. Keyless was because keys in the pockets are annoying, and it would be great to be able to dispense with them (and with phones too) when going out "light". I've lived with a combi lock on the door to the communal hall of an apartment building in the past, and that was good - though sadly my own front door still had a regular key.
But my bottom line was that the lock had to be British Standards compliant, and have the kitemark recognised by insurers. Turns out there's none available. So any combi lock could only have been secondary, which rather defeats the purpose.
When is an electrical engineer not an engineer? When Arizona's state regulators decide to play word games
Wednesday 11th December 2019 08:32 GMT
Re: AKA Libertarians
Once upon a time, I was on the academic staff in a University CompSci department.
Most of the staff were of a generation where we were educated in other subjects, at a time when compsci itself was far from mainstream. Technically speaking we were not qualified in our own subject, and could not tick those important boxes our students (just a decade younger) automatically could when they graduated.
Behuld – zee-a internet ouff tuilet tissuoe at Meecrusufft Sveden. Bork bork bork!
In tribute to Galaxy Note 7, BBC iPlayer support goes up in flames for some Samsung TVs
Tuesday 10th December 2019 11:53 GMT 
Monopoly Abuse
I've said it before (e.g. here) and I'll say it again. This is the BBC's fault. They should be supplying contents, and leaving it to the market (and healthy competition) to develop and support viewers.
The iplayer is a blatant abuse of monopoly powers and the BBC's privileged funding model. How do they get away with it?
Two can play that game: China orders ban on US computers and software
Tuesday 10th December 2019 11:00 GMT
How many wrongs?
My parents used to teach me that two wrongs don't make a right. The fact that Trump's a total arse doesn't make it right for China to do similar.
Though it does make it at least somewhat understandable, and a lesser-of-evils argument could perhaps be made.
As for software, China has lots nowadays. Seriously. Home-grown, global open-source, and indeed home-grown open source. In the latter, we've seen a massive catchup in recent years, as the floodgates have opened on Chinese-origin open source projects going global. Assuming they don't go so mad as to deny themselves established, stable platforms like Linux and BSD - with a native Chinese layer on top 'cos ASCII does a poor job with their language[1].
And I expect all the US "usual suspects" can set up shop in China, too, to protect their market positions.
[1] I hope that comment doesn't apply to Unicode, and it would be nice to think that modern *X does i18n properly. Maybe the native layer for most things could in principle be as thin as a Chinese-language packaging and installer? But in real life we know much deeper layers proliferate.
Elon Musk gets thumbs up from jury for use of 'pedo guy' in cave diver defamation lawsuit
Saturday 7th December 2019 11:37 GMT
Re: Surprised
I really didn't think he'd get away with that.
Whyever not?
Under any sane legal system, it would never have come to trial. Libel should be reserved for cases where there's not merely something potentially-defamatory said, but an expectation that third-parties might take the remark seriously causing them to believe ill of the subject. Did anyone here take some dumb tweet in earnest and believe [sorry, I've forgotten his name] was a pedophile?
Noone's name has been defamed. We get to point and laugh at Musk and at the absurd legal processes, but they demonstrably deserve it. As for the guy who fed the lawyers so richly - well, he's demonstrated a level of idiocy comparable to those who handed their money to this guy.
WebAssembly gets nod from W3C and, most likely, an embrace from cryptojackers online
Asteroid Bennu is flinging particles of dust and rock from its surface – and scientists can't work out why
VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed
Friday 6th December 2019 09:01 GMT
Re: Considering it's $1m...
I expect they did, but that "we'll confirm that by email" figured regularly in 'phone conversations. Language barriers may have played a role, too.
Note - the report is silent on whether there was a MITM on the phone. If they were filtering email it would've presented opportunities to tamper with phone numbers and other contact details.
To think that PGP has only been with us since 1991!
123-Reg is at it again: Registrar charges chap for domains he didn’t order – and didn't want
Thursday 5th December 2019 10:39 GMT
Re: a complete dog's breakfast
Does this comment assume all dogs should be poverty-stricken?
Very suspicious that the "innocent" mistakes always seem to end-up to the benefit of the mistaken.
There's a perfectly good reason for that. The customer seeing a mistake in his own favour is much less likely to take the trouble to complain about it.
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
Thursday 5th December 2019 10:26 GMT
Grab the private key?
For the benefit of readers who don't twitt ...
Who exactly can grab this private key, and how? Surely a private key that can be accessed by an unauthorised person is a big no-no, but orthogonal to an idiosyncratic DNS usage?
DNS is designed for performance over security, which is a major reason we don't rely on it for secure transactions and have SSL certs. When you describe a DNS entry as a vulnerability, it looks as if you're suggesting a misplaced reliance on something that's inherently insecure. Or in other words, propping up the edifice by painting over the cracks.
Former Oracle product manager says he was forced out for refusing to deceive customers. Now he's suing the biz
Thursday 5th December 2019 09:58 GMT
Re: Selling vaporware ?
Marketroids promising the undeliverable is of course widespread throughout the industry. Doesn't make it right or honest.
It's one of the things that drives a vast wedge between techies and suits. I think it was one of the drivers for the rise of open source, as developers sought out a community where they could do decent and honest work and get respect for it.
Silicon Valley Scrooges sidestep debt to society through tax avoidance to the tune of $100bn
Wednesday 4th December 2019 18:03 GMT
Re: Ok but how much tax is fair?
Starbucks may be a particular case: for many years they were contrasted with UK-owned Costa paying their full whack of corporation tax here.
It may be instructive that Costa was recently sold to a US megacorp (Coca Cola). So in principle at least, they can now play all the same tricks as Starbucks. I don't know what happens in practice, but this is a particular case-in-point where being British-owned appears to have put Costa at a tax disadvantage compared to a major rival.
Wednesday 4th December 2019 17:57 GMT
Re: Ok but how much tax is fair?
Higher taxes on dividends would be one way.
Do we have any figures on how many shareholders pay tax on our dividends? I don't (I make extensive use of tax avoidance measures including a Pension, an ISA, and VCT and EIS breaks). Neither do the many foreign shareholders who are not UK taxpayers.
Corporation tax as it stands now is not fit for purpose. How to fix it (short of abolition) is above my pay grade.
