* Posts by Michael Wojcik

12132 publicly visible posts • joined 21 Dec 2007

Institute of Directors survey says most bosses expect no mass return to the office if COVID-19 crisis ever ends

Michael Wojcik Silver badge

Re: As it could have been done *decades* ago

I did a fair bit of work remotely over a 1200bps dialup link (which was prone to dropping spontaneously; saving your work often, or using an editor that could recover a dropped session, was a good idea).

1200bps sync connections, for example to IBM midrange or mainframe machines, were even better, since they had less overhead than async dialup.

I did a little work over 300bps dialup, but to be honest 300bps was very tiresome. 1200 was where it became reasonable.

Michael Wojcik Silver badge

Re: As it could have been done *decades* ago

It could have been done _a_ decade ago. Two decades ago, most people were still on dial-up and paying 3p per minute in phone charges to access the internet.

Conditions in the UK two decades ago might not be an accurate model of those everywhere else.

I started working exclusively (aside from short visits three or four times a year) from home, as a software developer, in the US, in 1992. I was back in the office briefly, from mid-1996 through early 1998. Since then I've worked exclusively from home.

Initially I had an OS/2 machine, an RS/6000, and a SPARCstation, and a V.32bis modem, which I used primarily for UUCP file transfers and a SLIP link, directly to the office (Ohio to Massachusetts). Pretty soon I switched to a Telebit Trailblazer at each end of the dialup connection. About a year after that, we put in a 56Kbps dedicated digital line from the local telco.

When I left the office again in 1998, we went with Basic Rate ISDN. I was in Nebraska; I don't remember what corporate location I was connecting to at that point.

In 2002 I moved to Michigan, and there cable (DOCSIS) broadband was available. Bandwidth, latency, and reliability were pretty terrible, relative to what people were typically getting in major US cities, due to poor investment by the small cable company that served the area; but that didn't significantly impede my work, because CVS and ssh don't need a whole lot of bandwidth and I grew up with high-latency connections.

Eventually the cable company was bought out by a bigger firm which did a lot of capital investment in the network (shocking, I know).

At my other house, we started off with crap ADSL from CenturyLink, but the local electric cooperative has been running fibre alongside their power delivery infrastructure and selling residential and commercial Internet access on that, so about four years ago we were able to upgrade to FttP and now things are pretty sweet.

My point, though, is that for developers with a workload similar to mine, in the US, working from home has been quite feasible for nearly three decades.

China sets out world domination plan for its digital currency

Michael Wojcik Silver badge

Digital currency? Pfaugh.

I'm tired of all this digital money. I want continuous money. If I make an irrational purchase, I want to pay an irrational amount for it.

And for buying something really good, I'd like a transcendent price. "This lovely automobile can be yours for only $20000π!"

Net neutrality lives... in Europe, anyway: Top court supports open internet rules, snubs telcos and ISPs

Michael Wojcik Silver badge

These days 500MB is not enough

500MB is more than enough for me. Not everyone is you.

Infosys to hire 12,000 more Americans – especially the cheapest ones it can find

Michael Wojcik Silver badge

Re: Credit where credit is due

It is WELL KNOWN that BLOCK CAPITALS make an argument MORE PERSUASIVE, and possibly even MORE FACTUALLY CORRECT.

Ex-Autonomy CFO Sushovan Hussain loses US appeal bid against fraud convictions and 5-year prison sentence

Michael Wojcik Silver badge

Re: "We rather regard any resort to the privilege against self-incrimination as a black mark."

if people ask you all sorts of questions and you refuse to answer, any reasonable person would infer something from that

For example, a reasonable person might infer that you consider civil rights more important than law enforcement's right to conduct bullshit interrogations.

In the US, the right to silence is absolutely critical and should always be exercised, except as specifically advised by counsel, because the federal government has made any misstatement to federal officers a felony, and is very happy to imprison people based on that principle.

The UK version is an institutionalization of the principle that "only the guilty have something to hide", and as such is inherently immoral. That should be obvious to anyone capable of critical thought and with a decent grasp of the human condition.

Michael Wojcik Silver badge

Re: This is still HP's fault

It's entirely possible for both parties to be at fault here. What I've read of the case, in the Reg and elsewhere, suggests that is in fact what we have.

That said, the sentence against Hussein seems rather disproportionate to me. But then I think that's true of a great many sentences in US criminal and civil cases. Unfortunately there is little political will to correct the situation.

'My wife tried to order some clothes tonight. When she logged in, she was in someone else's account ... Now someone's charged her card'

Michael Wojcik Silver badge

Re: Never store your card

Actually, all of the credit-card breaches I can recall, or could find in a few minutes of searching, from the past couple of years were the result of one of:

- A skimming attack against POS terminals or backend systems.

- A web skimming attack (Magecart being the most common).

- An attack against an issuer, credit agency, or some other non-merchant.

All the breaches I found that included credit-card data retained by a merchant were from several years ago.

That doesn't mean no merchants retain CC data, but that particular class of exposure seems to have become much less common than physical or web skimming. The move to dedicated payment processors seems to have more or less have the effect claimed by disgustedoftunbridgewells.

Relatively recent (i.e. going back a couple more years) breaches against merchants that yielded stored CC data are mostly against hotels, most notably the big Marriott breach.

I still think we should recommend virtual cards and/or other payment options (I don't personally like Paypal, but it does provide some protection against card-data theft), but more as a defense against skimming. As for whether you let merchants retain payment-method information in whatever form: that's a different part of the attack tree. Some consumers feel it's worth the risk; others don't, or are willing to assume it only in particular cases. But it's not the same as a CC-data-exposing breach, which is a more serious failure because it lets the attacker clone the card and use it at multiple merchants.

Michael Wojcik Silver badge

Re: step one: ring your card provider

I used one of those cards that allows you to relegate a unique card number to each merchant you buy from

Yeah. I've been using virtual cards from privacy.com for any card-not-present transactions for a while now, and I have to say I've been pleased. Create any number of cards, set various limits (per-transaction, daily/weekly/monthly), restrict to a single merchant, various options for being notified of any transactions, and you can use any name and mailing address you like. It's all tied to a bank account, so if you want an additional layer of security, you can open an account specifically for those cards.

They make their money off the merchant fees, so it's no additional cost to the consumer.

The web UI is fancier than I prefer, but it's not too obnoxious. Works fine with non-Chromium browsers.

I don't have any relationship with them beyond being a user of their service.

'There is no way we can keep coding local': GitPod's cloud development platform released into sunlight of open source

Michael Wojcik Silver badge

Kids these days

There is no way we can keep coding local

Oh yeah? Watch me.

This claim is just a variation on "we can't expect developers to have any discipline".

And, of course, there are no failure modes with remote development that anyone might need to worry about. No one ever loses connectivity.

And we have decades of experience with primarily or exclusively remote development to learn from. I still do plenty of remote development today, though I do it properly (ssh to machines several timezones away, GNU screen, bash or ksh, source in Subversion or git, vim, gdb or dbx...). Browser-based IDEs are fine for people who like that sort of thing, I suppose, just like a 1980s Chrysler was fine for people who didn't want a vehicle that was more efficient, reliable, maneuverable, or practical; but to suggest it's the way everyone should write code is typical All-the-world's-an-X myopia.

50%+ of our office seats are going remote, say majority of surveyed Register readers. Hi security, bye on-prem

Michael Wojcik Silver badge

Re: Loss of human contact

It's almost as if people are not all identical, and generalizations about them are suspect.

I've been working from home for over twenty years. I've worked remotely from my teams for most of my career - about 5/6th of it.

I get plenty of human interaction: In person from family, neighbors, shopkeepers, doctors, strangers I pass on the street; by phone, text, and email from family and friends; many times a day from my co-workers by various means. I have daily calls with members of two of my teams, and weekly calls with others, and ad hoc calls with all sorts of folks. I get quite a bit of work email, which I genuinely enjoy.1

I used to have face-to-face meetings with some of my teams once a year or so, and I did like that, even if (indeed, partly because) it involved international travel. But do I need it? No, I do not.

I'm sure there are many people who work best in a group setting. That may be true of most people. But people are adaptable, and I have yet to see any reliable evidence that a broad shift to working from home will have the dire consequences some are predicting.

1I realize this is unusual, but I'm a compulsive reader. Two of my degrees are in writing.

Michael Wojcik Silver badge

Re: I rather like the current situation

The Mountain Fastness is pretty rural - not jake level of rural, but we're sitting on 2.3 acres of agricultural-zoned land, on a private dirt road, with neighbors just in hollerin' distance. We have fiber because the local electric co-op is also an ISP, and over the past several years they've been running fiber on their poles as they do electric maintenance and upgrades. So for much of the county, if you're on the electric grid, you have fiber right at the pole.

It's about $100 to get the drop to the house put in, and a bit more for the terminal. Then you can either buy your Internet access from the co-op, or from various other local ISPs who contract with the co-op for backhaul.

It's not perfect. Redundancy isn't great - a couple of years ago a forest fire took out the fiber trunk, and it was a few days before they got service back up. And the tier pricing is definitely high compared to some places with more competition; but the vast majority of households can get by just fine on the bottom or second tier. (We were on the bottom tier at first, but it turned out that QoS wasn't great with two simultaneous video calls plus web traffic plus our phone microcell, so we bumped it up a notch and it's been smooth since.)

The co-op has an incentive to run projects like this. In particular, they need to get a quorum of members to attend their annual meetings, and anything that makes them interesting to customers helps with that. This sort of thing also builds favor with regulators.

Michael Wojcik Silver badge

Re: I rather like the current situation

I moved to working exclusively from home (aside from rare in-person team meetings, which more or less ended some years back) in 1999. Initially that was with a single ISDN Basic Rate channel (never got around to bonding two channels), at 64Kbps.

And before that, from '92 to '95, I was by myself in a little satellite office, initially with a Telebit Trailblazer dial-up setup, and then a dedicated 56Kbps digital line.

In 2002 we moved and I got cable with a few MB/s of bandwidth. For the past few years I've had fiber-to-the-home at the Mountain Fastness, with a cap that's something like 64MB/s; I still use the cable setup at the Stately Manor. I've never had a need for more bandwidth.

To be honest, most of the time I could still get by on the old 56Kbps for work purposes. I'm rarely fetching or committing so many bytes of source changes that it takes any significant time to sync with the repository, and 56Kbps would work just fine for ssh. But for video calls, online research, and software downloads, of course, that extra capacity is necessary. (Plus there are the people who insist on attaching megabytes of screenshots or other cruft to emails...)

Experian says it recovered and deleted data on 24 million South Africans after giving it to random 'marketing' person

Michael Wojcik Silver badge

The primary purpose of any business is to make money.

The specific value proposition of credit agencies is consumer-credit pricing, which is mostly a matter of risk assessment for lenders. Risk assessment is probabilistic and applies to aggregations of borrowers, so there's a certain level of noise - inaccuracy in the data - which is optimal for the credit agency, where its affect on their profits is less than the cost of improving accuracy. So they're happy to tolerate a certain amount of borrower-side fraud, such as identity theft. In fact, they've learned to monetize that by selling add-on products such as credit monitoring.

Similarly, there's a point of diminishing returns on protecting the confidentiality of their data from fraudulent customers (i.e. lenders and others interested in credit ratings). Past that point, fraud becomes an externality - it's not worth them trying to prevent it.

The only way to fix that problem is to convert the externality into a direct cost that's greater than the marginal profit of ignoring it. Sometimes market forces can do that, but the oligopoly of credit agencies in the US, and the fact that consumers have almost no effect on which ones are used by lenders and other customers, makes the market a non-starter in this case. That leaves only regulation.

Better Java than Java: Kotlin 1.4 introduces new compilers for JVM and JavaScript

Michael Wojcik Silver badge

Re: Sprouting like mushrooms (or are they toadstools?)

How many languages that appeared 10-15 years ago are still in demand?

For the past 10 years: Rust (2010), Dart (2011), Kotlin (2011), TypeScript (2012), Julia (2012), Swift (2014).

I'm not claiming those are all good languages, but they're all "still in demand" by any reasonable metric. They're all being used for production applications, they're all still present in the trade media and in various surveys, they all still have their proponents and backers.

And I don't think that's a very useful metric anyway. There may not be much demand for AUTOCODER; that doesn't mean it wasn't important. You don't see a lot of new ALGOL projects - that doesn't mean ALGOL wasn't hugely influential. Pascal1 has largely fallen out of favor (pace Stob and other Delphi fans), but it left its mark, too. ML was never much for production apps, but its descendants OCaml, Haskell, and F# - even while they remain niche languages - have had a significant impact. Erlang has never been as popular as it deserves to be, but people keep reinventing it, so it must have done something right.

On the other hand, Fortran, COBOL, PL/I, etc., not to mention various assembly languages, may not be sexy, but they have a hell of an existing code base and there's still plenty of fresh development in those "legacy" languages.

And, finally, why not develop new languages? Kotlin and other JVM languages pushed Java to improve in its expressibility and syntactic sugar. If people are going to continue to insist on developing huge applications in ECMAScript-based languages, then yes, please, let's have some with a bit of type safety and other improvements on the base language.2 Whenever I'm writing something in Managed OO COBOL I'm glad to have generics and type inference and anonymous methods with proper closures - even if I don't need them for whatever I'm doing at the moment.

Language development gives us better languages.

1The programming language, not the mathematician/philosopher, or the Reg regular commentator.

2Yes, I know you can do purely functional programming in Javascript with proper algebraic structures and monads3 to defer side effects. And that's great, since you can then do all sorts of handy reasoning and manual or automated proofs of correctness about the vast majority of your code base. But clearly only a vanishingly small fraction of Javascript programmers are willing to learn how to do this.

3Look, we've explained this already. A monad is a monoid in the category of endofunctors, like a semicolon with side effects. It's so obvious.

Guess which cloud giant Zoom picked to handle millions more video calls? Bzzt, wrong answer: It's Oracle

Michael Wojcik Silver badge

Re: Huh?

Stamos joined Facebook to try to make things better there. He quit when they wouldn't follow his recommendations.

I'm not seeing the problem.

Patently dogged: Apple unleashes lawyers to slash $454m patent rip-off bill – even after Supreme Court snub

Michael Wojcik Silver badge

Re: Well done Apple

For the US PTO the grant rate for applications hovers just below 50% in most years, according to the statistics they publish.

Personally, I think that's not bad, given the terms of their charter and the resource constraints they face.

Florida man might just stick it to HP for injecting sneaky DRM update into his printers that rejected non-HP ink

Michael Wojcik Silver badge

If it was due to some inherent difference between the recommended oil and the 3rd party oil used, then maybe you could sue the 3rd party oil manufacturer (if they made false claims regarding their product), or maybe there would be no cause for action.

And we have standards for engine oil. Oil manufacturers claim what standards their product meets, and auto manufacturers say which ones your oil should meet.

It's a completely irrelevant analogy for the printer-and-ink business.

Michael Wojcik Silver badge

Re: HP Printers are a Virus

HP LaserJet printers in the early 1990s were very nice.

I would never pay money for an HP Inc printer these days, of course. I've had to use a number that I didn't purchase (my wife's printer, one I had at my part-time teaching gig, etc), and they were without exception horrible, even without taking the vastly overpriced ink into account.

About ten years ago I debugged a hanging HP printer software installer on my daughter's Mac. It was easy - the thing was a Bourne shell script written by someone wildly incompetent. As part of the installation it had an array of files and for each one it was doing a "find / -name ..." command, searching the entire filesystem tree. That seems to be typical of the printer division's software quality.

Australian contact-tracing app leaks telling info and increases chances of third-party tracking, say security folks

Michael Wojcik Silver badge

Re: Lockdowns aside

a bus commute home is a very big exception

And would make for a great big pile of false positives if OP were incorrectly diagnosed as infectious.

That's one glaring problem with contact-tracing applications. The precision of existing SARS-Cov-2 tests is poor, and given the large groups we'll need to test to make contact tracing useful and the low overall infection rate, the false-positive paradox is going to bite hard. When that's multiplied by probabilistic - and not very accurate1 - contact tracing, the number of people who will be informed that they might have been exposed is going to go through the roof.

That was part of Ross Anderson's argument; the other part is that many people will respond to a flood of false-positive warnings by calling emergency services and/or going to medical facilities for testing or treatment, which will increase strain on those systems. And many other people will see the flood of false positives and ignore the contact warnings, rendering the apps irrelevant. And others will abuse the system (to force closures at schools and other facilities, to harass, for "art", for the lulz).

Personally, I doubt contact tracing will make a significant difference in controlling COVID-19.

And those with access to the data will certainly abuse contact tracing in any way they can. If history tells us anything, it tells us that.

1Because BLE is not a very good proxy for exposure to a significant number of virons. It's barely adequate as an estimation of overall distance, and completely uncorrelated to many types of barriers (walls, PPE), surface contact, air movement, etc.

Michael Wojcik Silver badge

Re: Mike Cannon-Brookes

This certainly looks like standard minor-celebrity-Dunning-Kruger to me. "Oh, I'm in IT in some fashion, therefore my opinion on everything even vaguely related to it is important."

(Of course my opinion on everything even vaguely related to IT is important, but that stands to reason.)

Assange should be furloughed from Belmarsh prison, says human rights org. Here's a thought: He could stay with friends!

Michael Wojcik Silver badge

Re: time marches on

It's time to stop treating him as if he were special, full stop.

Michael Wojcik Silver badge

Re: Why?

Exactly. I'm no fan of incarceration, a system which in the US, and I would guess in the UK as well, is wildly abused, excessive, and unjust. But what makes Assange, an overrated relentless self-promoter who clearly puts self-interest first, and is patently guilty of the crime he's actually being punished for, deserving of this special treatment?

Apple and Google tweak key bits of contact-tracing privacy plan

Michael Wojcik Silver badge

Re: so what happens

Hmm. Might be time to pick up an unlocked Xperia XA2 off eBay and slap Sailfish on it.

I have an old Nokia that runs Symbian 6 which I'd switch to For The Duration, but the battery life is abysmal - like a couple of hours - and I don't know if I can get a new battery for it.

Facebook, AWS team up to produce open-source PyTorch AI libraries, grad student says he successfully used GPT-2 to write his homework....

Michael Wojcik Silver badge

Machine-generated prose is nothing new

Machine generation of non-fiction prose is not only well-established but commercially viable, as I've noted before. This is almost certainly not the first case of a student handing in machine-generated work, and it won't be the last.

Personally, I'm not particularly impressed by GPT-2, which doesn't seem to improve on the state of the art and is known mostly for a marketing stunt.

Sophos XG firewalls hacked, hotfix ready. Texts wreck Apple iThings. Yup, business as usual in infosec world

Michael Wojcik Silver badge

Re: "calculations in an office are not done on a graphics card"

In other words, it's a covert channel - a means for an attacker to exfiltrate information - not a side channel. Side channels inadvertently leak sensitive data; covert channels are deliberately employed to expose it.

I don't think it's impractical for some specialized applications. The researchers say the signal penetrated a wall well and the carrier was detectable at ~15m, though they couldn't recover a usable signal at that distance. But someone who can plant a receiver in a closet next to an office, for example, might make use of this.

The same is true for plenty of other EMF channels, of course. The researcher's blog post makes the obligatory reference to TEMPEST right in the title - though TEMPEST focused on side channels, not covert channels.

We're in a timeline where Dettol maker has to beg folks not to inject cleaning fluid into their veins. Thanks, Trump

Michael Wojcik Silver badge

Re: Suggestion

it's worth finding out what it is in bleach that makes it effective (high content of acid?

We know "what it is in bleach that makes it effective". Anyone with a basic understanding of chemistry knows.

Household chlorine bleach has a pH around 12. It has no acid whatsoever.

Perhaps in the future before posting you might want to spend a few seconds doing a little research.

Just because we're letting Zoom into Parliament doesn't mean you can have fun, House of Commons warns Brit MPs

Michael Wojcik Silver badge

Teams seems to be inconsistent. I used to use it for some purposes (not all functions were supported) in Pale Moon and Comodo Dragon, but at some point in, I think, March, I started getting pop-ups telling me that the browser wasn't supported.

Teams is pretty much rubbish from any angle, with its horrible UI that doesn't use the built-in browser controls (so, for example, you can't use the Chrome Rescroller extension to fix the dreadful too-thin, disappearing scrollbars in most of the panes), its lack of end-user configurability, its utter inability to scroll back through conversations to older posts without going haywire...

Videoconferencing from the "native" Teams app does seem to work decently for me, though.

Michael Wojcik Silver badge

Re: UKGovt hacked in 3,2,1....

I suspect a certain amount of Dunning-Kruger in the Zoom offices. I don't know him myself, but a friend of mine knows Eric Yuan, CEO of Zoom; and my friend says Yuan is smart and generally well-informed on technological matters, and alert to potential issues.

So I suspect - based only on this testimonial, mind - that the Zoom development team were told to make security a priority, but lacked the necessary expertise, and weren't aware they lacked the expertise. That would explain one of their most famous blunders, the use of ECB. ECB says "we knew we needed encryption, so we threw in a library and picked some settings without understanding the consequences". Similarly their incorrect1 use of the term "end-to-end encryption" seems more likely due to a failure to employ security experts than a disregard of security.

That might seem like splitting hairs, and I'm not advocating for Zoom. (I don't use it myself.) But I do think there's a difference in attitude and culpability between Zoom and, say, Voatz. The latter can I think be justifiably accused of both a cavalier attitude toward security and a hostile one toward being called out on it. Zoom, on the other hand, seem to be making good-faith efforts to fix things.

1In the casual, common sense of "not as understood as a term of art in the industry". In the strict sense there's no governing authority specifying a precise meaning of the term, so they weren't incorrect in any prescriptive sense.

IBM == Insecure Business Machines: No-auth remote root exec exploit in Data Risk Manager drops after Big Blue snubs bug report

Michael Wojcik Silver badge

Re: And thus is why hackers profit...

This is why mature organizations have Product Security Incident Response Teams (PSIRTs), which exist precisely to accept reports from researchers through de facto standard channels such as a security@ email address (for which they've published an OpenPGP public key), a "report a vulnerability" web page, and clearinghouses like CERT/CC and ZDI; and then to negotiate with researchers to ensure they're heard and their information is acted upon.

A process failure like this one indicates a serious failure at the CISO level. A clearinghouse like CERT/CC should have no trouble contacting a company's PSIRT, assuming there is a PSIRT; and if there isn't a PSIRT, that's the failure right there.

This has all been standard stuff since not long after responsible disclosure was popularized by RainForestPuppy and other researchers.

Google productises its own not-a-VPN secure remote access tool

Michael Wojcik Silver badge

Re: Beyond Corp will take months too

It's a proxy, so you don't have to install software on every end-user machine. You just have to push out a browser proxy configuration, or have people enter it manually. And it works the same on all end-user platforms (modulo browser issues), so you don't need versions for different platforms.

That said - eh, it's a proxy. HTTP proxies were pretty exciting in, what, 1996? Surely there are other firms with commercially-supported security-enhanced proxies, not to mention open-source alternatives.

Boffins examine interstellar comet Borisov to find out what its home was like. Pretty unpleasant, it seems

Michael Wojcik Silver badge

Re: Temperature for yokels

Fahrenheit is at least based on a sensible design - reference points (32 and 96) separated by a power of two so that thermometers could be graduated by equal subdivision and then the scale reflected to extend it. Celsius is just the usual powers-of-10 digital rubbish.

And what's wrong with Rankine, eh?1

But as usual Randall got here first.

I think the Reg needs to add a temperature unit to its standard units. Maybe "heat in proportion to a nice cup of tea". My back-of-the-envelope calculations suggests CO freezes at around 0.22 cuppa.2

1OK, in all seriousness, I recognize the utility of Kelvin in SI.

2I arbitrarily decided that a nice cup of tea is about 26 °Rø.

Getting a pizza the action, AS/400 style

Michael Wojcik Silver badge

Re: "Hopefully he also added a bit of text along the lines"

That's not how humans function

And we know all humans are identical, so there's that sorted.

Michael Wojcik Silver badge

Re: "Hopefully he also added a bit of text along the lines"

Well, OS/400 was POSIX-branded, eventually. I think with V4R3 in 1998. And it eventually included most of the non-POSIX parts of the Single UNIX Specification, too. And it has PASE, which is basically AIX-under-i.

But, yeah, OS/400 is about the least-UNIXy UNIX-compatible OS ever.

Personally, even though I'm a longtime UNIX1 developer, I have a certain fondness for OS/400. It's so bizarre and awkward for anyone not coming from an S/38 background, particularly in its early days and on underpowered machines like the B-series. Using it was ergodic, like playing a programming RPG. And there's something very satisfying about filling in a bunch of options on one of the big scrolling menus in PDM, whacking the rock-solid Enter key on your hulking 5250, and going off for lunch because you know it'll be an hour before it's finished compiling.

Developing in UNIX is like flying. Developing in OS/400 was like hiking up a mountain. Either way you achieve some altitude, but it's a very different experience.

1And Windows, and OS/2, and a bit of IBM z, and some VAX, and ...

Lockdown endgame? There won't be one until the West figures out its approach to contact-tracing apps

Michael Wojcik Silver badge

Or smartphone tracking could be pointless and counterproductive

Ross Anderson has a good piece on the problems with smartphone tracking.

Techies like smartphone contact tracking because it lets them believe there's a technological solution to the pandemic. Governments like it because they're addicted to surveillance. Journalists like the idea of it because it's controversial and draws an audience.

None of those are good arguments for deploying it.

Cloudflare goes retro with COBOL delivery service. Older coders: Who's laughing now? Turns out we're still vital

Michael Wojcik Silver badge

Re: “Old Hardware” is fake news

Not only does it need an almost complete rewrite to move the code into a *nixy or wndows environment

Or you migrate it to a Windows, Linux, or UNIX COBOL implementation that includes CICS / JCL / IMS emulation.

Michael Wojcik Silver badge

Re: Fun with COBOL

as "GOTO A VIA B" which would execute one statement at B before jumping to A.

Considering COBOL does have PERFORM THROUGH (or THRU), which will happily accept a second paragraph-name that appears before the first paragraph-name, this wouldn't be that much of a stretch.

(PERFORM A THROUGH B says "start at paragraph A, and if you ever reach the end of paragraph B, come back here". Usually COBOL programmers will perform a contiguous range of paragraphs in the order they appear in the source, but you're not required to. There can be any arbitrary morass of GOTOs among those paragraphs and any others you have in the program. And some implementations have stacked performs, but others use flat performs, and that quickly becomes quite confusing.)

Michael Wojcik Silver badge

Re: Mindset

Standard COBOL (ISO/IEC 1989-1986 et seq) lets you omit IDENTIFICATION DIVISION. Some dialects let you omit the PROGRAM-ID as well. Assuming this is the initial program you don't need STOP RUN. The period on the DISPLAY statement is unnecessary (and in fact undesirable) with the STOP RUN, but I'd keep it and get rid of the latter. In most environments you don't need to use uppercase, which arguably makes things more readable.

So:

program-id. hellowrd.

procedure division.

display "Hello World".

Three lines. (Note this is free-format; the Reg doesn't support formatting code properly in comments.)

Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends (and something about privacy)

Michael Wojcik Silver badge

Re: Audio versions

whether it is paved or not

Not in any part of the US I've ever lived in, it isn't. That includes various regions on the East Coast, the Midwest, the Plains, and the Southwest.

For the past five years, every FBI secret spy court request to snoop on Americans has sucked, says watchdog

Michael Wojcik Silver badge

Re: It's not just the FBI to blame

The US Federal government was under multiple states of emergency before 9/11, and had been continuously since the 1970s. 9/11 was a good excuse for escalation, but the Feds had no difficulty excusing their abuse of their own powers prior to that. Even before the 70's they had plenty of rationalizations: wars, Prohibition, the Civil Rights movement (remember COINTELPRO?), and of course the all-time favorite bugbear, Communism.

In the US, the only effective curtailments to abusive policing, historically, have been squelched and overturned convictions (the "fruit of the poisoned tree" doctrine), and civil-rights trials against individual officers. And the latter has been effective only against relatively low-ranked members of local law enforcement, as far as I know, and in much smaller volumes. Basically, we have to rely on the judiciary to block the various policing forces by spoiling their endgame. In this context FISA is a particular abomination, since it pretends to be a part of the judiciary but makes a mockery of that role.

Microsoft's PowerToys suite sprouts four new playthings with a final March emission

Michael Wojcik Silver badge

Re: Some sort of demented Seasame Street character

No, there are regular human characters as well.

Samsung calls it a day on liquid-crystal display, says quantum dot is really hot

Michael Wojcik Silver badge

Yeah. I think some television shows are pretty neat, or at least worth watching if I'm in the mood. The sets themselves? As long as I can see the picture and hear the sound (which is often a problem thanks to horrible mixing for stupid Dolby 5.1), good enough.

I don't need HD, much less any higher resolution. I don't need high contrast ratios. I don't need color accuracy; I have poor color vision anyway. I don't need accurate sound reproduction or good separation - I just don't care about sound, beyond making out the dialog, and my wife is deaf in one ear so stereo is lost on her anyway. I don't really care about viewing angle; there are only two of us here. I very much do not want my television set to have any networking capability, beyond HDMI which unfortunately it seems we're stuck with.

Michael Wojcik Silver badge

Re: So, QLED is best ?

the power requirements for your CRT TV is huge

Oh, please. Compared to the overall power consumption of a typical home? Certainly here in the US, CRT television power-consumption delta versus a more-efficient display technology is almost certainly dwarfed by heating and cooling. Even a relatively large CRT draws around 120-160W. Lighting in the same room could well be drawing more.

And Pascal didn't say anything about how many hours per day that set is usually on, which is critical to estimating its power use, of course.

Michael Wojcik Silver badge

Re: So, QLED is best ?

The US Government doesn't sell your data

Oh, I think they do. They're just selective about the customers, and payment is generally quid pro quo.

Relax, breaking a website's fine-print doesn't make you a criminal hacker, says judge in US cyber-law legal row

Michael Wojcik Silver badge

Re: Overly Paranoid.

IMHO the government wouldn't have gone after them in the first place

An excellent basis for a legal strategy. "Eh, they'll probably just ignore it."

The politicization of the prosecutorial function in the US is making it increasingly easy for powerful interests to suborn prosecutions - not that it was ever particularly difficult. And the CFAA and related laws have already been abused in a number of cases. The dangers are widely acknowledged in the research community.

Microsoft expands AI features in Office, but are they any good? Mixed, according to our vulture

Michael Wojcik Silver badge

Re: @Tellymel

If we look at neural networks now, they need concrete input, and we tell them which results we think are right

That is how some ANN-based systems work. It is certainly not how all of them work.

Michael Wojcik Silver badge

Re: What would Orwell say?

And that of innumerable other style guides. Few of them are worth reading, much less following.

Richard Ohmann’s “Use Definite, Specific, Concrete Language” is a classic corrective to the prose style guide movement.

English, for all its faults, offers unparalleled riches to writers: its huge vocabulary and ability to incorporate foreign words and phrases without faltering; its vast array of synonyms; its grammatical flexibility; its store of idioms; its accommodation of poetic forms and tropes thanks to its wildly varied orthography and pronunciation; its huge range of dialects and variations. Attempts to deny most of those riches to writers are misbegotten schoolmarmism and should be resisted wholeheartedly. Robotic, cookie-cutter, machine-approved prose does no one any favors.

Michael Wojcik Silver badge

Re: "when you use Microsoft Editor, your content is sent to Microsoft's servers for analysis"

"Hear, hear", not "here here".

I don't want my editor to suggest anything at all to me, ever

Even with the occasional use of the incorrect homophone, your prose is likely better off for it. I've studied automated proofing tools since Grammatik came out in the mid-1980s, and - much like style guides such as Strunk & White - I firmly believe they do more damage than good. And I've taught college writing (so I've also studied composition theory and rhetoric), so I've seen some bad prose.

At best, these tools reduce personal style and dialectical and individual variation to a bleak, dispiriting, joyless mechanical sludge. Usually they also introduce infelicities incorrectly included in their models, such as false elevation.

There is one royal road to good prose style: Read a lot, and write a lot.

Michael Wojcik Silver badge

Re: Office365 SKUs

I don't think any of this is either well or good, and lacking access to it is a feature.

Leaving Las Vegas... for good? IT industry conference circuit won't look the same on other side of COVID-19 pandemic

Michael Wojcik Silver badge

I have to agree.

Meeting people in the industry and learning new things: good.

Las Vegas: ugh.

I generally enjoy and profit from conferences, but I've avoided ever going to one in Vegas, and I'd like to keep it that way.