* Posts by Michael Wojcik

12132 publicly visible posts • joined 21 Dec 2007

Planet Computers has really let things slide: Firm's third real-keyboard gizmo boasts 5G, Android 10, Linux support

Michael Wojcik Silver badge

Re: Marmite

Isn't lube always de rigeur? If you don't have the rigor, the lube won't help.

California emits latest layoff statistics. March's numbers are ugly. It's 19,000 total, including many in tech

Michael Wojcik Silver badge

Re: queue...

Or, perhaps, cue them doing so?

Drones intone 'you must stay home,' eliciting moans from those in the zone: Flying gizmos corral Brits amid coronavirus lockdown

Michael Wojcik Silver badge

it's entirely appropriate that the legal mandate is less stringent than the polite request

And this would be relevant if we were talking about a "polite request". Being shouted at by the police through their remote-controlled toy is not polite.

Michael Wojcik Silver badge

Re: (e)to donate blood;

I know being fit it seems like your age shouldn't be a factor, but it is.

Is it? Do we have statistically-significant evidence, corrected for other factors, that age beyond X significantly increases risk? Or is that just a supposition?

The last I looked, cases and fatalities were pretty well distributed - certainly enough so that once corrected for other factors it seems plausible that age itself is not a significant risk contributor.

I also note at least some of the preliminary papers I've seen attribute a significant portion of fatalities to cytokine storms, which generally hit younger adults harder, as in the 1918 influenza pandemic.

I'm not claiming age isn't an independent risk factor, or that it's not prudent to assume it is one at this point. I'm simply questioning your claim that it is one, as a matter of fact.

20 years later, Microsoft's still hammerin' Xamarin: Bunch of improvements on the way for cross-platform coding toolset

Michael Wojcik Silver badge

Re: "Dual-screen support is coming soon"

I had three screens attached to my RT PC at IBM in 1990. For the past 15 years I've worked exclusively on laptops, and I've never bothered to hook multiple screens up to them. With my last couple of laptops the company ordered docking stations for me, and I shipped those back to IT to use as spares. They'd just sit in the box at my place.

Clearly many people find them desirable, and one might hope actually useful; but I haven't felt any desire to have a multiheaded system in decades.

Remember that clinical trial, promoted by President Trump, of a possible COVID-19 cure? So, so, so many questions...

Michael Wojcik Silver badge

Re: Donald Jenius Trump

The FDA expressly forbids the kind of remark that Trump made

"forbids" how? The FDA are not the speech police. Perhaps within the scope of their regulatory authority they can prohibit or penalize certain types of statements - for example, claims by companies regarding their products. But the FDA couldn't prohibit me from making public statements about medications, regardless of how stupid or dangerous. They can't shut down the antivaxxer idiots.

If he was anyone else he'd be looking at a massive fine and possibly even jail time + potential class action cases.

Complete nonsense. Let's see you cite a single case in which an individual in the US received a "massive fine" or "jail time" solely for making misleading statements regarding medical treatment. As for class action - good luck with that, particularly after Bristol-Meyer Squibb Co. v. Superior Court of California, and considering that there's little incentive for lawyers to go through the expense of organizing a class action when the defendant is an individual, unless that individual has very deep pockets indeed and the case is strong.

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion

Michael Wojcik Silver badge

Re: Fight Fair?

Well, should any Communists ever come to power anywhere, we'll be on the lookout.

Though experience shows you can't trust authoritarian regimes either. Or democracies.

Sharp gobbles NEC as Japan's display giants team up to take on Europe and North America

Michael Wojcik Silver badge

Could I just have a television, please?

its 5G-capable 8K screens

Oh hell no. That's 5Gs and 7Ks more than I have any reason to want.1 It's getting harder and harder to find sets that don't have idiotic security holes built into them.

1I don't even bother with HD. I've found it adds nothing to the story, which is what I'm interested in.

What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out

Michael Wojcik Silver badge

Yes, this is just another variant of the Bus Factor problem.

Of course this can equally be an issue with proprietary software or other forms of industrial knowledge. At my job, we've been working on breaking developer silos for years, giving projects on various components to different developers to spread the expertise around. It can be done but it takes effort.

Michael Wojcik Silver badge

Re: Shirley!

[Any] of the users *could* have maintained it, but only 2 were.

To be fair, during the Bad Old Days, the OpenSSL project was not taking patches from developers in the US and some other countries, due to legal concerns.

Also, some users - typically participants on the openssl-dev and openssl-users lists - did provide feedback and suggestions, sometimes including example code that looked a lot like a patch if someone wanted to incorporate it.

And it's not true there were only two contributors even then. The heartbeat implementation that led to Heartbleed was an outside contribution from Seggelmann, for example.

What's more important with OpenSSL is that any of its many, many large corporate users could have contributed funding, but very few did. Nor did many individuals.

Michael Wojcik Silver badge

Re: Shirley!

Survival of the fittest in software is good.

Perhaps it would be. We don't know, because it doesn't happen.

Michael Wojcik Silver badge

Re: "I guess that nobody wants to commit to the learning curve."

When software is Open Source and free (as opposed to commercially supported Open Source software), is it really fair to expect the author/maintainer to produce the reams of documentation - that often take longer than the actual coding/testing work itself - necessary that you are implying?

I agree. It's not fair to expect much of anything of open-source software, beyond what's claimed by documents with some legal standing, such as licenses.

However, a wise developer might examine an open-source package to see if the source was developed using decently-written, maintainable code before adopting it. Or make the commitment to understand the code anyway (which was my position with OpenSSL back in the 0.9.8 days - the code was pretty awful, so I spent some time learning it).

The Javascript open-source ecosystem is toxic, with a vast array of poorly-written, poorly-maintained packages being used willy-nilly by developers who aren't interested in making the slightest effort to understand them, often for trivial things (need I mention left-pad?), and dependency graphs that surpasseth all understanding. But the situation is similarly bad in many parts of the open-source world. There are relatively few C programmers who are capable of writing decent C, for example, but there's a lot of open-source C. There are relatively few C++ programmers willing to write maintainable C++. Languages like Python also suffer from dependency disease.

Michael Wojcik Silver badge

Re: No updates for 18 months? MONTHS?????

There's updates and changes to the most fundamental part of our application stack - the end-users' browser - every few weeks, whether we like it or not

Ah, if only there were published standards for HTML, CSS, and ECMAScript so you didn't have to worry about all those updates.

For that matter, some have speculated that it's possible to build perfectly usable websites and web apps without using the latest idiot-bait built into browsers, Obviously that's lunacy, but it makes you think, no? Well, probably no, if you're a typical web developer.

Instagram, YouTube 'iron man' marketer first to be nabbed by Feds cracking down on fake coronavirus web cures

Michael Wojcik Silver badge

Investment is tricky

I mean, how are we supposed to tell the scams apart from the legitimate order-of-magnitude-guaranteed-return opportunities? It's almost like there's some correlation between risk and return!

Microsoft staff giggle beneath the weight of a 52,000-person Reply-All email storm

Michael Wojcik Silver badge

Re: Read Receipt

Read receipts are vile. I disable them in every MUA I get my hands on. Why would I want to let my correspondents spy on me? If I think your email deserves a reply, I'll reply to it, when I'm good and ready.

Of course that means I never request them, either.

Michael Wojcik Silver badge

Your message will cost the net hundreds if not thousands of dollars to send everywhere. Please be sure you know what you are doing.

Michael Wojcik Silver badge

Re: This yor folt

Damn it, now I want one of those mugs.

I suppose I could just pirate the design and make my own, but I have an aversion to stealing someone else's work. Silly, I know.

Michael Wojcik Silver badge

Re: Bcc FTW!

Where I work, the culture is to use Reply All for pretty much everything. Email is basically slow group chat. (Which, arguably, is better group chat.)

Cops charge prankster who 'corona-coughed' on aged officer and had it filmed

Michael Wojcik Silver badge

Re: hait cut and social distancing

You seem to have neglected the possibility of very long scissors.

Michael Wojcik Silver badge

Re: Dutch Courage Required

I understand many people are sensitive about this sort of thing - and I think no less of them for it; we all have our personal concerns - but I, for one, wouldn't be worried if I got an unfortunate home trim. Particularly when I'm not supposed to be in public anyway. Frankly, it would probably bother my wife more than me.

These days, when my hair provides only marginal protection from sun and rain anyway, I don't much care what happens to it.

Michael Wojcik Silver badge

Didn't the article say he was tested? If so, his antigen count for SARS-Cov-2 must be too low for the test to be positive, right? (I haven't actually looked into the details for the test - maybe it tests viral load, rather than antigens.) That suggests he can't be an asymptomatic carrier, within the accuracy of the test.

Michael Wojcik Silver badge

Re: Idiot

"Stalking" here is being used as a term of art, not in its common sense. There's no point in discussing whether the charge makes sense until we know precisely how the law in the governing jurisdiction defines that term.

Some years ago, a man in California was charged with lynching himself - because in California, the law defined "lynching" as the forcible removal of someone from custody by a mob. The accused was arrested, and as officers were leading him to their car, he shouted out for help and incited a small riot, which ended with him escaping (briefly). So under the law (at the time - it's since been changed) he had participated in lynching himself. That's certainly not the common meaning of lynching. [Details can be found in Kevin Underhill's blog.]

World's smallest violin to be played for opportunistic sellers banned from eBay and Amazon for price gouging

Michael Wojcik Silver badge

Yes, if only everyone would be well-informed and act reasonably, this wouldn't be a problem. Also we could all spend our shelter-in-place time grooming our unicorns and taking afternoon trips through the wardrobe to Narnia.

I'll take Unhelpful Observations for $100, Alex.

Michael Wojcik Silver badge

Re: Online marketplaces descend into wretched hives of scum and villainy

Then their stash will be confiscated

Presumably by "then" you mean "after authorities review the complaint, decide it's actionable and worth investigating, investigate it, identify the perpetrators, bring charges, and secure a conviction". Because we are, still, sort of, in part, a nation of laws.

I wouldn't recommend holding your breath waiting for any of these confiscations.

HPE fixes another SAS SSD death bug: This time, drives will conk out after 40,000 hours of operation

Michael Wojcik Silver badge

Re: just like the printer cartridges

Well, no, it isn't.

The inkjet cartridges are planned obsolescence, and they self-destruct on a programmed date, regardless of how much they've been used. The SSDs fail after doing a certain amount of (presumably useful) work, and if the comment above regarding a circular buffer is accurate, it's an actual mistake in the firmware (albeit one that should never have made it out the door).

Inkjet cartridges (and inkjet printers) are a scam. This is a stupid bug.

And, of course, HPE doesn't sell inkjet cartridges; that's HP Inc.

Michael Wojcik Silver badge

I wouldn't say it's entirely bad luck. That's a condition that could be simulated in testing. I'd say the manufacturer did not do a proper job of testing their firmware.

Samsung says it has the future of DRAM sorted after success with new EUV process

Michael Wojcik Silver badge

Re: So EUV chips can be made faster, are more dense and they consume less

So ... the price stays the same, but the product gets better. An outrage!

Were I in the habit of buying computers,1 I'd be pleased to hear about this. Reducing power consumption alone is good.

1I've only ever bought one general-purpose computer, and that was 13 years ago. It was OK. I buy (used or remaindered) phones every few years, but that's because the damn things break and generally aren't repairable under reasonable conditions.

Michael Wojcik Silver badge

But RAM is much, much, much cheaper for the end customer, both byte-for-byte and in terms of what's suitable for a typical per-user workload, than it was a few decades ago.

In 1990, the cheapest RAM listed in John McCallum's data was $46 per MB. Adjusted for inflation that's about $91. The 2020 prices average out to around $0.0033 / MB, a factor of almost 40000.

If there's something strange in Symantec's neighborhood, who you gonna call? Not Broadcom, it seems: Systems go down, cut off customers

Michael Wojcik Silver badge

Re: Loosing customers in droves

Tsk. During this pandemic it's very irresponsible to be loosing customers. Keep them penned up, folks.

Tupperware-dot-com has a live credit card skimmer on its payment page, warns Malwarebytes

Michael Wojcik Silver badge

Re: PayPal

I don't like PayPal, personally - they're under-regulated and have a history of bad practices (e.g. cutting off services for organizations they don't like, apparently on political grounds). And the transition from the vendor site to PayPal is ripe for phishing. It's probably more secure than paying directly with a conventional credit or debit account, particularly if the site wants to store your payment details - I wouldn't trust the vast majority of online vendors to do that to a reasonable degree of security under a reasonable threat model.

But virtual credit cards are very likely safer, and they provide more control and privacy than PayPal.

Michael Wojcik Silver badge

Re: "the little HTTPS padlock shows up in the browser address bar"

I haven't looked at this in any detail, but based on the article (as I remember it):

The "code" is just HTML, specifically an IFRAME element. That element was inserted into the content included in some page served by tupperware.com. (I'm not clear on the exact mechanism; the article mentions malware contained in an image file, but something had to decode that and inject the iframe into the page.)

The IFRAME's SRC is a URL referring to deskofhelp.com; that's the server controlled by the attacker. So the content of the IFRAME, which is a malicious payment-submission form, is loaded from the attacker's server.

So some of the "code" (such as it is) is hosted by tupperware.com, and the rest is hosted by deskofhelp.com.

It's all HTTPS, so the page doesn't contain mixed content. The padlock indicator is working as expected.

Michael Wojcik Silver badge

Re: This is why

Single use, or for repeated payments (e.g. regular bills), dedicated virtual cards with tight limits.

I use privacy.com for that; so far it's worked well. I also like the fact that they'll accept any name + address information, so you don't have to provide real details to sites with no need for them.

Whoa, someone actually texted you in 2020? Oh, nvm, it's just Boris Johnson, telling you to stay the f**k at home

Michael Wojcik Silver badge

Re: Alert messages

In large areas of the US, these announcements are useful for warning about tornadoes, wildfires, and similar events which can surprise people in the area because they're relatively localized. Regions which are not so prone to natural disasters may have fewer good uses for them.

In the US the system is also used for "Amber Alerts", which are intended to help track child abductions, though in my experience the police are terrible at selecting the Amber-Alert geographic area. I've received a couple of those alerts for events 100+ miles away. And they typically don't contain much useful information ("believed to be in a light-colored truck" - oh good, that narrows it down), and if you're driving they're rather shocking (the alarm is loud), and you can't see the contents unless you read your phone, which at least a few of us still decline to do if we're operating a vehicle. So I've found the Ambers pretty much useless.

There are actually four alert levels - Amber, Severe, Extreme, and Presidential. Phones are supposed to let you turn any or all of the first three off, without having to root, though finding the setting can take some work. You can't disable the Presidential alerts because the President never says anything that's not accurate, useful, and terribly important.

Dell files to trademark 'Podference' – presumably the mutant offspring of COVID-19 and a virtual conference?

Michael Wojcik Silver badge

Why indeed?

Why would Dell want to trademark "Podference"?

Presumably because they're declaring war on the English language and good taste.

Anyone sufficiently tone-deaf to use a horrible portmanteau like "podference" isn't worth listening to.

(And as someone else already noted, appealing to the popularity of the iPod in 2020 is rather pathetic. What's next from Dell's crack marketing department? "Dell: The Pet Rock of computing!")

Michael Wojcik Silver badge

Re: Okay, let's sort the chaff

It's a trademark, not a patent. It applies to the word itself, not to its (supposed) denotation. It doesn't matter whether what it (supposedly) describes is novel.

Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it

Michael Wojcik Silver badge

Typical

Tainted data used as the length argument to memcpy. That's not even a mistake; it's laziness, pure and simple.

Of course even in this code snippet we have C code written by someone who doesn't know that sizeof is an operator, not a function, and its argument does not need to be parenthesized unless it's a type name.

Most developers simply don't have the discipline to write in C.

And an unconstrained overflow of an automatic-storage-class1 very likely is an RCE vulnerability on popular platforms. It's the classic RCE, going back to Levi and to Morris before him.

1"Stack", though C does not require a traditional contiguous stack, and the language does not use that term.

Your Agile-built IT platform was 'terrible', Co-Op Insurance chief complained to High Court

Michael Wojcik Silver badge

Re: Is this normal in the IT world?

These are "mechanic's liens", and they're governed by state law, not Federal, so the details vary among the states. Many states have imposed various requirements and constraints on mechanic's liens.

It's not just subcontractors - materials suppliers, such as lumberyards, can also file mechanic's liens in at least some states, as can architects and engineers.

Mechanic's liens encumber the title to the property, and are one reason why title insurance (which includes a search for encumbrances and irregularities) is required to secure a loan to purchase real property in the US.

There are ways for homeowners to protect themselves from mechanic's liens, typically including requiring the general contractor provide a Release of Lien when the final payment is made; the GC will have to obtain the dependent releases from the subs, which prevents them from filing liens.

It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

Michael Wojcik Silver badge

Re: "a miscreant can include a malformed multi-master font in a document"

That means that the miscreant is sending me a mail with a document attached

MIME called to let you know that many MUAs support embedding fonts for the main message text, no attached document necessary. Perhaps you have an MUA that's smart enough to ignore that bullshit, or at least let you configure it to be smart enough to ignore that bullshit.

In either case, it's more likely that said miscreant sends an email to someone you know, with some social engineering to get that person to forward it to various others. If I wanted to spread an email-borne virus around, I'd just send it to a mailing list, or kick off one of those agonizingly long everyone-forwards-the-entire-chain-thus-far email threads so popular at work.

Filtering by senders and subjects helps, but it's not perfect.

Michael Wojcik Silver badge

Re: font owning a PC

Actually, in the most recent releases of Win10, font parsing apparently runs in usermode with the privileges of the invoking user.

But note this is not the first RCE in Windows font processing. It's not even the first one in the Adobe Type Manager library. All of that crap needs to be taken out behind the shed, and replaced with something running in a safer environment. Font rendering has some excuse for wanting native-code processing for performance; font parsing does not. Routinely parsing thousands of font descriptions a second would be a very specialized use case.

Michael Wojcik Silver badge

Re: Aaaaaah, yes. Another security hole in Windows.

C++ blames machine code. Machine code mutters something under its breath about the CPU. The CPU glares in the direction of the nearest electron.

Michael Wojcik Silver badge

Re: Sigh. Not again...

Yes. @font-face is perhaps the stupidest idea in CSS, and CSS is not short on stupid ideas.

I routinely disable font downloading in my browsers, and I've never had reason to miss it. (And it's not that I don't appreciate a good typeface; I studied typography in one of my degree programs.) But few users will know how, or why, to do that.

All roads lead to Bork in Kansas as Windows puts on a show for motorists

Michael Wojcik Silver badge

Re: Hey, I know this one!

Hell, no. That's one of the more pleasant billboards I've seen.

(When I'm driving through Kansas - which I do pretty frequently - one of the best moments is when I get the hell off I-70. Partly, of course, that's just because now I'm off I-70; but partly it's because billboards seem to be rare on the non-Interstate highways. US-40 is really quite pleasant with no giant advertisements to annoy you once you're through Oakley.)

Michael Wojcik Silver badge

Re: road in Kansas

A central premise of the film is that yellow brick roads are not found in Kansas.

Watching you, with a Vue to a Kill: Wikimedia developers dismiss React for JavaScript makeover despite complaints

Michael Wojcik Silver badge

Re: Tab width

Space, tab to the next tab stop which happens to be the next position, two more spaces. Obviously.

Michael Wojcik Silver badge

Re: Wikimedia uses JavaScript?

Well, for one thing, it was written by people who aggressively refused to read, much less follow, the specification for the language they were using.

It may be better these days; I can't be bothered to check. But for many years jQuery was a fine example of how to do things The Wrong Way and then bitch when the broken code didn't work. And that alone is enough for me to reject it.

But then I've never needed it. When I wanted some scripting for some academic projects, I wrote my own library. It's not hard. And that way I could easily design the pages with graceful degradation for people who had scripting disabled, and readable scripts for people who wanted to copy them or hack them with Greasemonkey; and I knew the code complied with the standards; and I knew its provenance and that it was relatively trustworthy.

Michael Wojcik Silver badge

Re: Front-end development is a complete mess

When editing in vim, knowing how to use vim is superior to the alternative.

Tech won't save you from lockdown disaster: How to manage family and free time while working from home

Michael Wojcik Silver badge

Re: Household jobs?

I don't agree with most of the recommendations in the article, or in most of the comments that offer them, frankly. But that's the point I made in other comments. People are different, and telling other people what they have to do in order to work from home successfully is a load of crap. It's fine to make suggestions, but those proffering them should acknowledge that they aren't right for everyone.

Michael Wojcik Silver badge

Re: Bread

if you stick to a schedule and work 9-5 you'll be more productive than you have ever been

Sigh.

Perhaps this works for you. Not everyone is you.

I've been working from home for over 20 years. I don't stick to a 9-5 schedule. I work when I know I'm going to get something done; when I have to interact with other people in real time; when there's something that needs to be done soon. I get plenty done. Sometimes some of it gets done on Sunday afternoon or in the wee hours of a weekday, and that's the way I like it.

Michael Wojcik Silver badge

Antisocial distancing?

Michael Wojcik Silver badge

Re: Actually ...

What if I'm a painter who gets important email regarding viridian pigments? Or Viridian laser signs for my guns? While I'm pursuing my day job as a virility researcher? And doing research for my fanfic about Viritus Unitis, the famous warship of the Austro-Hungarian Empire?

Or, I guess, if I were a virologist.