Posts by Henry Wertz 1

Two points

a) The "hospitals being temporarily shuttered across the US" is some kind of nonsense, the kind of thing Fox News will fabricate. The US medical system has been broken for years, so rural hopsitals have been closing for years, leaving people in those areas with no emergency care whatsoever. New York is having it the worst, having to open emergency hospitals and such; but, no, there are not all these hospitals shuttering now.

b) If they tried those drones in a lot of the US, they would be shot down. I have to admit I'd probably bring a butterfly net and try to snag it. As a few others have said, here in the states, first there'll be actual police out, not some drone remote-harrassing people. Second, they'll use common sense, hassling people doing stupid things involving large groups or standing way to close together, not people trying to get out and take a walk.

Probably not as bad as it sounds

Probably not as bad as it sounds. I mean, Zoom was likely unaware that ECB had this property and should probably use something else. But, the shocking results with something like the Linux penguin are using a raw image format*; it happens because ECB works 16 bytes at a time, producing the same output when the same 16 bytes are fed in. With 16-bit (2 byte per pixel) data you'll get plenty of runs of identical 16 bytes. Run an image through PNG, JPEG, or probably H.264 or H.265 Zoom is using and run it through ECB and it's going to be irretrievable gibberish.

*in fact, googling, a ppm file (which has a short text-based header for the first 3 lines followed by raw image data, in this case 16 bit per pixel...), probably stripped off those 3 lines, ECB ecnrypted the 16-bit image data, and put the 3 lines back up top so it's a valid PPM image file again.

pandemic's no excuse

pandemic's no excuse for using badly implemented automatic moderation; moderation is one of the probably easiest things to do remotely.

I thought...

I thought they meant no facebook etc. pre-installed. That is a good think. Having an alternate app store with apps like this missing as a choice is not great though.

yeah

phil beat me to it, but I had the same thought, who is seriously going to have a cloud built out so it's typically 7/8ths empty? I figured something was off there...

security

i'm just guessing here, but i'd guess the security would be a mix of people who have things locked down, and ones who have opened things right up, and it'll be some big surprise when they get thoroughly pwned by viruses and whatever else flowing right in from the internet and their home workers dirty dirty systems.

Assholes

These guys are packs of assholes. They know their systems are being abused. These greasy scammers will falsify caller ID, illegally robodial every number in the country, multiple times a day, and don't even limit the dialing rate to the rate their scam recording can play, so numerous illegally abandoned robocalls (exactly 11 seconds of dead air then a hangup), recording that plays choppy because the system won't keep up, and ones where I can push "1" to waste a live scammer's time and it just hangs up because of system overload.

The feds are kind of assholes about this too; I got a nice package from the FCC since I filed a complaint for each and every illegal call I got, by that point over 1000 complaints; the FCC fined them like $100 million for the caller ID stuff (not for the actual violating Do Not Call list..), but let the scammers self-report income, so they of course fraudulently said they could only afford to pay the fine at like $1 a month AND THE FCC LET THEM DO THIS!!!!!!!!! They didn't seize their illegal robodialing equipment, and in fact didn't even actually order them to stop doing it!

This

"I think that reason contributes, but I also think most employers don't have the resources to start hiring right now."

This. Here in the states it really appears the economy has collapsed. The most alarming thing I've seen, going onto Upwork which previously would have had several pages (dozens) of IT listings per hour, now it has 4-5 listings per hour, it's dropped probably at least 90%. About half of those are people wanting remote desktops and FreePBX setups done (the other half are completely regular listings.) Oddly, these remaining listings are not having larger amounts of applicants pile onto them, application volume seems to have also dropped by 90%.

I took some graduate-level CS classes about 20 years ago; I think with several universities here opening up there online courses systems, I might take a few more of them...

To those at El Reg, good on you for having free listings though! Hopefully once businesses get over the initial shock, they will start needing some IT work done again and the listings will flow.

What you don't constantly upgrade your build environment?

What, you don't constantly upgrade your build environment? XCode 11.3.x and ios 13 sdk has been out for almost 6 months.

In all seriousness... I'm not commenting on the quality of PhoneGap or Codova (I assume it's just as ThomH says..), but Apple really does keep their developers on quite the treadmill.

I do keep my copy of Android Studio up to date and make sure my software will build on it; but, I "could" still build for like Android 2, with the studio software from way back then, and my app would still run on Android 10, and Google would not show up and say that it's against the rules to do so if I put that app up on Google Play. In my case, I followed normal programming practices and my apps are not complicated, so I've only had to update a line or two in my build properties, no code. But, the potential downside of course is someone who finally updates their build environment after years then have loads and loads of build problems and (since they haven't had to work around them over time, one at a time) having to fix them all at once could be overwhelming.

I'd consider one

I'd consider one, if I had the cash. My KeyOne is quite nice (but it's the BBB100-3 that is stuck on Android 7.1.1, because Verizon Wireless choose to ship a phone that claimed Android being kept up to date for 3 years, then got and shipped zero updates but the first couple Android 7 security updates for it.) Having a keyboard is a godsend. I know how to use the Android on screen keyboard, but it's simply awful to type on compared to a real keyboard, even when it's that small.

You know when I went to the store to find one, before the sales droid finally admitted they had no KeyOnes and no intention of stocking it (despite it being a Verizon retailer, when Verizon was theoretically stocking these phones...) their solution to the keyboard problem was to pay twice as much for some giant like 9" "phone", because the on screen keyboard on it would be bigger! Ha, as if!

It is kind of funny, the mainstream vendors (Motorola, LG, etc.) will take a look at a recent IPhone or Galaxy phone, make a phone that's the same shape, same types of trim on it, and even throwing on dumb stuff like a screen "notch", running the same version of Android, then whine and whine that they can't make their phones stand out from the competition. Well, that's because they DON'T stand out when you do absolutely nothing to make it stand out!

These keyboard phones sold reasonably despite the kind of problems that should kill sales -- in the case of the KeyOne running out of stock frequently, I'm sure losing sales; and making deals with the likes of Verizon, who "sold" it as a Verizon phone but didn't stock it in stores. I do think if Motorola or LG (or even Samsung, but they probably sell enough Galaxy phones anyway they don't have to do anything) made a nice keyboard phone or two, I'm not saying they'd break sales records but I do think they'd sell plenty to be a viable market.

The cruft builds up

Yes, they should have been careful about letting the cruft build up. Almost all distros rotate log files in /var/log/, but sometimes have a few other logs they don't rotate. It's common for them to update the kernel, but not remove any old ones (keeping one previous is sensible... I've never felt the need to go back like 5 kernel versions though!) A worst case offender, the binary blob Linux Canon print driver leaves GIANT files in /var/tmp/, like 70MB a page, and DOES NOT delete them! (/tmp/ is deleted on bootup, but by design /var/tmp/ is not!) I had to put some bit in /etc/rc.local to delete it's temp files! I've also seen where on some systems, in case it was powered off in the middle of an update or something, this doesn't cause a problem (the updater just re-runs the updates) except it does leave some junk files on the disk; again, no problem but over the decades this'll use up your free space.

Of course, they "should" set the filesystem read-only, but I'm sure they didn't since they needed somewhere to stick the ads.

It's easy to make a distro that "more or less" doesn't leak disk space. But, it's harder to make one that doesn't leak disk space AT ALL, and if you don't, years later you end up out of disk space as seen here.

Oh well.

Probably none?

The insurance co would not decide which bugs reported could be deferred until release 2? Yeah... First off, they probably don't want to use a system that's riddled with bugs and then rely on a release 2 fixing them. Secondly, it does seem like the developers ought to be able to triage bugs on their own pretty well, every system I've seen that's under development it's pretty clear that some bugs are real show stoppers, some are fairly serious, some are really pretty minor and some are "wish list" items. It does sound like this project went a bit off the rails; I'm inclined to think the developers bit off more than they can chew, but it is entirely possible the insurance co. has real messy IT infrastructure and set an unrealistic timeline for this to all get done.

"A remote driver simultaneously monitoring a few cars for the edge cases. As a more experienced driver they may even be able to handle emergencies better than a driver. As the Software gradually improves the remote driver can handle increased number of simultaneous drives"

No and no. A remote driver can't be monitoring "a few" cars, a vehicle emergency is an emergency, not something that can dealt with a second or two later when someone looking at several screens realizes yours is going wrong. Also, given there can and will be vehicles beside and behind these vehicles; is that remote driver really keeping track of what's beside and behind 3 or 4 (or more) cars? Oh, they aren't? Then their reaction may just cause the vehicle to sideswipe other vehicles or be violently rear ended. And no, as the software improves the remove driver absolutely cannot handle an increased number of drives, that would just make the reaction time and awareness problems even worse.

Not a police state

So, the reason they don't have that here is because Taiwan and Singapore are police states, and these other countries aren't. That said, sending texts to be responded to is a clever way of getting location info without some all-encompassing phone location system (that they probably don't have...)

I do have to wonder though... 1) given the flu symptoms, well, if I have a flu I don't feel like going outside. I wonder how much of a problem they even had with Covid-19 peoples wanting to go wandering around outside anyway? 2) I wonder how well being expected to respond to SMS messages works? Again, if I have a flu, I'm napping and such, I would not be responding to text messages.

I was going to joke about the "OH MY GOD!!! Look how many people are congregating at the phone repair shop!!!" when I thought they were just trying to track all these phones and decide if "too many" are in one spot. But that's not what's happening.

I wouldn't do it...

I wouldn't put WhatsApp on my phone. Order says they have to be reachable by phone, go ahead and text. Facebook does not need my private information.

not subect

Also, faa might not like it, but below a minimum flight level, you are NOT subject to faa rules!

Broken political system

"I heard an interview in Iowa just before the Iowa Circ-, er, Caucus took place, and one of the participants, a small farmer, said something to the effect of he did not like Trump but did not want socialism. As I understand it, there are a lot of government programs available to help farmers* so I was a bit confused about how this gent defined "socialism" and why he wanted no part of it. Perhaps it, like beauty, is in the eye of the beholder?"

US's broken 2-party system, imagine if you will if you have a center-left and center-right party; no other parties, with rhetoric for like a century INSISTING these are two near-center positions are utterly opposite and irreconcilable; of course, with only 2 parties pretending they represent all possible political views, the people who should be in some kind of neo-nazi party, or extreme-greens or whatever else will be shoved into these 2 main parties, but I've found in US most are actively ignorant of how proper politics work because of how long these 2 main parties have distorted the political landscape.

With this broken backdrop, I'm quite sure the politically uninformed farmer is convinced that HIS handouts are well-earned money and in no way socialist, oh no, it's only socialist when policies of the OTHER main party dare to provide handouts. Of course, both these main parties will also insist that each increase in federal spending THEY bring about is actually a decrease, the increases are the other main party's fault.

-----

T-Mo may manage to get some of this cash; they bought IWireless locally, and if they haven't already ditched IWireless' ZTE and Huawei gear, I suppose they will now. (IWireless' network was rather obsolete so they may have already replaced everything.)

CPNI

I wonder if anyone ever got my location? I actually implemented the little-known option on my account to bar 3rd party use of CPNI ("Customer Proprietary Network Information"), which is an additional privacy option -- which of course the cell cos try to make sure nobody knows about -- that is supposed to exclude an account from the usual pumping out your private data to 3rd parties. So even offering my location through a portal would then probably be breaking CPNI laws too.

Businesses gleefully paid the lower rates

"This article describes IR35 as a pay-cut which is patently not the case, it just means that these people will be required to pay tax, as everyone else is, and as they should have been all along."

Effectively it IS a paycut; whether these people have been dodging paying taxes, or (as one poster put it) used their "flexibility to use tax allowances and schemes to optimize their tax", either way these businesses have been gleefully paying the (somewhat) lower rates for contractors because of their lower tax burden. Guess what? If the businesses don't pay more, it IS a paycut; and, as the business is free to lay off their contractors at any time, the contractors are also free to leave at any time, and are simply exercising that option.

It sounds like in this case, it may have been a LITERAL pay cut -- I may be misunderstanding, but it sounds like Deutsche was expecting everyone to work through a specific outsourcing agency, who take a cut of the pay.

These agencies are honestly a big drain on the economy in the US -- especially temp agencies, I worked through one years ago and was shocked to find out I was getting $12/hour but they were getting paid $20/hour by the employer. This is for almost nothing... it's not the 1950s so they don't have a payroll office or anything, computers do it all; so basically the 33% was going towards paying 1 low-paid temp in an office (it doesn't go towards taxes, that all comes out of the remaining 66%, when I made $12/hour I was getting about $7/hour after tax.)

What he does in private...

So, Trumps a big asshole, and I don't think anyone should be fundraising for him.

The recent (few years ago) situation with Chic-Fil-A, people argued against boycotting them for some political activities of their owners; but, in that case, the owners were direct owners, they were essentially commingling company funds to fund their political activities.

In this case, Ellison is using his own money and his own property. The employees have a right to be unhappy about it, I don't think anyone should be raising money for Trump. But I also think he's entirely within his right to do so, and it's none of the company's business to tell him how to conduct himself when he's out of the office.

Obsolescence

For me the reason in the past to upgrade was incompatibility; back in the day, you'd have an 8088 or 286, but the 386 was such a big step in capabilities that rapidly that 8088 or 286 would not run a lot of new software. Or, once I had a 386 and Linux, finding you can't fit enough RAM. Believe it or not my first Linux box had 4MB of RAM, then 8MB, which was enough UNTIL Netscape came out. You'd have that 386, but one of those old video cards that only do 16-bit color at like 640x480, 8-bit otherwise, and need better graphics for something. Something newer would need a 486, which also had quite a few instructions; or later still, MMX or SSE (Pentium or new enough AMD chip.) Of course eventually Linux went to a 486 minimum (I did not have any 386s by then...)

Now, for me it's really the same reason -- but anything made about the last 15 years, you'll have USB ports to plug stuff into; 2-4GB of RAM with the possibility to expand to more (usually); full color at whatever resolution you'd like; if you're looking to expand, plenty is available for PCI and PCIe, and for SATA and still for IDE. The main issue still is CPU compatiblity; but you can have a 32-bit CPU with no VT-X (virtualization) and still run Ubuntu 18.04 on it (install server version then the "ubuntu-desktop" package and reboot), the only notable missing package is Google Chrome (no 32-bit linux build, but it does have chromium available.) The cutoffs to me now are 1) 32-bit -- it's fine now but there are packages no longer available 32-bit, and distro makers etc. are in the process of cutting most 32-bit builds for x86. 2) VT-X (virtualization), in Linux this means no 64-bit VirtualBox VMs, and of course no vmware or kvm, which isn't a big deal depending on what you're doing but is the other BIG example of "CPU too old, can't do it."

carry around my home directory?

Carry around my home directory? What does this gain me? Config and dotfiles can be freely copied anyway, or even symlinked if i'm definitely going to have the drive plugged in when I go to use that dotfile. I can click (in gui) or cd (cli) to get documents off a external.

Sounds OK

When I saw the "chrome to block downloads from HTTP" I thought "Dumb, why take all this control away? Not everything is life-or-death and needs HTTPS."

When I saw that it was mixed content (HTTP download links on HTTPS sites), well, that is fine. Having a secure page with insecure images, download links, etc. on it kind of defeats the purpose.

service class

I'm surprised as well that they are not either using the standard IP ToS (Type of Service) flags that VOIP services use for QoS purposes already, or at least making sure their own VOIP traffic get some kind of priority.

I suppose ISPs could be stripping these flags off as they pass traffic through, if VOIP traffic was not flagged as it came into Windstream's network I could see their equipment not prioritizing VOIP over other traffic.

last straw?

Of course, use of icann-approved dns is really voluntary. I wonder if icann realizes this? Push too far and people can and will simply start their own dns system and ignore icann's. (I know some alternate dns already exists but for now it largely mirrors the icann-backed dns system.)

Wow, that's bloated!

"A cynic might wonder if Microsoft could not get something that looks like little more than a jumped-up dashboard working as a PWA"

Exactly what I'm thinking... so, PWA ("Progressive Web App"), yet another new programming environment that is exciting and new, and everyone should really use it for everything..... is cross-platform but "device specifics 'can be challenging'" (and this for a web page with scripts, not a game or something...), and had "technical issues" running A DASHBOARD?!? Wow.

OK, I won't give them too much grief... this was pre-release stuff, and to be fair I've seen numerous web frameworks before follow the life cycle... 1) The brand new thing, hype about how great it is or will be soon 2) people try it and find it's (1 to 3 of) not portable enough, hard to program for, bloated/slow... 3) After several months, nothing's still using it and it disappears without a trace (well, if it's open source it still sits on github or it's own site but it might as well disappear, nobody talks about it.)

Hijack that browser

Yeah, Microsoft, hijack that browser!

Well, Firefox has gotten some warning (since this is just for Chrome and planned to come out for Firefox in February), so perhaps they can prepare to block this browser hijack. That is, after all, what it is, whether Microsoft thinks there's a good reason for it or not.

what's the point?

What even is the point of ddos'ing the game server? (I mean what's the point for whoever's hiring them, obviously for the people running the site... the point of them doing it is $30.)

Lag it when you're about to lose so everyone's kicked off and it's a draw? Player loses so they rage quit then ddos? Did they make some trivial change to the game some people don't like, therefore ruin it for everyone else? Simple trolling?

Ugh!

Ugh. I do expect a Linux server to restart when given a ctrl-alt-del at the console. I would NEVER expect some linux box acting as essentially an appliance (firewall/etc. as described) to start up in some maintenance mode rather than just booting up it's services. I mean, seriously... They would have had maybe 5 minutes downtime (if it boots rather slowly...) otherwise. Oh well, this kind of thing keeps IT people busy 8-)

simple

Simple... if the movie stream claims you need a plugin or extension, it's fake and just trying to load spyware on your computer. If it claims you have to sign up, fake, they're getting your info to sell to spammers or whatever. They always redirect from a (fake) video-specific page to a generic, site-wide "signup" page, that's what tells you they don't even have the video.

Of course with Star Wars not being out there will be no real streams yet.

Webassembly and other junk

Webassembly? I don't care; this is simply to allow something like llvm to produce runnable code, it otherwise is treated as Javascript in terms of security and what it can actually do to the computer. It makes debugging the code (probably) terrible but doesn't really affect anything else.

Access to native hardware? Sounds terrible, it already has access to my screen, keyboard, mouse, speakers, and (potentially) speaker and mic, and as far as I can tell access to read or write in my home directory. It DOES NOT need more access!!

Access to native APIs! HELL NO!!! Then you'll end up with abominations like Microsoft was encouraging about 20 years ago (with early .NET), so-called portable applications that are actually totally platform-specific due to use of platform-specific APIs. Also horrible for security; the Javascript runtime could be as secure as you want, but with access to native APIs this can let a bad actor punch right through whatever security the Javascript runtime has set up.

Why not /etc/hosts?

OK. So why wouldn't they put this in /etc/hosts? And (of course) force it to prefer /etc/hosts over DNS? It's for localhost connections so they DO have control over this. Oh well.

What wifi6 is

So, you may ask, what is wifi6 (802.11ax?) Well, the "10gbps" claims are adding multiple, wide 5ghz channels plus the 2.4ghz channel, adding all those peak speeds together. Yeah...

Really, in terms of anything new, 802.11ax adds 1024QAM instead of 256QAM being maximum modulation, this only speeds things up if you're within feet of the access point. Honestly not exciting, everything above 64QAM requires a good enough signal that they're mostly to have something new on paper, not really improving speeds.

What DOES improve things, the wifi guys decided with 802.11ax and REALLY rework how access to the channel is coordinated between the access point, the access point's clients (i.e. phones, tablets, etc.) and even coordinate some between it and neighboring 802.11ax access points. Note, this is on 5ghz AND 2.4ghz... They're expecting to DOUBLE speeds (on the same channel, with same amount of neighbors etc.) by doing a MUCH better job of avoiding packet collisions and retransmissions, and taking better advantage of technologies like multi-user MIMO (effectively, if signals are bouncing around so one antenna on the access point gets a better signal from one device, and another from another device, it can send and receive to both devices at once.)

Communication?

"It would be good, from the early days of their tenure, for them to talk about things like [extending the deadline] in terms of having an open relationship with their customers. They want to know, 'will you be refreshing, revising, or changing that deadline?'

But, SAP has answered that question, have they been revising that deadline? The answer is "No."

The bigger issues here (not specific to SAP)...

1) The "upgrade treadmill" in general. I mean, there's businesses who decided to go to a mainframe decades ago, and could relatively pain-free do upgrades of both hardware and software for decades without having to do what could reasonably be considered a software migration. I'm sure some businesses thought SAP would be similar, painful migration once then relatively pain-free updates indefinitely after that. It's going to be a rude surprise to companies if they are expected to do some 2-3 year migration like every 5 to 10 years.

2) Shutoff dates. Here's hoping for these customers that SAP support "ending" in 2025 means SAP won't provide further support for it; NOT that required online components are shut down, and they refuse to renew licenses that then expire and disable the software.

To me this is the bigger issue; before I made some software the core of my business I'd really like a) to know it can work "offline", not requiring close contact with some vendor-run server (so if they decide to drop support, that doesn't mean "the server's turned off so the product is dead or crippled") and b) Not a guarantee of perpetual "support" but (if it's licenses per quarter or year) some guarantee that if it goes out of support, I can get a perpetual license or at least keep paying annual rates like I had been in pepetuity (i.e. mainly not "the license expires end of year, no you can't renew it" or "you can renew it but it's 10x the cost to 'encourage' you to upgrade").

Not like jailbreaking

Apple flackey says putting on an app would "be equivalent to jailbreaking, it would pose a security threat, and the company cannot tolerate that kind of risk."

It's not, not at all. Apple, just like Google, doesn't have to give an app full control of the phone just because it's installed on it, Apple in particular heavily restricts what ordinary apps can do, and an app absolutely can be preinstalled and still be an ordinary app.

That said, obviously I'm not for some country saying the vendor MUST put locally produced apps. Even if it has the best intentions of boosting the local company etc., ask a Canadian sometime about what they think about their requirement to have some percentage locally produced shows on their television networks. (To answer that, some fraction think it's great, supporting local economy etc; the rest comment on how the required number of hours a day exceeds the even reasonably decent locally produced content, so several hours a day are just whatever they can find no matter how bad, instead of being able to import something better to air.)

The problem I'd see (aside from the assumption that the required apps will be spyware, which although this kind of law is extremely misguided, don't think that's the point of it...), governments are almost invariably slow and inefficient. So once a vendor's app is on this list, what incentive does that vendor have to do, well, anything? They're no longer competing in any kind of free (or restricted) market, they're competing with other apps on a possibly very short list; they don't have to keep their app relevant to users, make any improvements, or even fix bugs at that point. There's probably nothing stopping them then from changing the app from original function to doing nothing but show 50 banner ads when you open it. After all, it'd probably be pulled from the list then, but remember gov't is slow and inefficient, so it'd probably take them months or years to come up with an updated list with that app pulled from it.

In case you wondered "WTF is rust"?

In case you wondered, "WTF is rust"? In very short, it is like a modernized C, especially adding security features (to avoid buffer overflows, out-of-bounds access, etc.) I'm quite sure it adds other features as well (otherwise it could probably be added to C with a header or library), but the security is what they tout.

I'm pretty sure it's intentionally kept similar enough to C so that existing (well-behaved) C code can be ported very easily to Rust (of course, "badly behaved" code might run but would probably access RAM in ways that Rust would deem illegal. But it'd also shoot out compiler warnings and such in gcc already, and probably have security flaws.)

Reflective solar panels?

Reflective solar panels? Why not make them non-reflective? After all, the goal of the solar panels is to COLLECT solar panel, not bounce it back to earth and blind meteor detectors.

Nope.

"I wonder if they are getting hit because all their shared clients send emails via only a few ip addresses?"

Nope, it (at least used to be) absolutely routine among some internet providers here in the US to completely block port 25 (except to their own mail servers), forcing all outgoing mail to go through their mail servers. ISP with 100,000s of customers, all mail coming out of a handful of IPs. The online time I heard of one getting blocked was when one of these ISPs decided they could make extra money by not enforcing their spam policies; when the whole E-Mail system dropped dead (combination of overload from the spammer's piles of spam plus being blacklisted), they did quickly decide maybe they should enforce that policy and booted the spammers back off.