Posts by ElReg!comments!Pierre 2711 publicly visible posts • joined 22 Jun 2009
> " most open source developpers are not unpaid enthusiasts" - yet many are.
Uh, what about "No, they aren't, and you're full of shit" ?
"Sure. I'm not paid to post here.... nor I steal my paid time to do it."
Actually I'm not sure how you ended up here. Pretty sure you don't "steal your paid time" for it, as you put it Not totally sure that you're not paid for it though, but if so it's most certainly a waste of money.
"It was made by many, and repeated over and over."
Proof?
" where's the proof? The link you post is just a sample of a single application"
A single application that leaves 7600 national-security-grade very large plants wide open to pretty much any script-kiddy with no particular skill. Trawl tech news and you'll find plenty such examples, including powerplant control software and the like. Looks pretty serious to me.
"And yet, to patch some code, you need someone really skilled and with a deep knowledge of the application domain"
True
" - plus a whole build and test system s- sometimes you can afford both, sometimes you can't, thereby there's very little difference if the code is available or not, you're in the hands of the code/application supplier anyway."
Also true.
But in one case you get something that you -or someone of your choosing, or anyone- can check. In the other case you get something that you can't check, that you KNOW may have not been checked by anyone (because who has spare money for extensive checks when they know that you already paid and no-one can point the finger at you, ever, anyway?).
Sorry but put in the light of pure profit logic, your post suggests that closed-source software is necessarily bad. Now my guts tell me that it's not what you mean. Peraps the problem is that you posted this on your spare time, that would explain why your argumentation is blatantly full of holes. You should hire someone to make the argument for you. I'm pretty sure it would be better (can't be worse anyway).
Oh, just so that y'all know: most open source developpers are not unpaid enthusiasts: they are skilled developpers who are paid for their work and don't fear putting their own name behind their work. The same ain't true for closed-source software.
The good thing is that we know there were 3 people involved, none of them an unpaid summer intern.
Now, when you buy in a closed-source piece of software that "securely" controls how your customers pay you... can you safely assume that it wasn't put together in 2 weeks by an unpaid summer intern?
[DISCLAIMER: no unpaid summer intern was harmed in the making of this post. Unpaid summer interns are what keeps the industry afloat, else we would have to pay developpers, that means cuts in the shareholders' dividends or management junkets, god forbid]
"Open Source then enables you to develop a fix yourself if suitably equipped (or by paying a developer), whereas with closed platforms you're left to wait until the supplier gets round to it."
I can't stress enough how right you are.
"doubting the statement that being open automatically equates to being safe."
Doubting -in retrospect- a statement that no-one has made to begin with is an easy way to look wise indeed.
On the other hand "show me a piece of code that you think is 100% secure, and I'll show you a piece of code that I know to be potentially exploitable."
You can cite me on that anytime. The means of exploitation may not be obvious yet, or the vuln may need some tech that hasn't been invented yet, but "potentially dangerous" is a certainty for code. ANY code. The good thing with open code is that vulns are weeded out rather quickly, and constantly. Don't give me that "2-years" or "10-years" crap: yes it happens, but rather rarely AND closed source is demonstrably worse: thousands upon thousands of "national-security"-grade plants are still running closed source control system software that is much more easily exploitable, and much more difficult to patch. Due to schoolboy-grade bugs that are almost 20 years old.
Things like this for example: http://www.bbc.com/news/technology-26881970
Now imagine how it is for less-critical stuff. To give you an idea, at work I upgraded 3 desktop machines from WindowsXP to Windows7 3 weeks ago. Windows7 was released in 2009, that is 5 years ago, give or take a couple weeks. Guess how many times a week it still needs a security update? (and I think it's a bloody good thing, too: see my statement above).
> I will not be amused if the brakes fail, and I am chided for not having checked them over myself.
I think it's still among the first few things they teach young drivers:
- check the tires
- test the brakes
So, your analogy kinda sucks, Of course you knew that already: it's a car analogy. These very rarely work.
I don't seem to recall Jobs presenting snake-oil-merchant slides to diss the competition; seems like he wanted to push the idea that his products were "special", as in, not on the same level as anything else.
Try and push the idea that your product is "99% better than the competition", and people may start to think that maybe you're just talking shit, that your kit is "just another phone" and think about doing real comparisons. Risky for a brand such as Apple, almost entirely built on unquantifiable "user experience" values. Time will tell, but there will be no Jobs Emergency Recall button this time to save Apple with the iMac, so Tim may want to thread more carefully.
Most definitely NOT working for me; for example in the story
http://www.theregister.co.uk/2014/05/29/new_iss_crew_expedition_40/
all I see in lieu of the video is the text "YouTube Video" (which is in accordance with the page source, if somewhat uninformative); no other info available.
I can follow the "YouTube Video" link; then on the YouTube page I can find the video description, but that's a bit complicated (made a bit worse by the fact that YouTube's website is not especially optimized for text browsers...).
As I sometimes browse El Reg from the console (using w3m, as lynx suXX0Rz), or from otherwise image-impaired browsers, I very much appreciate the text subtitle. Now if we could have a (even brief) summary of the videos, I would be Bob's nephew (reading shorties in which neither the title nor the body of the article let you guess anything about the content of the video, which is the actual content of the article, is very frustrating!). I'm sure it could be done unintrusively thanks to that wonderful instrument included in standard HTML, "alt". I'm sure you've heard of it.
"Yeah. What possible use is a well-built portable UNIX workstation that ships with rock-solid OS."
Yeah, that's a very useful thing. I own two of these, thank you very much (none run AppleOS, incidentally). One (the non-mobile) I built from parts that I bought in full knowledge of what they could do, and of what I want to do. The other (the mobile one) I built from a Dell basis; I'm pretty satisfied with the result even though Michael Dell wouldn't recognize his cub.The 15 inch MBP, on the other hand, is everything BUT a professional workstation, portable or not. The 17 inches MBP comes closer, still lacks the full keyboard though. No cigar.
"No. I do real work rather than piss about with summation tables in Excel, so not sure what I'd use that for."
So, your line of work doesn't require a workstation. I'm fine with that, and so should you. Not sure why you are so agressive about it. Also, not sure why you bring up MSExcel or summation tables. MSExcel works fine on a MacBook Pro, on a ChormeBook, or any such consumer device. MSExcel is, in it's "special" way, the archetypal consumer app. If that's all you can think of, then you truly have no need for a professional-grade computer. No offence.
"I've yet to be convinced by mobile workstations this size [...] Better off with a lighter 15" affair "
OK. Show me a 15 '' affair with an optical drive, an expresscard slot, a primary drive plus a bay for a second drive, a full keyboard including a numerical keypad, several (and by several I really mean MANY) USB2 slots AND as many USB3 ones (OK, just USB3 ones if it has at the _very_ least 3 of them). Thunderbolt on top of all this IS appreciated, but not a realistic replacement for any of the previous. Seriously, it's a workstation and all y'all complain about is movie-playing-related? Never realized that bluray can be used to store non-movie data? Pah! ioof diz dez.
A "pro" machine used to be a machine that "had it". That is, to be considered a good pro machine, it had to have everything you could reasonnably need in a professional environment. A machine that you had, and when someone started their sentence with "does it have..." you could confidently answer "yes, it does" without waiting for the end of the sentence (a bit like in these annoying ads for a car, don't remember which). This is a machine from this ancient lineage. Unlike so-called "prosumer" machines which have a "pro" price tag and a "sumer" set of feature, this is a Pro machine of old. It's not pretty, it's not light, but it can handle pretty much any situation without need for the "your hardware is too unfashionable for my computer to even aknowledge its existence" argument, which is always a lethal hazard if a properly-equipped BOFH is at cattle-prod-length.
Also, that MacBook Pro of yours, I take it it has a fullsize keyboard with a numeric pad... no?
Actually I don't know why they keep the "pro" in the name; the MBP is a very nice consumer machine, but over the years everything "professional-like" has been removed (but the price). Sure, you can buy and external optical drive, an external numerical pad, an external hard drive etc, to return it to a full setup; but then what's the point? And you definitely can't add an ExpressCard slot.
"Yeah creative types like Linus Torvalds."
I bet Linus Torvalds has a real workstation back at home for when he needs to do something else than answering mails and watching movies.
"Very few people need optical drives these days"
True, and very few people need a real luggable workstation. Like this one. But for those who do, a MBP just won't cut it. There's the optical drive (no, an external on won't do the trick; sometimes you just need an "everything included" machine that you can carry from place to place without worrying about fragile dangling attachments). There's also the bay thing. If you can't easily cram a drive in and take it out, thanks but no thanks.
"everything else goes over the wire(less) or on thumb drives. Optical is just too damn slow and small"
Aha. So, BluRay is too slow and small but WiFi is fine?
"I'd go for a 15" Macbook Pro"
Probably fine for crea-types, as a fashion accessory for boardroom meetings or for solo media consumption at the local overpriced caffe outlet. For my usual kind of work, no bay, no buy. And no optical drive means it's not even worth a cursory look to begin with. This is supposed to be a serious workstation (not that the MBP isn't a pleasant machine; it's just not intended for the same use).
"Maybe a watch would be better as a feature/dumbphone rather than simply trying to squash a smartphone into a different form factor"
Au contraire, mon ami . The "smartphone" part is the part that would entail the voice command recognition part which, in conjunction with the bluetoth headset, would make the think usable (for some definition of "usable", depending on the implementation. YMMV, IMHO, IANAL, RFLMAO, WTF)
"Sort of like how Apple didn't try to make the iPod Nano/shuffle use the same UI as larger versions."
I don't get the parallel; I can see how it works on the size angle, but as for the UI are you advocating a return to the casio-style watches that you seemed to diss in your first sentence? Or a morse-style dialing method on a simple 1-button design? I can't really see either realistically taking off except with nerds (hey, this morse thing, I'd buy it if it's cheap enough. Typing the number then the SMS is morse, nerd-tastic!)
I'd really like an updated 9-incher : a cheap robust, clamshell, no-touchy thing, SSD. A 9-inch chromebook, in short. That, and a WiFi Ben Nanonote -or a WiFi micro-SD for my existing one(s).
If I can't have these, a cheap UMPC with 720p output support (for the occasional on-the-go presentation) would replace both, sort of.
All of my other IT needs are covered (Raspberry Pi for media, everything else I need I can build from scratch).
"Let's see, when I park my car in a parking garage and need to remember where it is, I can take a picture of the nearby "Floor 5 Row J" sign much faster than I can type it in in my "notes" app."
For this I have the latest of tech. I believe they call it "brains". I'm told it will be available in the US anytime now...
Ahem, sorry to interrupt a perfectly good fit of all-out whiteknightery, but signing on a mobile phone is a very specific issue; it is, as you surely know given you high-horse-powered rant, nearly infeasible witha hand-held device; the preferred way is to have a 2-parts device and put it upright on a table. That's because otherwise you can only sign single-handed, which is very limited and akin to typing (only much slower and much more prone to errors etc). As this here thing clearly can't stand on a table by itself, that's signing pretty much out the window already. But wait, there's more! Signing on a low-res, low-bandwidth device like a cameraphone is a nightmare EVEN if the device stands by itself on a table, because the video is low-res, often laggy and choppy. Signing is made feasible thanks to services that enhance specifically the head and hands regions of the video. Of course you have to check for support of these before buying... So, for deaf and hearing-impaired people the choice of a mobile phone is quite a bit more complicated than just grabbing the latest budget (or shiny) phone... complaining about the lack of front-camera for sign language on this phone is a bit like complaining about the lack of heliograph support.
> Nobody's mentioned the possibility of using a front-facing camera for sign-language.
Probably because it's a little daft? Why would you want to sign on a crappy camera, wobbly device held at arm's length so that you can actually see the signing hand, single-handed, possibly over a laggy/choppy connection when the same device can send perfectly legible text messages, and faster?
I've never used either camera on a phone. I own proper cameras that take proper photos (I'm kinda photonerdist, you see). For that reason IF I ever had to use a camera on a phone it would probably be for videochat not for lolcats, so it would be the front cam. But I'm not really into videochat, especially not on a tiny wobbly device. So, no problem for me.
If the Rooskies stop cooperating with the US, not only the merkins won't have a way to go there, they will have nowhere to go to. That's often forgotten by the proponent of a huge pile of cash dropped on Ellon Musk. The US part of the ISS is a module added to the russian core. Without cooperation it's just a huge freezer to store the vodka-in-a-tube supplies.
"content providers" need view far more than browser makers need users (specifically, they need far more of them). Mozilla has at least as much leverage as the DRM pushers here, ad probably more. Them folding is a bad move indeed. I suspect they're afraid of Google, as chrome+youtube is certainly a powerful tool to attract the kids. Anyway, I don't use Mozilla software much these days, and most of my browsers don't even talk javascript, so I'm probably shielded from DRM for the next 50 years or so...
I type almost all text in restructured text or lout, all data in csv, and all graphs in python scripts (veusz or pylab, depending on my mood); it's still usefull as GBs seem go by as fast as KBs in the old days, and you can still fit 100 times the same amount of cruft in the same space if individual pieces are 100 times smaller...
Plus, that way I avoid the compatibility hell that all my coworkers seem to live as soon as they try to open their files on a different device. At the very worst I can get to the important bits with just a text editor...
"less accurate because it has less divisions"
Interesting. Care to elaborate how the foot has more divisions than the metre? And how that makes it more accurate? Is it because the femtofoot is smaller than the femtometre? That would make the foot 3x more accurate than the metre, give or take. Am I correct? Perdon my ignorance, I've been to school in a country where the economy was fatally crippled some hundred years ago by the massive cost of switching to a coherent unit system.
>If you can figure a way of doing that
I'd say any pimply-faced student with basic PERL knowledge would crack this one in roughly 30 min.
How disheartening for them to learn that they could make $110 M per 6 month instead of working night shifts at McDonalds to pay for school.
Agreed. The ring form-factor looks pretty impractical.
I've tried a couple ways to control tech, and really nothing beats a proper keyboard; I use a small one with a built-in trackball, much better than a trackpad; I would not exchange it for this ring thing which incidentally is 10 times the price. A wand-like device? Perhaps, the wrist movements and the clicks would be much more natural. As long as you don't have to type text of course, unless there was some sort of 5-keys system à la wrobot on it, as virtual on-screen keyboard are all a bit shit (especially the move-the-pointer-and-click ones).
Yes, but in large organisations there's always the odd box under a desk that hosts a "pirate" server setup by an intern 3 years ago, badly configured and unpatched because you wouldn't expect Lucy from receiving to know her way around sh (and the root password is long lost anyway).
Heartbleed is a fairly easy vuln to test for, so there's no false positive (as outlined in the article) and false negatives are necessarily very contrived set-ups. It's good that the false negatives are found and added to the detection tools, but there are very few systems affected in the real world. Of course you wouldn't want them to be yours...
In any case the detection tools are mostly useful for the clients. As a sysadmin, if you're going to spend that kind of time checking if your pant is down, chances are that you'd better use that time to update OpenSSL instead.
and time again, fingerprint scanners can be fooled by a dedicated team with heavy equipment. In a lab. Set up specifically for that purpose. With previous knowledge of both the "key" and the target. Within FOUR DAYS, assuming the target did not notice their ultra-hush-hush device went missing. FOUR DAYS AGO.
Bah humbug.
Meanwhile, "good" passwords are cracked almost instantl by the million every single day by virtually anyone on the planet, leading to numerous kinds of frauds, costing real money.
Kids these days.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
