Posts by Ken Hagan

Re: It's a big round ball wizzing round the sun innit?

Pluto and Neptune are in a resonant relationship, so they don't actually ever cross each others' orbits. That's kind of why Pluto is there.

Re: The layers keep piling up

"I own a car it is my duty to know how it works."

We all have brains, but no-one knows how they work.

Re: A total waste of effort to support a transparent bluff

"The EU has made it clear that we can drop Article 50 and return to EU membership and normality."

Not officially, and with good reason.

Whilst various EU politicians have made this suggestion, it hasn't actually been offered formally and with good reason. Article 50 *is* the point of no return. The point of the 2-year period is not "cooling off" but rather to let everyone adapt. If it were possible to change your mind 23 months in, a lot of people who had spent the 2 years spending money and making plans for the new arrangement would be right pissed off that they'd been deceived. There's no way that would not end up in court and (in my view) equally no way that all 27 remaining EU members would agree to even try it.

The point has also been made *several* times, that if the UK gets a special favour and ends up with a nice deal outside the EU then the electorate in many EU countries might start voting for anti-EU parties. Even those who don't want to "punish" the UK are opposed to the idea of "rewarding" it.

It is conceivable that the UK might be allowed to fast-track its re-entry, but it would spend at least some time officially "out" and re-entry would be on the terms that are offered to any other third-party. That means accepting the Euro and no special "rebates". It is very unlikely that this would get past any UK referendum on re-entry and also very unlikely that the UK could re-enter without such a referendum.

Re: It's about surveilling everyone? This does not matter

"The only alternative is to force companies by law to roll out defective encryption that opens all communication, mail, bank accounts, etc. to criminals. Which government official wants to explain why that might be a good trade-off?"

And how long will it be before his or her bank account number is public knowledge?

Re: people who really understood

"That's why tools designed by people who really understood software development and deployment - unlike git developers, who stubbornly believe the whole world should work only exactly like they do - have an "export" command to publish a tree without any of the management files/directories."

Umm ... Given git's structure, I'd have thought that copying your cloned repo and removing the ".git" directory would be ... "a tree without any of the management files/directories". I suppose if you are completely paranoid you could remove the ".gitignore" file as well.

Re: The return of front page

How about 1000 dysfunctional websites that only work on the developers machine?

Re: IPv4 Address Pool Has Been Expanded Significantly

The 240/4 proposal is no more backwards compatible than IPv6. Once you consider all the likely combinations of "aware" and "unaware" endpoints and intermediates, you conclude that everyone's stack needs to be at least partially aware. That means writing, testing and deploying dual stack software on zillions of existing boxes. For IPv6 that task has largely been done. For any and all rival proposals, you are twenty years behind.

Re: @ Chinashaw

"The UK will just continue with no border..."

For a day or so, until the Daily Mail runs with some screaming headline about how bazillions of (shudder) foreigners are using Eire as a back-door into the UK.

In other words ... no.

Re: The FoI – a glorified sales pitch

"Anyway they wanted a copy of our org chart, probably so they could add a few senior names to their cold-calling rota."

These days I guess you could respond to the FoI request with an org chart that was topologically correct but that omitted the actual names for GDPR reasons.

Re: Bah!

I refer you to the reply from LDS, above. You are close, but it is actually a Dilbert strip.

Re: Ignorant

Not *that* long ago (https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/) and the link you provide describes a technique that would not have helped in that case because "missing package" is exactly what an integrity check failure is required to look like. Then there is the fact that if you know exactly what you wish to import and refuse to import anything else, you might as well host it yourself rather than steal bandwidth.

Re: Forget the geeky stuff, sort out the user experience.

"Adobe Photoshop doesn't have much to do with mud houses."

But Acrobat accurately reflects how your documents will be turned upside down and twisted in strange ways by the malware that came along with it.

Actual "guarantees of origin" would be very useful. For example, if your spam filter had "origin" data to work with that was guaranteed to be reliable, it would be trivial to bin anything from "someone I don't know who lives in a country I have no dealings with". For many people, particularly outside business uses, that would basically be a cure for spam and phishing attacks.

Re: Now *there's* an EU initiative ....

If you are only aiming for 80% coverage, what's already there is enough.

The more interesting question, given Microsoft's apparent suicidal desire to break with their own past, is when will the FOSS alternative start to be more backwards compatible than the Win10 treadmill? For some people, that is already happening.

Visual Studio is not part of Windows and because Microsoft believe in Chinese Walls, stuff that isn't controlled by the Windows team does not get distributed with Windows.

Each build of Windows is, of course, built with a particular version of Visual Studio and so that version of the runtimes will be bundled. However, earlier versions probably won't be and latter versions clearly can't be (at least until Raymond Chen finishes his time machine).

Re: Facebook and their lying bots

"but not a single customer reported seeing the ad"

Ah, but that's the clever thing, you see. They don't need to remember in order to be influenced. It's a Jedi thing, I think. For example, I can't remember any of the ads I've seen at any point in the last decade, but they've all been devilishly effective in twisting my purchasing choices, so it was money well spent.

Re: When does the hunting season

The US PTO is just doing the job that Congress gave it. The hunting season you are looking for is "congress-critters with room temperature IQs".

Re: Does it include

"The essence of enumerating things like those is that there's always another one to be added to the list."

Here is one more that I didn't see mentioned in the article: a sensor that is working but delivering an entirely bogus, yet sane, safe value, with enough noise that you'd reckon it was ok.

Anyone who has attached real hardware to a computer at some point knows how common this is. Anyone who has read comp.risks (or similar) knows how commonly this isn't handled well in software.

Re: I still think they're majoring in the minors. again.

"Now - tell me how this helps my day to day operations."

Seconded. I'm really struggling to see a use-case where I need to mix Linux and Win32 tools in the same command shell (or moral equivalent). As far as I can see, that's the only use-case for this because if you just need to run a mixture of software then you are far better off using a VM. (Specifically, unless you have some hardware that is strictly Windows only and can't use something like a USB pass-through, you should put Linux on the bare metal and stick Windows in the sandbox.)

As an added bonus, you can also use this technique to prevent Win10 from doing a six-monthly bork of your system. If you give the Window VM less than 2GB RAM, it will refuse to install the next feature release and simply carry on patching the version you are on.

"That's great that they are flocking to IT if it's a comp sci course with some proper hard science behind it."

It's getting there. I'm not sure quite what I'd put in an entry-level course but what's in the current crop of GCSE and A-level computing courses is not obviously wrong and some of it is certainly right. The "proper hard science" is more difficult, since no A-level course is allowed to assume that you are also doing Maths at the same level. Good luck doing "hard science" with only GCSE-level maths. The same problem afflicts A-level physics, of course.

They are both entry-level courses, by the way, as is the first year undergraduate course at a UK university. We still aren't at the stage where you can assume that A-level candidates did the GCSE or that undergraduates did the A-level. (Contrast that with almost any other STEM subject where you'd be laughed out of the classroom if you hadn't taken the "previous" exam.)

Re: Middle ground

"Or guarantees that only VMs for the same customer of a given security level are running on the same machine. "

That eliminates a fair percentage of the economic benefits of moving stuff to a cloud you don't actually own yourself.

With Spectre and Meltdown violating security in one direction and this SGX bug violating it in the other direction, the case for migrating your shit back to home turf is probably made. (In effect, yes it will cost a little more, but you'll be able to run all your processors at full speed rather than hobbled by mitigations, and so the equivalent hardware will cost you a lot less than it would cost (say) Amazon.)

Re: Intel only?

"And why the sly reference to Israel?"

Because Intel have a major presence there?

(You don't have to give the Jeremy Corbyn treatment to everyone, you know.)

Re: Beyond Parody

I can think of at least two nations you might be referring to, but I can't prove either one. You'll have to be clearer. :)

Re: Wasps

"Take off and nuke the site from orbit, it's the only way to be sure"

Yes, but the neighbours do whinge so when we do that...

Re: US Elections

So it's a toss up between the Russians and the Chinese, then?

Re: dispatch or despatch

I'm curious now. I've lived in the UK for half a century and I'm pretty sure that's the first time I've ever seen any suggestion that "despatch" isn't the work of an illiterate. However, some googling would suggest that a number of web-sites are prepared to say that "despatch" is how my fellow countrymen have been spelling it all of these years. I suspect that most of these sites are US-based and prepared to accept that the UK spelling is different without bothering to research the matter, but I can't be certain of that.

So how many people reading this would write "despatch", where did they learn their English spelling, and when did they learn it?

Re: Yet Another case of "Security by obscurity"

"That doesn't work."

Well, security by obscurity hardly ever works if you document it, as noted in the Fine Article.

Re: Interesting but ugly

"Everybody sane tries to spell identifiers with consistent capitalization anyway"

Consistent with what, exactly. Certainly not "everybody else".

UNIX consistently spells usernames all-lower-case, despite the fact that US culture (where it grew up) does not spell people's names that way. Some email systems are then case-sensitive and others are case-insensitive, and where an email address is used as a user handle there isn't even an RFC to point to for the right answer. The result is that you just have to know whether the system you are talking to wants:

your.name@example.com

Your.Name@Example.com

Your.Name@example.com

or perhaps something else entirely.

You guys need to get out and talk to real users. A computer that rejects input because you didn't exactly replicate the case that it had in its little head is a "*&%ing stoopid computer written by a £$%-ing nerd who throws a hissy fit if he has a prime number of baked beans on his toast".

And as with addresses, so with files and so with variable names, because the underlying reference model for all of these is "names as they are written in normal language".

Re: What if you don't allow JS at all?

"yotta yotta"

Is that like yada yada but 10^24 times bigger?

Re: New internet standard...

"Unfortunately a lot of websites routinely strip that information and for average joe, that information is usually not readily available."

Given that we're only talking about a handful of bytes here, I can't see any legitimate reason for stripping EXIF copyright data. It is an evil practice. It makes it harder to trace the copyright owner, which makes it more likely that the owner won't be traced, which is just anti-social. To systematically cover your tracks in this way, for all images on your web-site, makes it look like you have something to hide. Perhaps one or two of them shouldn't be there, but which ones?

Of course, for *other* bits of EXIF data the opposite reasoning applies: https://www.kaspersky.com/blog/exif-privacy/13356/. Fortunately, it wouldn't be hard to write a program that stripped out privacy-related data whilst preserving copyright-related data. Unfortunately, you then still have to persuade people to use it.