Posts by Lee D 4259 publicly visible posts • joined 14 Feb 2013
Emscripten literally has a console - and can feed into either a separate frame on the HTML page, or into the browser's console itself.
printf() and scanf() work as expected.
The only thing that wouldn't work at all would be in-line assembly.
Maybe play about with it before you comment?
What is WebAssembly?
Javascript. Or thereabouts.
And can you really compile C/C++ to it?
Yes. Same as Javascript. It's just a "virtual machine" / "state engine" in effect. Have been able to do this for years, this is just slightly more standardised than asmjs etc.
And it'll run in browsers?
Yes. In the browser security DOM. So when you "open file", it has to be preloaded into the browser by a specific action, you can't access the hard drive or download stuff willy-nilly, or anything stupid. You can't talk out on arbitrary network ports (but you can set up a WebSockets server on your end if you wish to "talk" to the same server as the code was downloaded from over HTTP/HTTPS). Audio works (subject to browser control), video and GL works, keyboard input, etc. work. You can do everything that a normal website can do, and everything else is emulated. Libraries like SDL have supported it for years (so you can convert SDL games to the web relatively easily).
If you want to have a play, download Emscripten, and use it to compile some C code and see what happens. Everything from Hello World to full OpenGL games can work if you know what you're doing and cut out the stuff you're not allowed to do (e.g. convert networking code to use Websockets). You might even want to look at websockify, which can turn a normal program into a web-socked version (e.g. run Client in the browser, via WebAssembly, communicating with Server at your end running websockify... the two will talk as if they were connected via normal networking, but it will all go over secure Websockets).
Honestly, try it. It's fun if you're a coder to see 20-year-old SDL C99 code load up in a browser and run as fast as you remember it.
"Linux, quite happy to thieve anything from anybody when it's convenient then try to place a viral license on it."
I think "thieving" ZFS would be extremely convenient. They won't touch it through *principle*, not convenience.
For reference, many things could have been put into Linux for convenience but literally never made the grade. Go ask PaXTeam / grsecurity. It would have been very convenient to take the work that they wanted the kernel to pick up and just put it in.
Instead, after over a decade, the Linux people *went out of their way* not to, because it wasn't done by the right procedure, and rolled their own solutions instead. For years, people were trying to get grsecurity into the kernel and with the licensing they could have just slapped it in any time they liked. They didn't. Instead they reinvented the wheel and put their own in.
And they have literally no choice about the licence. They haven't had for decades. It's GPL-v2-only, now and forever, and cannot possibly change without rewriting huge portions of it all over again. It's a fait accompli, and there's nothing anyone can legally do to change it now because of all the work of dead, uncontactable or unwilling contributors meaning you can't ever change the licence. You can't even GPL-v3 it, it's that tightly bound to the code now.
"San Diego has ended its seven-year experiment with facial recognition"
Yup. Could've told you that. I'm sure someone enriched their pockets by doing it but it's pointless as the false-positives are far too high, and far too important to leave to a computer system alone.
Every trial I've read, the only "arrests" come from random incidental things - i.e. they stopped a guy on a false positive for a mugger, but he just so happened to have some weed on him, so they nicked him. Nothing at all to do with any success of the system.
Your first example is literally enforcing the laws. One minute / small violations are still violations. Don't do it, you can't be fined.
Your second example is literally illegal.
Neither are good reasons for not funding a government enforcement agency looking after millions of citizens data properly.
"US contractors may have copied data to the US. That is not the same as the UK giving the data to the US."
In the eyes of UK and EU law, that step you missed is more important and damning than anything else.
You cannot just give that data, covered under UK or EU DPA's, to foreign contractors. That's literally illegal, and even with an "agreement" in place if the data is ever exposed YOU are liable for all the fallout (and the very act of allowing it may be illegal whether or not it's exposed).
This has been drummed into everybody who deals with DPA or GDPR for years now. You can't just say "Wasn't us". You gave it to them. You shouldn't have. No matter what promises were made to you, it's YOUR responsibility. If you've been irresponsible, expect major fallout as if you'd done it yourselves (but actually worse than that, because it wasn't incompetence, it was basically deliberately done against all advice).
You can't give UK/EU data to other countries, it's that simple, and every person you give it to is your responsibility no matter who they are.
I keep saying that we need a website, with a queryable API, that returns things like:
MD5: Insecure.
WEP: Insecure.
SHA-1: Vulnerable.
SHA-256: Viable.
And that everyone can query. Then you can have things like deprecation warnings for any software that is using them and cares to check as soon as vulnerabilities come to light.
I don't have broadband at all, I just use a 4G dongle.
I do 100-200Gb a month, which is way within the average broadband use for a home.
Never do I see a "speed limit" (i.e. buffering, stopping, pausing, things just not streaming, games jerking, etc.) but it's not the fastest thing in the world (I have 1000 games on Steam, though, so there's quite a bit of downloading large updates every now and then).
Also works out a damn sight cheaper: £20 a month, all in, on a monthly-rolling contract for unlimited amounts of data (stated "action" only happens over 1000Gb a month).
5G would be interesting to me, just to up that base speed a little, but other than that... who cares? And, technically, if they bothered to use 4G properly (which we never do in this country) then you could easily reach any speed that I could desire with it.
When a 5G router, 5G SIM and still-unlimited data is available for a reasonable price? Maybe I'll upgrade. Until then, my smartphone is only on a 4G sim and sees basically zero data use (I just join it to the wifi to take advantange of the above unlimited package, so the only data I use is if I'm actually out and about and I don't tend to stream HD movies in the car or places where there isn't already wifi).
Was once yelled out by a parent at a school asking me if I knew "that I was frying children's brains" by installing a (802.11b) wireless network.
Who then got on her phone, hand-clamped it to the side of her head, loaded her children in the car, and drove off still rabbiting on it...
If you don't *know* the difference, I suggest that you don't ask but go research it for yourself.
If you don't *understand* the difference, even after trying to research, chances are that you won't understand any explanation and it's never going to affect you and you can treat it as any other marketing term to mean, essentially, nothing in particular.
If you know and understand the difference, why are you asking me?
Your incoming email chime is so loud that it drowns out the movie you're watching.
The music you want to play in the background means you can't hear what the software you're using is doing, or the game you're playing.
I hate to say it, but it *is* potentially useful - which is why you would think alsmixer actually acted like a mixer and let you change levels of all playing channels out of whichever output you would like. It does the latter, not the former.
P.S. Windows has had per-process audio volume control since... what? 7 / 8? You can then make sure that your MP3 is louder than your game, that you can have the volume up to hear alerts but don't get deafened by every window click or program startup jingle or Chrome notification in the world, and you can actually choose WHICH programs you want to hear from, ever, at all, in any way.
What's right for the kernel programmers isn't necessarily right for the operating system users.
Despite being a programmer, having used Linux since the days of 0-numbered kernels and Slackware, and not being afraid to get my hands dirty in bash or anything else, I have absolutely given up with systemd. It either works or it doesn't, and when it doesn't, I stop caring and use something else. Diagnosing it is ridiculous, it interferes with everything, it has complete apathy to my desires (e.g. if I want to use another DNS resolver), and is just a blackbox that interferes in every possible system.
And along the way, I've lost simple abilities. Like the ability to choose the name of a device in /dev/, for instance. If it's a network card, I can rename it. If it's anything else I can't. And that's been put into the kernel and can't be changed. So when you have a device that appears as /dev/somethingrandom, the best you can do is symlink it from what you want it to be (and god help you if there's already something else in that name, because you can't overrule the kernel).
Hell, it takes me minutes to find relevant logs, find out why a service didn't start, etc. whereas it used to just be starting the service and watching that name in /var/log (even via a recurring cat or other basic tool).
I tried to find out how to make a systemd service the other day, I literally gave up and did it via the old backwards compatibility with runlevels.
Just because it makes your life easier does not mean it makes anyone else's. Just reminds me totally of the whole "cdrecord must have a full scsi path and you can't use, e.g. /dev/sr0 even if that's where the device lives" shite that plagued that bit of software for no sensible reason. I'm sure it make the author's life easier, but everyone else was just screaming "I just want to burn the damn CD!".
Systemd is a damn nightmare of usability, readability, capability and culpability. It's improved absolutely nothing my end, and destroyed all kinds of things that were working perfectly fine. I'm sure if you have a thousand services spread across dozens of machines it makes something simpler, but if you're just a guy with a personal computer it's a fecking nightmare from every angle. And literally *every* advantage it gave could have been done the old way, with the same kernel functionality (e.g. cgroups) exposed to the bash shell to let it happen.
Systemd solves no problem that I ever had, but is such a problem in handling that just the name is enough to make me give up now.
Hell, I tried to make a little gaming box the other day. Guess when I realised that there's literally NO WAY to move another device to become, say, /dev/input/js0 when a program is specifically looking for that path if a kernel driver has already claimed it. Literally, your device naming order depends on device discovery order and is pretty immutable unless you want to go hard-moving dev nodes around after every single boot.
It merges kernel and user-space, it destroys the init process's replayability, it doesn't do anything any faster, or any more securely, and it literally throws a paddy if you want to have anything other system systemd's named in place (plus a million and one other "essential" daemons that just seem to take over existing programs while providing less functionality and flexibility).
Honestly, I was never so disappointed as to hear that the Debian project voted to keep it "but explore alternatives" recently. It's a heap of junk.
And also an absolute pain in the arse.
Sod paying my car tax, council tax, TV licence, gas, water, electricity, telephone, broadband, car insurance, etc. in cash every month.
I basically live a cash-free life. Hell, in the last three years, I literally accumulated only £65 of change... and I paid that into a bank only because I go annoyed with it building up (people giving me money for things, change from notes, buying things online for people who don't like doing things online, etc.).
Hell, I bought a Square reader cheap off Amazon for if anyone feels they need to share a bill with me.
Your cash can't be used for a lot of things, is entirely impractical, a theft target, and has no more stability or value than a number in a bank account.
Just do what any sensible person does with *any* money they have - don't keep it all in the same place. Or, given it's an IT site: Always have a backup.
I was in the house on my own.
I had my whole arm inside a hole in the floor.
I was adhoc-grounded by a number of things near me - a radiator I was leaning against, the cables I was installing, etc.
I would not have been able to let go, I was not expecting it, and there was nobody to help. And I thought all the upstairs power was off (it was... apart from this rogue cable which I only later figured out the fuse for).
1) Hired a Part P-certified electrician to fit a 32A Commando connector to the outside of my house. I didn't have any plugs yet (they are a larger variant of the standard building site connector), but he demonstrated it working by plugging a lamp into an adaptor. Signed off.
When the electric kiln and other things that I later wanted to put on this didn't work, I spent weeks taking it apart and getting the electrical diagrams from the kiln manufacturer. It was only when my "commando -> mains" lead would light up an extension lead but wouldn't power anything that I started to get suspicious. A voltmeter read 18v across live/neutral, but 240v across live/earth.
Turned out that there was an incoming live, neutral and earth from the house. The earth was directly connected (correct). The live was connected through the external weatherproof switch (correct). The neutral came out of the house, into the box, into a terminal block designed for it. And then there was a short piece of blue cable to go from that terminal block to the switch. Except he'd put the incoming into one slot of the terminal block, and the outgoing short cable into another slot... so there was no actual neutral connection whatsoever.
Given that I had the certificate, and the guy was an idiot anyway, I just turn off the fusebox, rewired it, and turned it back on. Worked fine ever since.
2) Once had a room in a workplace that would fuse all the time and trip the RCD. Couldn't get to the bottom of it. Turned out to be pseudo-related to the timings of a fan heater being used. Was just about to condemn it, when I had an idea. Yes... fan heater went into an extension lead, extension lead wasn't overloaded... but did have live and neutral reversed. Switched them back, and never had a problem since.
3) Massive electrical blowout, UPS goes mad and just hard-shuts-down. Does it three/four times. Related to a catering hot-serving thing being used. Turned out that the lights for the servery used one plug, and the heater another. Also turned out that they were plugging them into two different wall sockets. Wouldn't have been an issue. Well, not if those two wall sockets had been on the same phase, anyway.
4) Moved into a new house. Put hand under floorboards when trying to put in some network cable, came back with a bundle of open-ended live twin-and-earth that fed nothing and had just been lying bare under the floorboards. Very lucky not to be dead. The next week, I was inside the under-stairs cupboard, there was a metal-backbox on the wall, with a faceplate. Thought that would be a good place to pinch some power for something low-power (a clock or something, I can't remember). Took off faceplate to reveal... a bare, live, twin-and-earth cable literally touching the metal backbox. Anyone who touched that box would have been dead too.
Learned never to take anything for granted, even if installed by qualified electricians, people you trust, or it comes with a certification. Test everything. Assume nothing. Occam's Razor is that the other guy was a fecking idiot.
"Vessey noted that Glaxo risks losing experienced and skilled staff with detailed knowledge of the firm's systems"
That's true anyway.
And a salaried member of staff is far better in that regard that a random contractor who's in and out of all your competitor's systems too. I mean... they are contractors, right? So they only work when contracted, right? So they could disappear as soon as that contract ends, right?
IR35: If you're affected, raise your prices or go full-employed. It's really not that hard.
Exactly this!
My workplace uses SSL interception (via a man-in-the-middle certificate on all authorised devices). I can, in theory, see absolutely anything that happens through our connection, not to mention have administrator access to everything else, including finance, HR, etc.
Though it's *always* made clear that the connection is monitored to all staff, we don't stop them going to and booking flights or whatever they need to do, so long as it doesn't interfere with their job.
The amount of people who assume I must just be sitting there reading everyone's email, reading every file they make, and looking at every website they log into makes me think three things:
- They're doing something they shouldn't be.
- They themselves would be snooping if *they* could.
- They think I don't have a life.
Honestly, you're barely worth the log-space for the basics, let alone any deep analysis, and even that's basically because it's required in my industry.
Ah, the days when I used to go into university to use their (I think) 1Gbps line back in the late 1990's.
Me, a travelcard, and a bunch of ZIP disks and floppy disks, with a spanned zip archive and an extreme knowledge of PKZIP command line parameters.
Then go home, spent the evening unzipping them all and hoping you didn't get a dodgy disk. Was literally faster than the only dialup available to me at the time.
Best bit was when they kept publishing who was using up their resources and because they didn't have the equipment to monitor such a connection, they basically equated home-folder-storage-size-used with who-is-using-up-our-line. I escaped any scrutiny for years by downloading everything, filling up the home storage, moving it all off onto disks, deleting it, and avoiding the script that ran at a well-known time (it was in the logs that they emailled the major culprits as evidence!) so that my home folder was empty at that time.
I filled a huge thick book full of CD-Rs with all that data (no, not that kind!), still have them to this day.
You can't see the URL.
You *may* be able to *infer* the domain, but that's not given (it depends on SNI and other protocols, not to mention a dearth of other secure websites on the same IP).
You *can* see the destination IP, but that's obvious.
You can't see DNS requests if they're using a number of secure DNS services (not least things like DNSCrypt etc.).
You can see source addresses but that's little help at all.
And when they say "we cannot" it doesn't mean "we couldn't". It means "we're not allowed, and our customers would throw a fit and sue us into oblivion if we routinely did that". ISPs and back-end providers aren't even allowed to do as much as any government black-box, for example, themselves.
I can't just dig into my workplaces finance database and change numbers. It's easily *possible*, no doubt, as I have full and total access to the software, administrative rights, and the underlying storage. But I *can't* do it, legally. Nor can the ISP.
And good luck anaylsing terabytes of data for even a single customer like that. Even a torrent client running 24/7 could do what he's done, and you'd have basically no way of knowing what it was that he was torrenting if it was done on a private secure tracker, for example.
Hell, he could be VPNing into his other house or a rented server and using that for everything (or even be misconfigured and accidentally his default route!).
If you're worried about surveillance, use the technology that stops it.
If you're not worried, why do you care?
If they revealed any info on this, you'd be all over them for snooping on the poor guy, even if they dug into it out of curiosity.
Because they say that can't do that (which doesn't mean it's a physical impossibility, it means they can't do that and stay within their contract with the guy / the ISP), you're complaining?
Java ran with full permissions to the user, and then had it's own "security" (in your Control Panel modules, etc. no less).
WebAssembly is Javascript-compressed. It can't do anything that Javascript couldn't already do. And it runs inside the browser DOM, which literally doesn't have certain capabilities (if it did, Javascript would have had them too).
No worse than anything else.
It's basically the same as the Javascript (ECMAScript) permissions - given that WebAssembly has its roots in the "virtual machine" made in Javascript.
Seriously, the problem is not what technology you choose, but how stupid your browser manufacturer's are.
P.S. You've had a webassembly-enabled browser for several years now, I guarantee it.
Go play with Emscripten, which has been compiling to Webassembly for a long time already. It's basically bound by the browser DOM security model. If that was broke, it really doesn't matter *what* language you've been using.
But you'll notice that you can't access local files, you have to run code from remote websites (so you can't just be pointed at something compromised on a local network machine), that permissions to audio, video capture and everything else are: the same damn permissions you've got available to every website and are denying/allowing already. It doesn't allow arbitrary file, memory or resource access. Hell, you have to jump through hoops just to preload files from a website and access them in a virtualised storage in order to do anything on them, and the performance hit is enormous because of the way it's done (but still more than viable for 99% of things you want to do in a browser because, hey, it's a browser).
The only interesting thing is WebSockets, but that's no different to the myriad of websites that talk back in the same way over HTTPS already.
Honestly, if your browser is dumb, it doesn't matter what language it's dumb in.
WebAssembly is just Javascript-compressed. That's it. If there's a vulnerability in it, you had that vulnerability for the last 10 years in your browser already.
But with Javascript, it's a pain in the arse to write a full 3D FPS (or, say, something like Sketchup for the Web). In WebAssembly, it's just another target for a compiler.
And, no, if you compile a memory-unsafe language (say, C99) to WebAssembly, all that happens is that your code falls over inside the WebAssembly virtual machine. Arbitrary memory pointer access is actually faked by allocation of a giant array, for instance. There are some things you just can't do because the browser DOM and the inherent absence of a capability in WebAssembly stops you.
Focus on the problem (browsers which don't implement proper security for their page interpretation) not the brand name on the language that exposes that (e.g. Javascript, WebAssembly). And, no, it's not even close to Java. Java plugins in browsers worked by Java having arbitrary access to the machine and then imposing its own (broken) security model. That's why Java plugins are basically dead now.
If they can't even get charging money right, what chance in hell do they have of operating your domain reliably?
Don't deal with companies that a) refuse to take your money or b) take your money without asking.
Literally, if they can't manage the basics of business, don't trust them with anything more complicated... like providing a service to you.
And, yes, I have literally had companies refuse to take my money. One ISP who turned off a private school's ADSL lines because "they used more traffic than a normal household" (despite being clearly marketed as a business line and the equipment having been installed by said ISP!) was literally told "Money is no object, we need this connection back on, how much to lift your entirely arbitrary traffic limit, even just for today?" and they said that they couldn't.
Their money instead went on a bunch of 3G sticks (best thing available at the time) to tide us over and then we paid 10 times as much each month for a leased line from another company and cut them off. I mean... how stupid can you be, doing business like that?
The older generation currently *are* generally incapable - both limited in ability (e.g. pain, joint conditions, etc.) but also not-very-tech-savvy in general. My parents can just about manage Facebook and they're only in their 60's. The people in their 80's aren't online, in general.
The *next* generation of elderly won't avoid the medical problems, however, but will be tech-savvy. And we have to prepare for that. I'm not going to tolerate being an old man with creaky hips AND having to bend over to plug in something that I know I can control remotely from my phone. And like hell am I going to accept living in sheltered accommodation without Wifi, Netflix, a games console, etc. or equivalents.
Tech is there to make your life easier and better. From the first plate, fire, or wheelchair, that's its entire purpose. And yet we have people who expect to still have dumb light-switches sunk into their walls with a manual cable in 20 years time.
Christmas lights haven't really been mains powered for over a decade now. I'm talking about the 5V adaptor that they come with. My 15-year-old lights are LED (including bright blue LED) and are powered by low-voltage DC. They don't fade, blow, or warm up.
They are also fused, waterproof and don't get warm at all. Oh, and the ones I bought to supplement them this year on an Amazon deal were £10, Bluetooth, Wifi and infra-red remote controllable. They can run off a USB connector (and my wall-sockets have USB connectors built-in nowadays!). I ran them around my office window and they even synchronise to our Christmas music.
Seriously, it's nearly 2020. People stopped using non-LED lights years ago, in their houses and on their Christmas trees.
It's almost like what I'm saying is true - and things are plugged in and then remotely-controlled for pence, nowdays, isn't it?
Light switches are not. Fans.
However think more "every socket is a potential smart socket". Sockets for washing machines, dishwashers, etc. are not accessible but could be remote-controlled. External sockets.
If the cost of running a shutoff switch, drilling through worktops, providing a shutoff switch, etc. exceeds the cost of a smart socket (which are, what... £10 on Amazon at the moment), then you're going to get one dumb ring per floor, and one for lighting, and every switch, controller, etc. will be remotely controlled rather than faffing about.
Also, think old people who are now (or will soon be) tech-savvy and don't want to bend down every two seconds to turn things off.
People like me are literally buying remote-control switches for next to nothing because it's easier than faffing about running extra light switches, or moving them, or siting a switch, controller, thermostat, etc. somewhere else and wiring it back.
Your thermostats are now remote nowadays. Light switches are often remote, including for lamps. Timer switches are now digital and intelligent.
Rather than argue the idea, look round modern houses. The trend is towards remote control, even if not in a smart home.
Tell me... how are you turning your Christmas lights on this year? For the last 20 years, I've had a remote-control switch on them. It's old-fashioned RF, but nowadays it's actually cheaper to replace it with a wifi/bluetooth one than it is anything else.
Combine with the "smart" meter junk (which I hate and avoid), there's only one logical conclusion. Houses are going to start coming with remote switches rather than run-into-wall, pre-plastering cutouts. For speed of construction, if nothing else.
I guarantee that any modern office already has a building management system rather than old fashioned thermostats, etc.
Plug a 4G stick into a computer, load Gammu, get it to run any bash script you like based on the message content.
Did it... 10 years ago? It was a 3G stick back then, but same principle. Our ADSL routers were really flaky and nothing would stop them getting dead sessions that looked like they were active (i.e. you could ping gateway but nothing further). Resetting the router always worked to bring it online. We run dual-ADSL lines, and we sometimes wanted out-of-hours access over them.
One "emergency" 3G dongle on a Linux machine, connected to a K8055 from Velleman and a relay on the power supply to the router, and quickly encoded in the documentation was a line to text a certain phrase to a certain number if the VPN etc. were unresponsive. It would receive the text, run a script, which would activate the relay for 5 seconds, which would cut the power. 20 seconds later everything would respond again. Worked fine for years until we upgraded to a leased line from someone actually willing to deliver a business-class line.
With RPi's and things nowadays, 3G sticks in the literal pence range on eBay, and a SIM-only package for £5 a month, it's not a problem to code something up.
I would never buy Nest etc. shite when I can just buy something that does the same job but is entirely, 100% under my control and not talking home. Hell, I refuse to have a CCTV NVR that talks home. If it can't operate with a all-outgoing-traffic-blocked firewall and just a single RTSP port exposed to the router, then it goes back to the shop.
A doorbell is a switch.
A lightswitch is a switch.
A dimmer is a variable switch.
A plug switch is a switch.
Run the wires as low-voltage NO/NC cabling to something that actually switches the power.
My old house had a three-way light-switch for the stairs (so you could turn it on from upstairs, downstairs rooms, or as you walk into the house). Easiest way to wire: three dumb switches, the existing mains cabling used as low-voltage signalling cable, and a mains relay in the ceiling rose (literally a few pounds and a damn sight easier to wire than a lightswitch). I ended up making the third of the switches from a wireless piezo-activated switch - no wiring or batteries required. Worked fine for years.
The housebuilders of the future will stop faffing about chasing cables for switches everywhere and just power the rings and put individually-controllable relays on each outlet.
Ah, I see, so we should only attempt to enforce police actions that result in lots of successful arrests, then?
So, what you want, really, is some kind of obvious, bang-to-rights, prevalent, cheap crime to occur a lot - something that's low-value, easy to prove, easy to convict, and ordinary people stumble into like idiots all the time.
Say... Speeding tickets. Parking tickets. Copyright cases. Littering.
Strangely, all those things that people complain that coppers spend far too long doing rather than actual crimes which often don't result in any arrest at all and when they do result in only a single one at rare intervals. How do you catch a burglar who leaves no forensic evidence? How many people, equipment, services, etc. does it take to collect that forensic evidence and process it to court standards to a conviction? How often would that result in a conviction for, say, breaking a window at enormous expense?
Or they could, you know, target certain crimes at certain times of the year to keep a handle on a portion of all crimes, all year round, serious and trivial so there's no hiding place
Don't police by statistics.
And one of the very first features it had to acquire to be useful in some areas (and which it has FAQs about because they are used that often) is unsafe memory access, just like C has.
How do you take a block of RAM which, say, is a memory-mapped graphics framebuffer, network buffer, hard disk access buffer, etc. which the hardware tells you where it is (e.g. PCI layer or pointer to it), and then utilise those underlying bytes of arbitrary RAM in a type-safe way without having to treat the underlying bytes as completely untrustable, potentially-out-of-range or -nonsensical bytes which you then have to sanitise to make them useful and hope you never made any mistake? You can't.
From the Rust language book:
"Another reason Rust has an unsafe alter ego is that the underlying computer hardware is inherently unsafe. If Rust didn’t let you do unsafe operations, you couldn’t do certain tasks. Rust needs to allow you to do low-level systems programming, such as directly interacting with the operating system or even writing your own operating system."
Until you get "memory-safe hardware", you've got the boundary of safety at exactly the same place that it is for every other language or OS - right at the critical point of having to interpret hardware-provided information in the deepest, most privileged rings of the processor/kernel, to do so in an incredibly performant manner, and to never make a mistake.
Windows blue-screens or Linux kernel panics not because an application crashes (those days are hopefully long gone), but because graphics drivers, network drivers, etc. all have to be well-programmed and able to take everything you throw at them and get it right every time or the underlying hardware or software crashes at the highest levels of the kernel in an unrecoverable manner. And yet, the drivers also cannot possibly affect the performance of the hardware, or the hardware you're selling then looks like trash compared to the competition and nobody will use your driver or hardware.
1) My ZX Spectrum boots in under a second without anything approaching even 1% of NVMe speeds. Boot time is not an indicator of performance. I used to be able to boot old PCs just as fast from hard disk (if you ignore the BIOS memory check), it doesn't mean anything. And even then, it "needs" NVMe to boot that fast in the first place.
2) Microkernels suffer from poor performance because of the sharing of data and simultaneous data access between all the different subsystems. Memory gets very contended and the system just can't perform as well. This is quite literally the MINIX vs Linux argument all over again. So it might boot on a sixpence, but it could be dog-slow after that.
3) Kernels, and drivers (which are literally stated as one of the largest areas of Linux) require direct memory interaction to function properly. This is an unsafe operation. A bug in a driver or kernel at the wrong place means crashes. BSD is god-knows-how-old and you're still complaining about crashes in its drivers. How long before a Rust OS that has to separate all the safe vs unsafe parts out and put all the *same* kind of checks around the unsafe parts to make them "logically" safe (but not guaranteed safe to operate on) will be able to compete with hardware support, speed and everything else?
4) The "as a file" scheme is not a problem. Why is having a device show inside the device tree which is hosted on the device a problem? Of course it has to be... it's a device itself, therefore it's in the device tree. The device tree, however, is not located inside the device (the root / is not on your hard drive... it's a virtual root in RAM. Of course you can overlay mount over it, almost everyone does, but then /dev/ is a virtual device that's not on your hard drive, and that's what holds the actual drive). There is nothing stopping you having a virtual root, with /storage which contains all the drives and /devices that contains all your devices and thus eliminate any nesting in seconds. You don't because... why would you? It causes no problems and in some circumstances can come in real handy.
It's another ReactOS / MINIX, from what I can see. And self-hosting is a milestone, sure, but it shouldn't be that hard. If you have an OS with drivers, GUI, booting, etc. then self-hosting is really not very much a step at all. Horrible to write the initial bootstrap compiler but there are projects for that. First, you write a micro compiler, simple enough to do by hand and very feature-limited on purpose, then you write a mini compiler in the micro language, then you throw something like tcc at the mini compiler, which gives you a full compiler but without all the bells and whistles, from which you can then make anything else (including gcc).
If you have a full compiler project already written, in a C-like language, that you have control over, it's just bootstrapping to greater and greater functionality (and likely memory safety! The first micro compiler won't be very memory safe at all but it won't matter because you'll be writing precisely one program in it that you want to interact at the lowest levels). I think it's an actual problem that it's taken that long to bootstrap a working Rust compiler.
You've gained nothing security-wise, for unspecified performance, on a niche system, when you could have just Rust-ised the entire userland of one of the common OS and then started Rust-ising the driver layer of said OS. You'll get to the same cliff-edge where you lose all memory safety anyway, but you're not re-inventing the wheel and could smarten up the kernel/user divide of working OS along the way.
Your phone almost certainly uses IPv6.
Your computer should be choosing to use IPv6 (but even Sky are flaky and the IPv6 support for the British ISPs is atrocious... Virgin don't even support it at all, but you'll get a "local" IPv6 address anyway).
Google say that something like 30% of all their queries come in over IPv6:
https://www.google.com/intl/en/ipv6/statistics.html
Just because YOU don't/can't use it, doesn't mean that it's not there to be used, or used by other people.
I bet that Sky have just given you a local-equivalent IPv6 (which is just your IPv4 inside a reserved area of IPv6) and you don't have a real external IPv6 address, or proper IPv6 connectivity, at all.
But I bet that your phone does and you don't even know it.
One of the reasons I wouldn't buy a soundbar that's capable of firmware updates at all (or would firewall it off immediately).
It has to take.... audio data and produce... audio. There's nothing in there that requires anything more complicated than that.
I bought a £23 kit for an arcade cabinet project, consisting of speakers and amplifier. I use it with a Raspberry Pi that - while doing everything else that it does, including playing games - can act as a Bluetooth audio sink. Additionally, I have a £20 HDMI splitter that also provides a separate audio out (i.e. one HDMI -> two HDMI out, SPDIF out and 3.5mm audio out).
Combining the above does... well, pretty much everything a soundbar does. For way less than £100. Even as a cobbled-together solution. And is more than good/loud enough to fill my entire living room with deafening-but-clear sound.
Given that if you really wanted to, the Raspberry Pi could easily be replaced with, say, a tiny Bluetooth->audio adaptor (£10?), where in there is there a need for firmware, updates, or anything else?
I judge you for buying "Bose", thinking it's a premium brand (it's the Haagen Dasz of audio, as far as anyone who knows about audio has ever told me).
I judge you for buying devices that have Internet connectivity or updates, or even a smartphone for what should be a basic connection (even if over Bluetooth from your phone) and an audio-only stream.
I judge you for then not returning the equipment to Bose as not fit for purpose if it's been off for MONTHS and been unusable in that time, and/or taking them to court. Imagine if someone did that to your car, or your bank account?
He's a convicted criminal who was charged with skipping UK court bail.
Quite what entitles him in that to not be in a prison without hope of parole or release, I can't fathom.
He's also made a celebrity of himself, and claimed that he's under threat of kidnap, torture or even murder. Hence he's under strict security.
You can't have it both ways!
His "isolation" is rather self-imposed but not an unusual measure with difficult prisoners.
The guy's been voluntarily living in a box for 7 years... that he's acting a bit odd by now is pretty much to be expected.
The accused does not get to state the venue, method, style or scope of his own interrogation.
Note "accused".
For a start, they would have no way to control his recording of the interview to play to the press shortly after, which though you could say "they would record it anyway and it should all be public" is likely to prejudice any trial and be taken out of context.
Generally speaking, interviewees do not get to say "come to my house and do it", rather than being asked to appear at a police station at a given date and time for questioning.
It's the height of arrogance to assume that a criminal on the run from court charges somehow gets to choose how they are questioned by authorities.
https://edu.google.com/intl/en_uk/why-google/privacy-security/?modal_active=none
https://privacy.google.com/businesses/compliance/#!?modal_active=none
Google Apps for Education has no ads or ad-tracking, they also gave me a written assurance that the data is stored and processed in a UK/EU datacentre (that's changed over the years), and without prompting have sent me any number of data processing statements over the years.
Apple... nothing.
As an IT Manager at a private school that had a "parents pay for a managed iPad" policy for four years, let me update you on how that went:
We have no iPads.
Pupils all have Chromebooks.
Not just that the iPads are pretty much unmanageable en-masse, but also that you HAVE to buy them via Apple directly, brand new, latest versions only, or they just don't get the management tools (DEP).
Apple School Manager is an inherently stupid piece of junk. It can't handle even an iTunes account created on a pupil's email account previously (i.e. before you all got iPads) without shutting down said account for months to let it "expire" before you can then create a managed equivalent.
Apple's tech support has literally ZERO interest in schools, whatsoever, no matter how much invest (we were deep into 6-figures, they couldn't even be bothered to help us one iota).
They would not take a complaint (separate to the below) that there was an app called "Bypass your school filters", rated at 4+. Yet Chrome itself was rated 18+ because "it let you on the Internet". The official word I received from their support guys was "It's up to the app provider to modify that." And, believe me, I went through everyone I could.
They do not have (or certainly, did not have until very recently but I haven't contacted them in a year) any education department whatsoever. Look forward to going through 10 people who are only used to explaining what granny can do to reset her iTunes password for even the most complex of MDM scenarios. I was literally asked for "the iPad serial number" when requesting help with a 500+ device MDM problem, and they refused to continue without one. I was told repeatedly that they don't have an education department at that time (despite having released Apple School Manager, etc.).
Their devices are inherently fragile and break about 2-3 times more often than any other comparable product when in the hands of children. Repairs are unbelievably expensive and they won't support devices which haven't had official repairs. They themselves have testified before an EU court that their devices are only designed to last one year (it was how they tried to get out of providing a statutory 2-year EU warranty).
Apple cannot, will not, and never have given GDPR assurances. They pay lip service to "working on it", "as part of our GDPR work", etc. but they won't give you the guarantees that EVERY cloud provider will happily send you there and then the second you ask for it. They are likely not GDPR compliant at all (iCloud is a mix of worldwide AWS, Azure and Google Apps instances / servers / storage - The Reg themselves have covered taht).
Apple's complaint procedure is literally illegal. They wouldn't take my complaint, wouldn't respond to my complaint, wouldn't register my complaint, wouldn't inform me of their complaints procedure, refused to confirm even their head office details, and just passed me from pillar to post even with recorded-delivery signed letters from their own customer asking for legally-required basic information.
Steer well clear of Apple for anything, but most especially for education.
I've never paid £499 for a phone in my life.
Hell, I've only ever paid that once for a laptop, and that laptop is still my primary device and has been for the last 8/9 years - it's on 24 hours, for gaming, work, personal, travel, etc.
Expensive is okay if there's value there too. For a phone that I might carry around and use only when I'm stuck somewhere and totally bored, or for the occasional phone call, and will *never* use when I'm at home... sorry, no.
Stop with the stupendous camera shite and stupid-edge screens already.
ASLR and kernel/userspace checks and barriers on the calling functions.
If the Apple iOS is truly that disastrous in terms of security that you can just make up a pointer and call a random deep-OS function that should only be called by the OS, then they get everything they deserve in this day and age.
Imagine being able to "just call" deep-level OS functions that aren't exposed to you from unprivileged code... that's just a disaster waiting to happen.
It tells me exactly one thing - iOS apps are basically running as a privileged user, the APIs don't have any permissioning or ASLR-like defences, and they can't be bothered to push obsoleted functions through a shim so that they aren't exposed to the programmed libraries.
That a "determined programmer" of, say, a game, can inspect your API shim's code is a memory boundary violation in the first place... that they can then extract pointers to the underlying direct functions that aren't otherwise exposed is stupid... that they can then CALL/EXECUTE THOSE FUNCTIONS is ridiculous.
Someone teach Apple how to make a modern OS and incorporate privilege separation and memory barriers.
There's a reason that an unprivileged user on, say, Windows or Linux is unable to just jump into the kernel RAM, start probing for addresses and then jumping to those addresses to execute functions only used internally or by other processes/services.
Question:
Why is it not viable to fit a mesh over sewer pipes that enter the sewers so that things like wet-wipes and nappies block up the local sewer / that person's drain rather than get washed downstream into a big globule that affects half a city?
Surely those pipes just feed into other pipes which feed into larger pipes which feed into sewers... start mandating and fitting a grille inside them just outside the customer's pipework so they can only block up their own / their neighbour's damn sewer when they flush something unflushable.
Have you never worked in IT?
I've seen people blow entire budgets on things like MP3 editing software without the IT department being involved and then complaining that they don't automatically connect to some WMA-only dictaphones that they bought the year before.
Procurement is a process with sign-off required for a reason, not least because people running off and installing software, throwing data around, and purchasing things willy-nilly is rampant even with that kind of process.
Over the last two decades I've had people who "buy" software all the time on company credit cards, and then just bring me a disk and expect me to "install it everywhere". No checking of compatibility, viability, licensing arrangements (I once had a guy argue full-force in front of my boss how fonts were "all shareware" and we could just pay for one licence and then use them on every machine), what account they were purchased on, whether that account is a personal or business account, whether we could even have got them cheaper by going through proper channels, etc. I've even had people claim back software purchases as "staff expenses" to try to bypass IT, by buying it on their own credit card and then claiming it back under a different budgeting code.
Employees are really this tricky, and it happens all the time. Especially if IT are "being obstructive" and "just saying GDPR" to everything, and won't let them just put in some CD-R that they bought off eBay which has full copies of the entire Macromedia Dreamweaver suite on every machine in the building.
A short-term incentive at best.
Also, I can never be eligible. I rent a flat in a managed estate where the private allocated car parking space is not within cable range of my flat, and where the letting agreement actually includes a "no trailing cables, nothing out of the windows" clause.
Hence I will have to wait until my landlord's management agent installs a several-KW charger inside my private parking space. The alternative is to park my car some half-a-kilometre away from my house and leave it unattended overnight in a town centre car park with precisely two electric parking slots. I'm not sure what that would do to the insurance but I'm certain it won't be positive. While it may be good exercise, it's not why I own a car, or live in a flat with an allocated parking space.
For reference: The entrance to my flat involves going down a dark, unlit alleyway to a dark, unlit garden which they have told myself (and all the other residents for 20+ years because literally everyone who has ever lived there has complained) that they can't illuminate the path as there's no utility lighting down there, only individual metered residential connections. So... good luck with that! They can't be bothered to install the infrastructure for a 5W LED bulb for the last 20+ years, with health-and-safety liability, I'm sure they'll jump straight on the electric-fast-charger bandwagon and dig up all the parking spaces just for me to have a "green" car...
And when we're all using the bus lanes, and all using green electricity, and all the pigs are flying, then we can safely say that all those incentives will evaporate and our electric fancy cars will end up costing just as much to run as our old ICE cars did - plus inflation - because otherwise there's a massive drop in revenue.
How about no?
Correct.
And I've yet to meet any outsourcing company where a random can turn up, understand the problem and just fix it like "the usual guy" in any significant fashion. That problem isn't solved by outsourcing, except maybe on huge scales.
And that's made on the assumption that the outsourcing company are employing a team of people who are all skilled and interchangeable even when they are not needed, just in case one of them is off. Which is a lie before you start, and an even greater expense to yourself to finish.
Just in the last two weeks, I've had contractors fail to turn up (twice), turn up without equipment to do the specified jobs (twice), install inadequate equipment despite specs (multiple times), and subs not appear or even tell the company who was subbing them that they weren't going to turn up because they had a lung infection.
Outsourcing doesn't change that SPoF. If it does, if you find a magic company that operates like that... your costs just doubled to let them do that. So... you could have just bought two guys and paid one to sit at home, or ran a small team for yourself.
Question:
If you use GIMP, LibreOffice, Affinitiy and Adobe - all of which are cross-platform - are you honestly staying on Apple's platform just for GraphicConvertor which appears to be - forgive me - a shareware piece of photo management software that barely does more than the junk that they tried for decades to give away with everything, or even things available on Humble Bundles from names like Corel?
There comes a point where everyone sensible has moved to cross-platform tools. That point came about 10-20 years ago depending on your techniness, even if by accident of moving to web-based tools. And now you've basically done that, you're paying for Apple because...?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
