* Posts by JLV

2252 publicly visible posts • joined 4 Mar 2013

Using SQL techniques in NoSQL is OK, right? WRONG

JLV

Re: Seems obvious.

No SQL standard

Unless I am mistaken, each NoSQL db has its own little approaches to sql-like queries and indeed even for no-sql queries. OODB were briefly de rigueur in the early 90s but suffered when no uniform way to interact with them was made available. CQL is Cassandra's take, MongoDB and CouchDB will do something else.

(Portable ANSI sql is tricky, but achievable, you don't have to be stuck in proprietary dialects if you pay attention to portability)

Having said that, the NoSQL crowd is advancing the database paradigm, SQL is famously bad at certain types of data modelling (parts of parts) and web scale computing has different requirements. Postgresql for example is learning JSON tricks in order to compete.

The good burghers of Palo Alto are entirely insane

JLV

>So the local council is often stacked with local business owners (who else can afford to run and take an unpaid post).

and in Roman times unpaid senatorial or governor positions were heavily and expensively sought after. Because they gave the title holder all sorts of lucrative ways to stuff his pockets once in place.

Remember that next time you evaluate pay for your elected officials. Which can be surprisingly low, but in some countries lead to all sorts of pension goodies, a form of remuneration which provides no value whatsoever to taxpayers.

Re. Palo Alto, it would be unethical, and possibly illegal, for "zoning controllers" to purchase un-housing land at low cost and then rezone it into a higher bracket. This is a prime source of corruption by local (& low paid) officialdom in China.

A low-cost housing only zoning classification would be fairer and more transparent.

High-heeled hacker builds pen-test kit into her skyscraper shoes

JLV

Re: Given the size of a small mobile

Am guessing the shoes are also below scanner level, unlike belts. It's why airport checks have you take them off, but security can't do that elsewhere.

Geeks on quest for world's most pointless YouTube video

JLV
Thumb Down

Re: A big "plus one" to you...

Generalizations are the enemy of original thinking.

It totally depends on the subject. If there is a heavy graphical/visual component to the subject then video/YouTube may very well carry the message more efficiently and expressively than text with images.

Examples - text editor tricks, CSS effects, GUI-heavy programs, graphical editors.

Counterexamples: coding, OO or db design, patterns, language references or proper tutorials.

Still, I would nominate an ex-colleague's as most pointless ever video - 5 min/93 MB to clarify which one (of a dozen or so) checkboxes had to be checked on one screen of a ClearCase transaction to satisfy the PHBs code check-in guidelines. Mind you, the company manual on the subject ran to 60-70 pages for about as much info and I suspect many meetings were involved in getting off the ground.

P.S. whatever happened to YouTube's time bookmarking feature? The one where you could link to a specific spot in a video. Haven't seen it working in ages. Too easy to skip ads with it?

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

JLV

I agree. Good of him to find the bug, but he should have been responsible, notified Apple discreetly and given them some time to respond. Then the thing might have been patched before it became widespread knowledge to crackers.

If Apple hadn't responded then they would have faced had the additional charge of being slackers at acknowledging security disclosures. So even more of a feather in his hat, in a way.

As it is, he may burn his rep with his approach. Whether you like Apple or not, this wouldn't be something cool to have done to your own OS of choice.

And, agree with you and some other posters. It is frustrating that Apple fairly consistently manages to poke holes into a BSD, systems that are almost a byword for security robustness.

In a way, I almost wish that they did get a massive actual breach, not just vulnerability, that would motivate them to actually take security a lot more seriously. And, also, shut the trap of my fellow fanbois customers who think that nothing can ever go wrong with a Mac. Way too complacent, both.

MS's security, if not its reputation, actually benefited from the aftermath of some of the massive worms of the late 90s / early 00s, like Melissa and Blaster.

JLV

So... Apple, here's your chance to look a little better than you have recently and actually patch appropriately and with alacrity on all OSX releases that are purportedly in at least security support mode (Mountain Lion according to Wikipedia).

I.e., upgrading to El Capitan is not an appropriate security patching approach.

Chinese, Russian, tech giants join global open source efforts

JLV
Coat

Re: BSD Licence

Agree.

Speaking of which, has anybody volunteered to go to North Korea and make sure they are publishing back all the Red Star source code, as per GPL? Maybe have a serious chit-chat with the Young Leader about compliance?

Just, be careful and excuse yourself with a headache if he wants to the take the opportunity to show you his AA gun collection outside. Or his laser sharks.

I know, bad taste. My coat is waiting as well.

SEC: Ukrainian hackers' investment fraud ring raked in millions in 'unprecedented' hack

JLV

>parting fools from their money.

From the sound of it, I would hazard a guess that their direct customers made off rather handsomely. Investors at large on the other hand...

Huge hack attack: UK data cops to probe Carphone Warehouse breach

JLV

naive question

is there no better way?

Why does CarPhone need to store your CC info in the first place? Can't they just pass you the terminal, have it upload the transaction data and your PIN and receive an confirmation of accepted transaction from Visa in return? With an confirmation id so that the stuff can be tracked back later on if needed? No need to store any of your CC data in that case, Visa takes that role on and they have every incentive to protect it.

Why, instead of expecting anything useful out of merchant security, does Visa & all not work that way in general? Or at least maybe give a transaction cut discount to retailers doing that.

I get that Amazon wants to store your CC data, it's very convenient not to have to reenter it every time. But in a store setting you still need provide the card physically every single time. Why store anything about it if Visa can look after that? Even store-issued cards are still managed by CC companies.

Or was this breach on the website end of things rather than the stores?

This is an honest question, I am not POS-savvy in the least.

Aussie bloaters gorging on junk food 'each and every day'

JLV

Re: Point taken. Improve diet. Good advice.

Speaking of which, have they covered the noble Poutine yet?

Perhaps middle-aged blokes SHOULDN'T try 34-hour-long road trips

JLV

Re: Marketplace?

movie-wise? Hitcher, the Rutger Hauer version.

JLV

merge slow back into fast

I've lived 10 years in France (fast middle merges back to slow) and Canada (slow right merges back into middle). Much prefer Canadian approach (lots of thinking about that on my road trips).

It seems only fair that those who are in a hurry and can't stick to their lane should be inconvenienced by having to merge back.

The problem is what happens when the 3 lanes become 2 again and you are still passing a car in the slow lane. When it's a French fast merge, you need to either speed up to pass to nip back to the right. Which is safe, if you can pull it off. But leaves you in oncoming traffic is you can't. Or else hit the brakes, fall behind the car and rush back into the right lane, possibly cutting off the next car behind.

You cannot stay in the now disappearing middle lane, it will have oncoming traffic in it.

Here, if you are merging from the slow lane to the middle lane and you can't because someone is in it, hitting the brakes and staying in your lane is a relatively safe option, if very annoying. You could even come to a complete stop if you really had to. Cars behind you would have to stop as well, but even for them that's better than dealing with a brutal last second panic swerve from the fast lane.

Is it fair that you had to give way to the bozo trying to pass who couldn't do it correctly? No, but it's better than panicky last second lane weaving by anyone. Everyone is put at risk, not just the party doing the passing.

Anyway, passing here is still a bit of an adrenaline rush at times, especially as mine is a hilly area, but it feels quite a bit safer overall.

Would love to see accident cause statistics for both systems however.

Left vs. right driving? Doesn't really matter, it's just a convention.

Sane people, I BEG you: Stop the software defined moronocalypse

JLV

Re: Might take a while

First, let me start out by saying that I agree we do need to learn to be better and safer as devs. And, yes, engineering has some things to teach us, because it is a technical discipline in problem-solving like ours. On that we don't disagree.

However, I think we could also learn from the medical profession in how to problem-solve in conditions of uncertainty, complex interactions, evolving threats and emerging base of knowledge. Sounds less like a fit than engineering so, just maybe we wouldn't be gulled into thinking that it was THE answer.

>Each bridge (or ship) is its own development

Well, maybe, but they generally do the same thing, don't they and we've been building bridges for thousands of years. 20 years ago there was no javascript or generalized public-facing access points, which is what websites are. 30 years back, nearly no networks to attack via.

A bridge engineer will design many bridges in her life, but she won't necessarily switch to building airports. Yet, devs are mostly expected to switch subject matter and languages quite quickly.

>We most certainly do and they are getting better.

I took a quick looksee at wikipedia for formal methods, just to make sure I hadn't missed any new development about those and I found, as expected, that they are very costly and very limited in use. Hardly a solution for the average dev, is it? A bit like arguing that the design technique, funding and sheer expertise applied to building the Burj Khalifa are available to your local house builder.

They could be, if cost was no constraint.

On the other hand, the Reg has had several recent articles about applying automated analysis of software behavior in order to highlight possible security weak points. Now, the prospect of getting that to work gets me all hot and bothered, not your formal methods, sorry.

>I'm a developer, not a mathematician

Before becoming a dev I graduated with a BS in Electrical Engineering. What you don't get is how intrinsic math is to engineering. You start out building a solid foundation of math and then you learn how to apply the equations relevant to your particular field. Engineering is a combination of applied mathematics and then creativity/skill in the field, but math is foundational to any engineering field and the formalism that the mathematical underpinning allows is what gives engineering the qualities which the OP suggests we borrow from civil engineering.

There is no such underpinning mathematical foundation in general software.

So, no, we agree to disagree on that too.

Also, to be fair, many of the big hacks wouldn't be helped just by better coding. Heartbleed? Yes. Apples Yosemite root hack? Definitely.

Bradley Manning, copying hundreds of MB for classified docs? The system was working as designed. OPM hack, 22M profiles hacked? How many IT subsystems in the US Federal needed to trawl through 22M records? Shouldn't access on that scale have raised alarm bells? Shouldn't those records have been guarded like Fort Knox? Ditto Targets 40m cc hacks. What about Ashley Madison? Why did those morons really need to have the CC info on such a lucrative and publicity-shy bunch of users? What about all security issues due to compromised and reused passwords?

Better coders, yes. But how about deploying systems with better heuristics about normal vs anomalous use? Rate limiting access to sensitive data? Watch-dogging the networks to see when data flow from particular sensitive nodes are unexpectedly high? Most of all, how about borrowing, from the military, not the engineers, the notion of need-to-know. As in, limit which systems can access which data, at what rate. And, even more so, limit the data that your own organization retains in the first place. If you don't have some info, then getting hacked will not have compromised that info. The marketing gals will hate you for it, but it should be our first line of defense.

>Friends don't let friends code in flash

Extremely good point, but that is not a dev call. That is a system architect call, and to be frank, if all IT security weaknesses had as simple a solution as not using obviously unfit tools like Flash, then we wouldn't be in the shit storm we are in.

JLV

How about putting penetration testing/blackhat stuff formally on CS curriculums? And having more, lots more, training offers for it post-school. To stop a thief it helps to think like one.

In a way, admins are more security aware than many devs because you are more exposed to threats daily than we are. For a majority of us devs that don't work on public websites we may know, somewhat, about best security practices, but they remain theoretical and we don't get pen tested.

Until we f*** up and it's too late. That's why more early exposure to how the other side operates would help.

JLV

Re: Might take a while

Can we please stop the specious engineering analogies? Lots of engineering relies on known, quantifiable methods to achieve nearly the same exact results as 100s or 1000s of nearly identical projects. Even if not identical, components are limited in number, dont change as quickly and have known physical characteristics. Know your field , have a lot of talent, apply a generous amount of overengineering and you should have a somewhat predictably safe product. If it's not, then you're in trouble but the next iteration will fix that flaw and leave most of the rest of the system the same.

If it's super complex, a la space shuttle, dev time is in decades and 1000s of folks check and recheck everything.

Even complicated risks like earthquakes are gradually addressed by years of aggregated wisdom in cookbook recipes, i.e. building codes. Overarchingly you have proven mathematical models to check your systems with.

Many of these conditions apply very differently to development. Wishful thinking and self-flagellation doesn't mean it's a easily transferrable model.

We are faced with nearly the same level of complexity, constantly evolving threats and dev tools, and essentially operate on a custom artisan model where everything is always new. And we most certainly don't have formal mathematical verification methods. And security vs ease of use is not nearly as much in tensuon in most engineeing fields.

Agree with the article though, we need to seriously up our game.

Oracle brews perpetual, all-you-can-eat database licence

JLV

Re: I never understood expensive commercial databases...

I take it you don't understand large scale databases very well in general then.

I won't bother dissing mysql, which is fine for 90% of its use cases, but seems to fall down on really complex stuff and has questionable ACID compliance.

But let's take postgresql, which I love. It seems as if the databases can grow to 60-70 gb without any hassles. No, not talking about theoretical limits, more what runs comfortably in real life. But, what if you need to grow 10x above that? Then you may want to go back and look at Oracle or DB2. Or even, who knows, with much caution, look at MSSQL (which isn't super cheap when you get into the real enterprisey versions and sizing is also an issue). And what if your OS platform or 3rd party application isn't supported by postgres? Again, you may need to shell out the big $$$. Then there is the availability of really skilled DBAs. Many know Oracle very well. Postgres? Maybe not as many.

It all depends on your needs. I would definitely go for postgres at first (or sqlite under special conditions). Or even mysql if I wasn't doing anything fancy. But these may not always fit the bill and it may end up being an 80/20 problem where you solve almost everything but fall down on the remainder. Oracle costs big $ partially because they are one, if not the, top db vendors.

Point is, sometimes it is cheaper to buy something expensive rather than paying devs to code workarounds on the wrong tool.

As to this "all-you-can-eat" offering ending up being a good $ deal for customers? I'll believe that when I see it.

Global cybercrime fraud boss ran secret pro-Moscow intel sorties

JLV

Re: Spy agencies doing illegal things

@ P. Lee.

Why stop here? There are at least 10-15 other Reg articles just today to which you could contribute your fascinating insights. They would surely be no less relevant there than here. You could even find an Australia-related article. Wow!

Comparing, favorably, US (and pre-1807 Euro) slavery to current Aussie anti-immigrant policies? A rhetorical stroke of genius which will convince even the most hardened Aussie Firster to hang his head in shame, I am sure.

Mac fans! Don't run any old guff from the web: Malware spotted exploiting OS X root bug

JLV

Re: Totally unacceptable

Signed apps may not be such a good idea In my case. I get a lot of open source macports apps and the occasional non-macports non-appstore apps. I have signed apps turned off because it has often bugged me in the past for these.

In fact, searching for "macports signed apps" got me nothing relevant so I'm really not sure where macports stands. I assume firmly in the unsigned camp, due to certificate costs. Thoughts? Homebrew?

As to obsolete HW commentards, my 2011 mbp would run latest and greatest just fine, thank you. Not an excuse for Apple to drop the ball so clumsily. I usually wait at least 6-8 months before upgrading. Let others blaze trails.

I bought Apple because I didn't trust Windows security, did trust BSD and partially because I was too lazy to tweak Linux installs. Can't be the only one with this profile who is feeling let down by Apple's behavior.

JLV
FAIL

Totally unacceptable

We have a root exploit that wont get fixed on <= Mavericks. And now another one that is what, getting fixed next release? Trying to one-up MS? They may have tons of holes (even getting less so, perhaps), but usually they do try to fix the big ones as they happen. Not "next release".

FU Apple.

Windows 10: Buy cheap, buy twice, right? Buy FREE ... buy FOREVER

JLV

Re: It's all about the developers

>most of their money from enterprise licensing fees not home users.

I'll take your word for that. But at the same time, how many corps have upgraded to 8x? Not many, I gather. They are slow and conservative at the best of times, but 8's massive consumer WTF must have rang big fat alarm bells at the retraining costs and productivity loss for users. I mean it took me 5 mins to activate the charms on 8.0 and I roughly knew where to look for it and that it was a mess to find.

You're nailed it that upgrades are likely not a big $ hit. And I think that's the key to Dabbsie's conundrum. Goodwill, much needed, at a cost most accountants would rate as negligible. New comps will still get the Windows tax. Companies will still pay MS corporate rates. Most users will buy new computers. And in one year, things revert back to pumpkins.

Now, if only Apple would apply the same cost/benefit analysis and realize locking their computer RAM earns them minimal extra money but much badwill from power users...

Gay emojis? GAY EMOJIS?! Not here in Russia, comrade

JLV

Goodwin

Really? Do you have data to corroborate that assertion on a generalized basis, not just as an anectdote? I know Hitler was aided into power by the Brownshirts, a number of whom were gay and in fact were liquidated during Kristallnacht. Thats in 33-34, gas chambers were 1940 and up.

Past 34? Who knows? Data, not rumor, is bound to be sparse if you consider the consequences of being outed. I certainly haven't heard of massive amounts of gay Nazis, I'd guess they'd have as big a proportion as any random group, but I welcome your insight.

Me? I find homophobia distasteful enough on its own, no need to drag in the old "jeez he's gay himself" chestnut. Though it does happen and can make for especially effed up bigots. A certain US TV preacher comes to mind.

Putin? Anything to make his electorate feel under external threat. That's been his modus operandi for a while now and the fools gobble it up.

Hawking, Musk, Woz (and others): Robots will kill us all

JLV

Re: Excellent

>*Hawking.

upvoted!

<insert sheepish icon>

JLV

Re: Excellent

Musk & Hawkings have both warned about AI risks. There is a strong relationship between a capable, non-munition, weapon (i.e. one that shoots, not one that is shot as per Lewis' examples) operating autonomously and pursuit of an aggressive to humans AI capability.

I believe they are correct to engage the debate but unlikely to have much success. If there is ever a significant US - China conflict, I expect drones to be a strong component of it, esp from Chinese end. They don't have the military expertise/tradition of the US, they do have the engineering and they have incentives to follow untraditional methods to bypass US dominance. Another form of asymmetric warfare but this time between top-tier opponents.

Ultimately we need to get better at not wanting to kill each other rather than hoping for weapon restraint doing the thinking for us. Though there are plenty of examples of arms controls working - cluster bombs, landmines, NBC.

US State of Georgia sues 'terrorist' for publishing its own laws ... on the internet

JLV
Unhappy

Hidden taxes and wastes of time

There are way too many silly cases of standards and legal codes that are meant for public consumption, but are charged by nominally neutral and public-interest parties.

For example, I find it galling that in 2015 we still can't access the mysterious ANSI SQL standards docs without paying a presumably large chunk of change for it.

Ditto having to buy a sample house owner to provider contract from my province's home renovation/construction professional organization. This was a while back and it was only $25, but what a waste of time. How many of these things do they sell anyway?

Anyone claiming to be an IT standards or public service entity should be shamed into being more open.

Mozilla loses patience with Flash over Hacking Team, BLOCKS it

JLV

Re: The best bit is....

>would you prefer a news service that hushed up stories?

No, I had not thought of that angle at all and I don't suppose the OP did either. I do understand support for the reporter however.

I don't mind the BBC's reporting in the matter. It's ballsy, if anything, not to sweep this under the rug. Kudos to the reporter and editors.

I do, very much, mind the fact that the BBC's IT department is clueless enough to still use a video technology that puts their users at risk and has been known to do so for, oh, at least 5 or 6 years.

DRM, as suggested? It's a news site, not Netflix. They produce and own the content. Besides, even if DRM is a driving factor, take inspiration of big html 5 video sites for content protection (and ad-serving). Or, start using the DRM support in the browsers, if you really, really feel like you need to (that is not me voicing support for DRM, especially not in the context of a news site).

But don't serve videos with Flash. End of story. The BBC, and CBC, are funded, at great expense, by the taxpayers of their respective countries. They have no business putting those same taxpayers at risk needlessly by following fundamentally insecure web practices.

I am sure the techies at BBC know how to ditch Flash (the CBC I am somewhat less confident about). So one can only suppose it comes from clueless top management and perhaps the legal dept not wanting to lose whatever control they think they get from Flash.

And, Flash ads? By all means, keep them if you wanna. That doesn't interfere with serving contents without Flash. Again though, it is 2015, and advertisers must know that audiences are gradually tuning outta Flash.

JLV
WTF?

Re: The best bit is....

I wonder why the downvotes. One category of websites which refuses to get on the html5 video bandwagon is news sites. BBC and CBC foremost. These are well-funded operations and surely they have the technology in 2015 to use something else than Flash, yet they persist in using it. Crib from YouTube if you need to.

I bet newsites are also one of the biggest reasons why Jane Average user, if she is aware of Flash's putrid security model, decides to stick with Flash after all. As soon as she turns Flash off she'll get all sorts of "not working" crud from news sites, that she trusts. So presumably she needs it after all.

Sure, there are tons of other sites using Flash for various reasons. But not many have the level of average user visibility along with trust factor of news sites.

Really, large non-profits and government-backed public sites should be more responsible in phasing Flash out.

I will also nominate Google Finance to this hall of shame - "For the ubercool interactive charts, you need to install the Adobe Flash Player". d3.js, anyone?

p.s. El Reg doesn't really impress here either true, but not many users will re-activate a plugin to avoid missing ads. More like an unexpected benefit.

Microsoft rains cash on OpenBSD Foundation, becomes top 2015 donor

JLV

Re: Microsoft...

>totally insane rabid fanboi

You need a special kind of mental filter to believe that all those shiny macbooks that you see around would not, in a another universe entirely, have been Windows-running laptops.

In that sense, yes, Windows has suffered quite a loss on the consumer side of things. It hasn't lost much on the business side because Apple is pretty darn incompetent in the corporate world (upvoted that person, he makes sense, you don't).

To flip it around. This would be like arguing that Windows has not suffered from Linux because you don't see any Linux desktops/laptops in common consumer use. You don't but the hurt is coming from the server side and the phone/tablet side. It's still there and ask Ballmer, it hurt plenty.

This has zilch to do with whether or not one likes Apple or Apple's technical merits or lack thereof. It has to do with market share on the consumer side of things. I know, market share == totally horrible word to some techies, but for some of us it it has some relationship to our paychecks continuing.

15 years ago, consumer computing was Windows, Windows, Windows. Now it is considerably less so on PCs. Let alone phones & tablets.

If I had phrased my remark more specifically as in "BSD, thru OSX, is a threat to MS in the enterprise space" then, yes, you would be correct to state I was a drooling idiot. Did I do that?

Should I type more slowly, dogged? Going too fast for you on a Friday?

JLV

Re: Microsoft...

>BSD simply isn't a threat

Errr, it's a $700B threat, in the form of Apple ;-)

Albeit partially based on Next technology and not sure which flavor of BSD OSX most derives from.

JLV
Angel

Re: Strange bedfellows

Nadella had a low, if somewhat corpulent, bar to improve on, true.

I agree that they are making a lot of fairly nice moves lately. Whether or not Windows 10 will be success is another thing, but them coming to the realization that there will always a place for not-MS tech and not being so defensive about it is a good start to mending fences.

The world can surely accommodate Windows, Linux and BSD family. In fact, it'd be nice to see new OS paradigms, these 3 are really old tech though I don't mean that in a bad way.

Microsoft starts switching on paid Wi-Fi service with latest Windows 10 preview

JLV
Happy

Re: Feaping Creaturitus

>part of the kernel operating system

"kernel"

That there word don't mean what youze thinks it means, young Shannon.

SatNad's purple haze could see Lumia 'killed'. Way to go, chief!

JLV

Frankly, they don't have a choice

Phones are immeasurably more powerful now than they were 10 years ago and have emerged as a principal personal computing device. Healthcare IT, a long promised category, is looking to exploit the combination of sensors and CPU muscle. Tablets can serve a lot of vertical markets. Cloud server muscle + phone client is also a potentially interesting combination (I'd say synergy but ... buzzword). Yada, yada, yada...

MS may not like where it is in phones and tablets. And they shouldn't. Their phones may not be a total technical failure, but they are a marketing disgrace.

But MS also doesn't have much of a choice but to stick to it. Otherwise, in the long term, they risk becoming marginalized to the desktop category, albeit with a solid chunk of the corporate server market. However, if you look at a who's who of corporate servers 25 years ago, you'll see many gravestones now.

If I were a shareholder, I would not fancy them exiting. They should trim down all their other fat first and look at the long term. They have a big enough warchest and anything else smacks of short termism..

Last, if you were looking at committing to MS on any tech and they backtracked here, how would you evaluate your risks then? Silverlight and WinRT were bad enough, this would be a huge loss of credibility for any new undertaking of theirs.

Decision time: Uninstall Adobe Flash or install yet another critical patch

JLV

Channelling Mrs. Reagan sitting on Mr. T's lap**

Just say 'No', Fool*.

Many, many, sites do not use Flash. Many more will work just fine without you having the plugin. Yes, news sites like the BBC are still stuck in Flash land, but only for some of their videos. Just like Java applets, once you get rid of them, you realize how the risks far outweigh the benefits.

* Sorry, didn't mean to be rude. I did have to channel Mr. T too, hence "Fool".

** google "Mrs. Reagan sitting on Mr. T's lap". disturbing.

Firefox to speed up dev cycle, go multi-process, rip and replace UI – soon

JLV

my $0.02 - throttling

how about an easy, baked-in, way to limit CPU and memory use, on systems that support it?

That could be based on 'nice' on nix. Or whatever, really.

But FF has the tendency to gobble up >1GB ram (or page it). Ditto with 90%+ CPU, sometimes. I know that Chrome isn't much better (if you tally up its processes), but I would see that as a major improvement on FF's current offering to have a more realistic, noob-friendly way to throttle it.

In most usage scenarios, there is no reason for such hog-like behavior. A browser is not Crysis running maximised while you are eating cheetos and talking thrash to your buddies. FF should recognize that it is most likely to be one of several programs that you are using at that point in time and calm the heck down. Yes, it would be nice if OS support was better for throttling for user-visible tasks, but FF should do its best, including just in terms of documentation on how to configure throttling on the host OS, to address this issue.

Aside from that, FF is not perfect, but I am happy enough with it. If the critics really have a big grudge, hey, complain in a reasonable fashion (looking at you, Mr Kill-Yourself) and/or move to alternative browsers - each platform has several of those. Enough departures will show FF the error of their ways and you didn't pay for it after all.

JLV
Thumb Down

>IF YOU JERK OFFS AT MOZILLA WANT TO DO SOMETHING KILL YOURSELF!

That's pretty effin uncalled for.

When directed towards anyone. But specifically to people, who whatever faults you find with it, do provide a free browser to many.

Way to motivate devs.

Will rising CO2 damage the world's oceans? Not so much

JLV

Re: "rapid changes in an environment"

>Your anecdotes about current weather events have no bearing on global warming.

My anecdotes, as I acknowledged in the interest of honesty, are not individually proof of causation by global warming. However, the increased accumulation of "anecdotes" (Antarctic ice shelves breaking away, shrinking arctic ice cover, 2014 being the warmest year one record, the Midwest and Eastern seaboard aside*) do add up to a growing body of evidence that the 90%+ percent of AGW-leaning scientist might, just, perhaps, be on to something. And, no, they don't seem to think that your "decades" are worth the hot air you are using to spout them.

>do you actually believe the computer climate models can predict global surface temps to within 1C?

No, I don't. They may overshoot or undershoot. Your point?

You remind of the great and glorious general McClellan of the Union army. He wouldn't ever move until he had every last gun and soldier in place. By the time he did it was usually too late and he got his ass handed over to him time and again by Lee.

I suppose that, in your worldview, nothing should not much be done until every single bit of doubt and uncertainty is removed. Even if there is generally accepted scientific consensus that inaction and increasing emissions are putting us at risk. The uncertainties you point out do not affect the big picture all that much and you seem educated enough to know better. And that's why I did not have someone else in mind when I claimed cherry-picking.

I will grant you is that cutting emissions by X% on any fixed volume of our carbon emissions will be easier and cheaper to do in 10 years than now. We are, slowly, learning our way around the engineering and, yes, the science. And should not overcommit to any given technology until they are proven to work. We are also learning that Greens, and various political parties, do not always just care about CO2 and science, sometimes they'd like to hitch their preferred worldview along for the ride - GMOs, organic farming, consumption limitation, etc ,etc....

Those are real considerations in planning our strategies but it does not, in my opinion burying our head in the sand because every single iota of your questions hasn't been answered. We don't have "fixed slices of emissions", all of them are still growing and will take more effort to bring back down later on.

Last, one thing that many scientists seem to be agreeing on - while it may be difficult to limit CO2 emissions, CO2, once in the atmosphere will, in terms of your precious "human timescales" be essentially permanent. We do not at this point, have any credible large scale way to remove it and no natural processes will do it very quickly either. So erring on the side of caution would seem prudent.

* https://www.nasa.gov/press/2015/january/nasa-determines-2014-warmest-year-in-modern-record

JLV

Re: "rapid changes in an environment"

"are not rapid at all on a human timescale"

But extremely swift on a geological and evolutionary timescale, wouldn't you say?

"won't start to be evident to the average person until hundreds or thousands of years from now."

Oh, really? As I am typing this my usual clear West Coast coastal air is strongly reminiscent of a Beijing smog fest. After pretty much zero snow this winter we've had an unusually dry, clear and hot June. Lots of broken temperature records. Now we have about 50 ongoing forest fires within a 200 mile radius, an air quality warning with about a 3/4 mile visibility when I woke up and ots of sub 2.5 micron particles, precisely the crap that's associated with extra pulmonary diseases.

Add to this, what 1000-2000 deaths each in Pakistan and India due to heat waves in the last month, a pretty extreme drought in California and the Australian brush fire deaths of a few years back.

No, none of this is evidence of global warming causation. But those problems are clearly caused by increased local temperatures.

If global warming turns out to be real, and not the laughable hoax you think it is, we can expect more of these kinds of events, precisely because temperatures are trending up. And, again, it is worrying to see this development so early on. By any metric, even well-intentioned and effective climate change mitigation will take a long time to slow down CO2 increases and yet we seem to be observing some impacts already. That on the basis of 600-800 million historically heavy polluters in North America, Europe and Japan. To which we are adding hundreds of millions of newly-polluting Chinese.

Again, wanna bet that this will not cause any problems?

BTW what are you going on about "denialist"? Did I use the word?

I am all for funding for scientists who could disprove the A in AGW. Too much at stake to be censoring science. Science depends on contrarians to advance. And, granted, a lot of our current reactions have been laughably stupid: ethanol biofuels, German nuclear abolition and coal increase, GMO scare-mongering...

But that's not quite the same as being impressed by your arguments. Or giving the small minority of anti-AGW scientists the same weight in public policy and debate on the basis of "balance". At least, not until they've presented credible evidence that increased CO2 is not going to be a problem after all.

Science is not a democratic process where 2+2=5 if enough voters say it is. Give critical scientists funding sure, but keep a neutral assessment of the facts and evidence, unclouded by personal preference of how you would prefer it to be. If 20 data points say global warming is real, don't claim that a contradictory 21st disproves the preceding 20.

That's called cherry picking and that's precisely why I lack respect for your opinion. Disprove them all and sink AGW and I will be very grateful - this global warming stuff is a ghastly inconvenience.

JLV
Meh

"one of the basic engines"

Good news, in this case, but the operational word is "one".

Are you a betting man that all essential cycles will not be disrupted? That's the problem with this global warming bit. We don't know exactly where we are headed.

https://xkcd.com/1379/

It doesn't mean that I like greens a lot. I don't, and I would probably prefer to have a beer with Lewis than with Naomi Klein or her ilk. But rapid changes in an environment are cause for worry.

At least one other engine looks shaky: we are having large die offs of oysters in Vancouver Island. The current suspect is CO2-caused acidification of the seawater which complicates shell formation. This is not news, as a theoretical risk, but actually seeing the first possible signs of it, fairly early on in the current climate change cycle, is worrying.

Ocean ecosystems have a lot of unexpected couplings.The kill off of all the sea otters here led to increased sea urchin populations who ate up a whole of kelp which shelter fish. End result was less kelp and less fish.

Who'd have thought removing one fish-eating predator would let to loss of fish stocks? No one, until it happened.

So, good to know about plancton surviving, but let's not assume we'll dodge all bullets.

German gets 4 years in clink for $14 MILLION global ATM fraud

JLV

In a US court 4 yrs is a slap on the wrist. 4 yrs for at least $14m? Hardly a deterrent and ironic in a country where shoplifting a pizza can get you life courtesy of 3 strike laws.

All for reduced incarceration for minor crimes, but large scale white collar crime is too lucrative for such leniency. Risk vs reward and all that.

Kobo Glo HD vs Amazon Kindle Paperwhite: Which one's best?

JLV

Re: my killer app

Not sure about the Kobo, got it for my daughter.

But the basic Kindle does has white on black, black on white and sepia. Fonts can be dialed up or down and the adjustable backlight level also helps a lot if your eyes are tired. Depending on the situation, I find myself varying the settings quite a bit to suit.

Also, backlit e-readers a la Kobo/Kindle are much, much, less disruptive to my sleep than a tablet or a PC.

German army fights underground Nazi war machine hidden in Kiel pensioner's cellar

JLV

On the other hand I dunno if I'd be so happy to have a neighbor with a torpedo. Unless, of course the explosives had all been removed by a bomb squad.

JLV

Re: Pity it wasn't a French tank

IIRC an Archer wasn't so much a tank destroyer as a motorized anti tank gun with escape capability. Ambush, shoot, scutter away. And, repeat.

AT guns were good at first contact but would not do well against sustained infantry or artillery attacks once they were spotted and were stuck on location. The Archer was meant to avoid that. No idea how well that weird idea worked out but AT guns were pretty much gone by the 60s.

Microsoft: Stop using Microsoft Silverlight. (Everyone else has)

JLV
Happy

Good boy, MS, good boy

Now, if our favorite broadcasters would just dump Flash video as well...

Looking at you, BBC, CBC. Especially daft when you see 'install Flash' on a mobile that doesn't support Flash %-((

Crowdfunded beg-a-thon to bail out Greece raises 0.003% of target

JLV

Re: Ignorance of the issue

>>You're complainign that the bonds' risk was priced incorreclty, but it clearly wasn't.

IIRC correctly, before this all blew up, circa 2007-2008, Germany's bonds were at 3.5%. Greek bonds were at 4%. So, you take the small borrowings of a generally solvent, big, fairly dynamic exporting country with a large economy which had been getting more competitive recently. Then you compare it to country which does not export much, has already borrowed huge amounts of money, is not, to say the least, at all dynamic and well run. And you price that at an extra 0.5%?

Now, I know what you are saying. EU ended up covering. But that is not the whole story. When Argentina defaulted, a lot of banks had been lining up loaning them more money because they had forgotten that Argentina is default-prone. Sovereign-country bond risk is generally priced low, but historical stats do not fully support that risk assessment, only medium-range amnesia about past defaults coupled with short-term greed.

You are saying that they were priced correctly because they knew the EU would pick up the pieces. But look at things like the Madoff affair, CDO risks leading up to 2008 mortage crashes, the Iceland banks. These show that banks often operate on rosy assessments and against basic economic wisdom even when there is no obvious exit strategy. So, no, someone is not exercising due diligence.

And then, if is bad enough, then the taxpayer steps in. Which they kinda have to, by the way, bank runs are disastrous.

What we need is a mechanism where there is a clear and direct line of responsibility in case the problem gets bad enough that taxpayer bailouts are needed. At that point, the top, decision-making, level of the banking executives of the bank in question need to lose their job for incompetence. There needs to be special legal clauses that cancel their golden parachutes and significant government contingency funds to combat any defensive legal action. Furthermore, we already have mechanism where convicted criminals cannot work in the financial industry. Those need to be adjusted so that those executives are also barred for life.

And what about the bank that was getting US federal bailouts and then turning around and paying big bonuses? Bailouts should mean an automatic cutoff of the bonus spigots for folks over a certain pay threshold.

I do not dispute the need for banks. And I don't have a huge chip on my shoulders about bankers. Honest mistakes can be made and it is not the government's job to nanny everything. But in almost any private sector industries, failure is less cause for systemic concern and is more limited in scope. And has generally resulted in more heads rolling. I mean, you'd have to look at things like HP buying Autonomy for $10B to see something as stupid as 4% Greek bonds or Madoff and I am sure a lot of those guys have been tarred and feathered, kinda.

These may not be the exact regulations that are needed and I am sure there are impracticalities.

But, if we don't introduce an element of personal risk, skin in the game, to making very bad banking decisions at scale, we will just be doing the same thing again in a few years for a different crisis. This isn't from a desire for revenge, just my perception that bankers, who are very smart guys, need to be incentivized to pay way more attention when they commit their companies to strategic directions that can result in ruin.

JLV
Paris Hilton

Re: Ignorance of the issue

> The banks all got their money back, rather proving that they didn't make a mistake here.

You are 110% correct.

I was naively thinking of a world in which bankers performed their essential function correctly, were remunerated handsomely, but reasonably, and were held accountable for their business decisions. As in "get fired, like everyone else does, when you screw up badly enough".

You know, banking being a regular business, not tails-I-win, heads-taxpayer-loses.

Sorry, gotta go. My unicorn is calling from the garden.

p.s. Not sure that the EU will do whatever it takes in this case. In years of following international news, I can't remember seeing diplomats and politicians of nations that are not at war be so publicly acrimonious towards each other. Oddly refreshing but that level of distrust will make it hard to reach a deal, regardless of the merit, or not, of aiming for one. Not to mention that Tsipras has worked his electorate into a frenzy and they are now in the loop as well.

JLV

Re: Ignorance of the issue

>Don't blame either the Germans of the Greeks, blame the loonies than lumped them in the same box.

Blame the loonies that loaned them money at (nearly) the same rate for years. Bankers were so lazy in chasing extra returns that they didn't properly rank risk. The bailouts to date have had the results from transferring risks from banks to EU governments, and ultimately taxpayers.

The Greeks have suffered hugely but still haven't nearly gotten their heads out their asses. 67 retirement age by 2020? We've had that in Canada for years now and we don't have demographics that require it nearly as much. Shows what sufficiently stupid voters, essentially electing governments that spend beyond their means through up and down economic cycles, have too many public servants, tolerate corruption and promise mathematically unsustainable benefits, will achieve. France, with 30+ years of not balancing one single budget, might wanna think about that.

With all the contempt that is their due, it remains true that any tinhorn country out there, a la Argentina, would have its debt reduced because they couldn't pay. Simple as that. Greece has had the farce that everyone pretends to believe that their stupidity can be fixed and that the stupidity of their lenders does not deserve haircuts.

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

JLV
Facepalm

Re: If you can't be a good example..

shades of circa 2000...

'Yes, our users need VBA auto-run for incoming Outlook messages' scripts. Not having it would be a major loss of functionality".

Microsoft's magic hurts: Nadella signals 'tough choices' on the way

JLV

reminds me of visiting an MS store near SF

You know how in Apple-land, the hipster salespeople are outnumbered by the salivating fanbois? And how it is sometimes difficult to get any attention?

In MS-land, there was no buzz whatsoever, the sales staff significantly outnumbered the few bored browsers and they were all over us trying to be helpful. We left with a free SIM card which I was vaguely thought of putting into my Z10 and activating. Their phones were also incredibly cheap, some around $50 unlocked IIRC.

Overall, didn't get the impression that they are getting any respect and I felt sorry for the salespeople. Kinda.

Keep in mind - whatever MS's flaws, the world is not going to benefit from an Android/Apple duopoly.

Microsoft's curious Sway comes to iPad and iPhone

JLV

Re: Oh the silly names. My eyes! My eyes!

Jammer = "too bad"

And the following may enlighten you re a certain photo sharing apps, from the root "fikken", I believe. Applies to German as well.

echo Flicker | sed s/i/u/ | sed s/l//

echo Flick | sed s/i/u/ | sed s/l//

Sorry, slow Friday ;-)

Yahoo! displaces Ask in Oracle's Java update crapware parade

JLV

Re: Who the hell uses Java nowadays?

Well, alright, I dislike Java just as much as the other guy. And I wanted HD DVD to win as well (mostly because I am not a fan of Sony).

But hating on a physical disk system because its players can run a Java subsystem? The whole thing being totally, blissfully, hidden from the end user*, especially as there are probably tons of DRM-related reasons why you can't muck around in the player anyway?

Seems like you might as well hate Java because the sky is blue. Which is fine, your choice, but still...

* though... I wonder if the teething problems of early-generation Blu-Ray players, where all sorts of disks would not play because your firmware did not support version X.Y.Z of BD spec were not Java-caused. In which case, I retract all of the above snarkiness and agree fully with you. Kind of settled now, but I originally bought a PS3 just for BD playback because it had a good reputation about keeping up with the moving BD spec targets which was not the case for many 2007-vintage players.