Posts by Doctor Syntax 33095 publicly visible posts • joined 16 Jun 2014
It depends on what balance you want to achieve. Traditionally performance requirements have dominated. The result seems to have been at the expense of security. Is that the right balance now? As H/W gets faster should the balance change? Could we reduce the performance penalty, at least in user-facing systems, by cutting down on UI bloat?
Whether micro-kernels are the way to achieve it or not (and possibly they might be) I think there's a need from the security PoV to move away from the idea of an all-powerful root user. The MO of a lot of exploits is privilege escalation.
The functions of root need to be split. One function would be to allocate user IDs. Another would be to allocate storage space. A third would install applications. None of them would have the ability to read or write anything other than what they need to do. If an application needs to access file space it should do so in a space allocated for that particular application or at most a class of applications.
Instead of calling a common kernel service an office application, for instance, would call an office data storage service with some means of checking that the client was a registered office storage client in addition to the check that the user had access rights according to user, group or public settings* with nobody else.
The storage service might even be able to check file format. It might provide versioning. What it wouldn't do would be to provide read access to some malware trying to exfiltrate data or hold the data to ransom. Such malware would not only have to impersonate the user but also the application.
This division of responsibilities might have a performance impact but that would be the cost of security. As things are we currently see security being sold cheap in terms of convenience and performance. It needs to be given a higher value.
* Or some other ACL
The whole of S/W development (and that includes micro-code in processors) is about abstracting the real bits in the computer into some form that's easier for the user to grasp. If that were not the case we'd still be writing programs in machine code.
AIUI he hasn't. He's just taken "everything is a file" and changed it to "everything is a URL". It extends "everything" to include stuff not on the physical computer. Whether or not this is a good idea is debatable. It assumes that the computer is on-line and if it isn't there must be a lot of URL equivalents of "file not found".
"This leads to absurd situations like the hard disk containing the root filesystem / contains a folder named dev with device files including sda which contains the root filesystem."
I suppose one way round that would be to mount dev on /..
Back before the internet became commonplace The Newcastle Connection had the network at /..
"I also considered the unpleasant scenario of being killed during international travel and the challenge of identifying my body until someone found a pair of glasses to shove on my dead face."
Depending on circumstances glasses might be the least of their difficulties.
"That's the companies sale"
And that, folks, is the main point to remember. It's exactly the same as the biggest outsourcing company you can think of. Sales rate is not the same as the rate paid to whoever's doing the job The biggest differences are: lower day rate then them, less overheads and, it seems a much greater interest in doing a good job for the client because the sales and marketing staff are the same as the delivery staff.
Yup. It's always the same. You get that sort of comment and think "Are they really Goody Two-shoes?". They don't have the balls to try it themselves, in fact they're so far from doing it that they haven't really looked at the details so they're completely uninformed about the realities. Dogs & mangers come to mind. Or sour grapes.
It's not so much what they understand what contractors currently do for them. It's what they want them to do for them in a couple of weeks' time: vote. And the reason it's become an issue not is the realisation that over the last few years there's been a democratic shift towards all sorts of forms of non-standard (in tax terms) employment so that means more votes to lie grub for than in the past.
"it has been forced to pay it all as salary."
The official line isn't "forced", it's "deemed". A weasel word if ever there was one.
Add being between contracts onto the list of what the company should be making provision for. One of the things clients usually want is instant availability. That's an expensive attribute to provide. The freelancer who's available on Monday when called on Friday has probably been "available" for some time, otherwise the agent is trying to fish in a very small pool.
"When IR35 was first mooted, and increasingly as it has morphed into what we have today, the premise was that the 'companies' and 'small businesses' were really not companies at all, but a vehicle to be employed by a company with some significant financial benefits. So they introduced the term 'disguised employees' and then deemed that their Personal Service Company (PSC) was not really a business at all, so did not fall into the category of either businesses or companies, and thus are not in scope for his statement."
This doesn't seem to have changed as far as Labour is concerned. The only morphing here is that the Conservatives have ceased to be the party for small businesses. And can we please avoid the term PSC. The individual freelancer's company, as you go on to say, is just a smaller version of the bigger outsourcing companies although probably better motivated to do a better job. The correct terms should be "Small Outsourcing Company".
"In addition, for tax purposes, self-employed and employed by a PSC are completely different things, even now. So they can very easily claim that they are supporting the self-employed while taxing the hell out of a PSC."
Limited company freelancing only came into existence (AFAIK - it was before my time) because the IR as it then was came down on the nearest limited company in the chain if a self-employed person defaulted. I don't know if this was a frequent occurrence or FUD but it seems that HMRC have finally worked themselves into the same position again.
One of the central problems here is that tax rules are drawn up by people on salaries with incremental scales and reasonably secure employment and don't really understand that any other way of working exists and is essential for the economy.
It depends on various factors such as the attitude of HMRC and the phase of the moon. The contract and working conditions may have some minor influence but the attitude of HMRC will be that you're caught anyway.
Serious answer - get the contract reviewed by a competent reviewer along with as much additional documentation you can get your hands on about the nature of the engagement. Look like an independent company. Don't use the company account as a pipe-line to direct cash straight from Apple to you, either as salary or dividends. Pay yourself a reasonable salary whilst making provision to be able to keep paying after the engagement's ended. When a pimp agent rings up after you've finished the first question will be "Are you available?" and providing that availability will have cost your company money by continuing to pay salary whilst you're on the bench.
According to https://www.bbc.co.uk/news/election-2019-50547793 Labour plan to end bogus self-employment" so maybe that's how they plan to abolish IR35. You will be directly employed irrespective of whether you or your employer want that to be the case.
Not that I believe any of it. This has been the worst election for unfulfillable promises that I can remember - and that includes N Irish elections as well as UK.
"would you have been OK with that being put on the notice board?"
If he wasn't he could have removed it. In this case the person responsible didn't do anything about it. In fact it was eventually the guy who was fired who actually did the right thing by putting it into confidential waste when it hadn't been collected. Reading the judgement it also appears that he did the right thing on finding it, namely putting it in a place where it was common to leave uncollected print-out.
"Ah, but if everyone keeps quiet, how do you know your deal is special or not ?"
Everyone anonymously writes a figure on a piece of paper, not specifically their salary, and puts it into a pile. Everyone is told what all the pieces of paper say. Nobody knows who wrote what but all of them know what their salary is and if the figures reflect salaries they know how special they are.
Of course people might lie, leading to more dissension. Manglement might then conclude that openness might have its advantages.
It's difficult to see how they could have made more determined efforts to fail.
Initial carelessness in either printing it out unaware (a possible explanation for not collecting it) or failing to collect a deliberate print out.
Taking umbrage that something left in plain sight had been remarked on.
Not expecting it to be discussed.
Taming more umbrage when it was.
Picking on one employee.
Not being able to conduct disciplinary proceedings to a standard that would keep them out of court (probably an impossibility anyway in the circumstances but they seem to have made outstanding efforts in this regard).
Not settling ensuring that they did end up in court going full Streisand.
“Although .org has often been thought of as a ‘home of non-profits,’ the domain was not actually defined that way,” he wrote, citing IETF document RFC 1591 from 1994.
He should have been more careful what he quoted. That RFC also says "It is extremely unlikely that any other TLDs will be created."
We still have a huge - about 5' high, 6' wide - very solid and heavy oak book case we bought at auction soon after we were married. We were only in a second floor flat, not fourth but the stair case had two flights and two landings per floor so it was a tight fit and did I say it was heavy. It's amazing what a few young students can do when they put their minds to it although it still has a scrape of paint from the staircase wall.
In the early days of commercial computers David Brown Tractors got one, probably an Elliot. It was too heavy for the lift but they arranged to haul it up the lift shaft. It broke free from its rope and fell. The bloke who'd tied it on fainted. It must have been a family trait, his daughter was in my class at school and at the mention of the word "blood" keeled over off her lab-stool.
"The people working on it are still mostly in the USA"
The point that Rich 2 was making was the wider one about open source projects in general. People contribute to open source from all over the world. It would be very difficult for the likes of Trump to split out contributions from US citizens. It would, however, be somewhat easier to lean on any US-based infrastructure including foundations that support projects. Not that it would make too much difference - the projects themselves would be out from under as quickly as you can say "fork".
"Of course anyone involved can explain the niceties of Swiss incorporation and international jurisdiction to the SWAT team coming through their door."
Alternatively they can just leave a note for the SWAT team that they've upped sticks and gone. Oh, I forgot, US citizenship doesn't include the right to travel does it? It's like the middle ages in Europe - you have to get permission from the lord of the manor to move elsewhere.
"I've said before that I don't understand why so many open source projects are incorporated in the US."
A lot aren't physically in any particular place unless you count a Github server and maybe it's time to rethink that in favour of one hosted by a business outside the US. Some are in Germany including NextCloud , KDE and the Document Foundaton. AIUI German law has advantages for registering such organisations. Dyne.org who support Devuan is in the Netherlands and the devuan.org domain is registered in Italy.
If I were an HP stock holder I'd be thinking that most of the money I'd get would be borrowed. If I also got stock I'd be holding a chunk of that debt. In other words I'd effectively have borrowed the money to pay myself and have to pay interest on it. No way would I want stock.
OTOH if I were a Xerox stock holder I'd be thinking if it were an all cash deal I'd be borrowing heavily to buy a chunk of HP shares - but if I wanted to do that I'd just go out and buy them myself. But Xerox has money from the Fujifilm deal; instead of borrowing more money to no good purpose why don't they just hand me my share of the cash in hand?
"But just think we still take over a year to become slightly self-aware"
My recollection is that babies start out self-aware but aware of nothing else. They certainly know when they want something and able to let you know but the second part is probably pre-programmed That year's spent becoming aware of the environment they're in, correlating the inputs from the different senses. They learn to understand what they see has other properties by touching it, trying to eat it etc. That understanding of the external world is crucial.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
