Posts by thames

Re: correlation is not causation.

Yes, correlation is not causation. If you analyse a set of data enough ways, you stand a strong chance of finding various meaningless correlations purely by chance. They could just as easily have found, by chance, a correlation between pay levels and the colour of your underwear.

This is a common mistake amongst people who don't actually understand statistics well enough.

It sounds more like it's about telling you to keep your mouth shut about vulnerabilities than asking you to find some for them.

For example, suppose GCHQ are exploiting a vulnerability in the telecoms gear in Berlin to monitor cabinet conversations in the German government. GCHQ know from reading the literature that you've published previous papers on related security research. They then serve a warrant on you telling you to "assist" them by running anything by them first before publishing it. If you start getting warm with regards to a vulnerability that they're using, they'll tell you to "assist" them further by stopping work in that direction and not to publish anything about it. The warrant will also forbid you to say that there's even a warrant. That protects their ongoing use of that vulnerability.

The sort of equipment we're talking about is expensive and not in the hands of the general public, so the number of independent security researchers working on that problem domain will be very limited. Keeping them muzzled would not be difficult, given the tools described. The fact that nobody seems to know what the law actually means in practice is unlikely to be an accident, as they have an ingrained reflex against revealing that they even want to do stuff like this.

They could be doing this right now, and there's no way for you to tell.

Re: Usage Stats

I think the Dot Net or IIS sites that are on the Internet tend to be mainly older systems. It's pretty rare to hear of a new large scale application using either. Yes there are a few existing successful ones, but they tend to be ones that were built back when IIS and Dot Net were considered to be serious major competitors in the Internet market (I think remembering that makes me sound old).

The mainstay for Dot Net and IIS these days tends to be legacy business applications that run on internal company networks out of public view. Dot Net and IIS are the new COBOL and mainframe.

Re: OTGH

The problem here isn't the OS itself, it's the user applications that are written in the Java language that are the problem. The apps that are written in other languages are not at issue. If you port the Java language apps to a new OS, you haven the identical problem. If you replace the Java language apps on Android, you've gotten rid of the Oracle problem.

In other words, the problem isn't the Android OS, it's the apps written in the Java language (even though it's technically not "Java").

Replacing the Android OS itself would be silly, as their are loads of simple apps written in Javascript (which has no relation to Java) and loads of complex games written in C++ which are unaffected by this.

As for what Google's "plan B" might be in all this, the most straightforward one would be to replace the recommended programming language with one that doesn't duplicate any of the Java APIs. Since it's the Java library APIs and not the language itself that is in question, any language that runs on the JVM and calls the Java libraries could be equally problematic. That means that Kotlin, recently given official support from Google, could be in trouble until and unless the lawyers can give the standard library a good going over and assure everyone that there's nothing resembling Java APIs in there. Google Dart might be a safer alternative.

Once Google have picked a new recommended language, they need to figure out what to do about the existing apps written in the Java language. Perhaps they could release a program that mechanically translates Java to another language. For those developers who don't want to do that, they could let those developers negotiate their own license directly with Oracle. I suspect that given that alternative, most developers would either choose to port to the new language (using the automated tools provided by Google) or withdraw the app from the app store (for apps that were not selling well anyway).

For software developers in general though the message seems to be to avoid Java like the plague unless the customer insists on it, and in that case make sure the customer is the one bearing any and all risk (get that in writing).

The above applies to mobile phones. If Oracle are successful however, I doubt they would stop there. Traditional server systems would be at risk when Oracle casts their eyes upon them looking for excuses to squeeze licensing fees out of everyone using the JVM in some way. Alternative languages which run on the JVM and use the standard Java libraries are an obvious target if they implement the library interfaces in a similar fashion.

American software copyright law has something called "non-literal copying", whereby the judge decides that something looks sort of like something else, even if they're not actually identical. That means the fact that the function and parameter names and the syntax decoration aren't the same doesn't mean that it isn't a copy. That's why Google can't simply make the whole problem go away with a bunch of "sed" scripts.

Third party trolls will have a field day as these newly created IP rights become the functional equivalent of new software patents. The fact that you wrote the software entirely yourself won't save you from copyright infringement claims, including claims of non-literal copying.

In other words, if you're in the software business, be prepared to be royally screwed by Oracle if the case goes their way.

@Robert Carnegie - "It seems unlikely to me that Ubuntu can persist without providing desktop applications - they may not be distinctively different from other Linux flavours, but isn't the desktop presence what Ubuntu is for?"

Ubuntu got its space in the Linux server market by offering a good desktop version. Originally, it was just a Debian base with stock Gnome 2 with some polish and a Ubuntu theme. I expect they will go back to that model, but with Gnome 3 (the Debian base hasn't changed). They will continue the desktop because getting developers to use their desktop is a good introduction to getting them to use their server products.

Red Hat made a massive mistake when they stopped offering free access to their desktop and pointed people at Fedora (free of charge but, not the same as RHEL and with a very short life cycle). That was the opening in the market that Ubuntu jumped into and helped them get their associated server distro established.

The desktop version of the distro is just the server version with a GUI added and some different default packages. It won't take a lot of resources to take stock Gnome 3 (which Shuttleworth said they will use) and add that to the base Ubuntu distro. The community versions using the alternative desktops already do that (including an already existing Gnome 3 version). Much of the work flow is automated through Launchpad.

A number of existing and former Canonical employees have said that if you took out the mobile oriented projects which Unity is intended to support, then Canonical is profitable. The mobile efforts took a disproportionate amount of effort, and with no obvious path to success past the dominance of Android.

I expect Ubuntu to focus on servers, cloud, and IoT (server and embedded), with a well polished desktop being offered as a way of attracting and keeping a community of developers who want to use a very polished and well supported Ubuntu desktop to develop their software. If people develop their software on Ubuntu, then the newest and most up to date versions will run on Ubuntu with little effort on the part of the distro maintainers. It's more effective than an advertising campaign, and much cheaper.

Re: I wanted one...

Android has dominated the mobile phone market so thoroughly that there was probably very little chance of a third party finding a market niche. Blackberry got squeezed out, Microsoft failed after pouring money into it. Other third party vendors have made no headway.

I think that Shuttleworth faced the facts and pulled the plug when it became obvious that he wasn't going to succeed where Blackberry and Microsoft failed.

Re: Unity usage?

@Jonathan 27 - "Unity never felt quite finished, the configuration options were never there, for one. You couldn't make the launcher autohide"

The Unity launcher was auto-hide right from the beginning. They then added an option to make it not auto-hide, because so many people didn't like auto-hide. They then made not auto-hide the default but left the option for it in place for those who still wanted it.

If you want auto-hide, then in 16.04 (it's probably the same in previous versions), click on "System Settings", then "Appearance", then "Behaviour". The first option is "Auto-hide the launcher". Set this to "on". When you've set it to "on", then the controls which adjust the auto-hide sensitivity are enabled and you can adjust several different factors relating to how and when the launcher appears.

I don't like auto-hide and don't use it, but despite that even I knew where that setting was.

The auto-hide option by the way is right above the options which control where the menus are displayed, so you would have had to go right past it when you changed the menu location options (which you said you did).

This criticism was typical of 99% of complaints that I've seen with respect to Unity. They've been written by people who don't use it and know little about it.

Re: History and all

@keithpeter - "I think that I remember a spat about notification libraries as being one of the reasons for the decision to build Unity as an alternative shell as well as concerns around basic usability."

The notifications library issue came about later, as part of Freedesktop.org discussions (an organisation which was dedicated to promoting standards and interoperability between Linux desktops). KDE and Unity (Ubuntu) worked on standards for notifications and associated widgets, and Ubuntu produced a library which followed that standard. Gnome meanwhile refused to take part and then said they wanted nothing to do with it because "they hadn't been consulted" (because they had refused to discuss it - some serious circular reasoning there).

The head of KDE was quite pissed off with attitude displayed by Gnome, and gave his summary of the situation here: http://aseigo.blogspot.ca/2011/03/collaborations-demise.html Long story short - KDE felt that Gnome had a major problem with NIH syndrome and didn't play well with others. I'll speculate that some of that attitude may have been sparked by jealousy over KDE seeming to be the ones who came up with most of the good ideas. The KDE and Unity teams on the other hand focused on technical issues, avoided politics, and seemed to get along well enough.

@keithpeter - "It is worth mentioning that Canonical Design actually carried out and published the results of usability studies, albeit with basic tasks and subjects new to Ubuntu."

Yes, although I can't recall the name of the project. They went out and hired some professional UI usability consultants who produced a report which was then published and available to be used by anyone. Nobody else in the Linux world was spending that sort of money on usability by the average sort of person (as opposed to the sort who reads El Reg).

The project was called Ayatana. There are various wikis and Launchpad projects associated with it, but I don't know where the actual study is.

@keithpeter - "There appears to be very little usability research published for gnome shell that I can find;"

The Gnome developers wanted nothing to do with airy-fairy designers and people like that. Their design process consisted of someone writing some C code and asking one of their friends if they liked it. Conflicts were resolved based on who was friends with who at Red Hat.

The end result shows it. Start up Unity and there are familiar looking icons right there for you to click on so you can get started. Start up Gnome 3 and you have an almost completely blank screen and no clue on what to do next. It takes two or three times as many mouse clicks to do basic tasks in Gnome 3 as it does in Unity.

The most common tasks in Unity have keyboard short cuts (about three dozen of them) and they have a nice cheat sheet to explain them that pops up if you hold down the flag key. Gnome 3 is just starting to get around to implementing more than a handful, and if you want to know what they are you'll need some good Google skills to find the Gnome wiki.

Hover the mouse over something on Unity, and a tool tip will pop up telling you what it is. With Gnome 3 - well let's just hope you have a good memory for obscure icons.

I could go on like this for quite a while. Unity works on the principle of giving you obvious things to do up front, and making the important stuff large enough for you to see what is going one, and having explanations right there. With Gnome 3 - let's hope you like microscopic grey on black icons because you're going to have to memorise a lot of them.

Re: Makes sense

@Long John Brass - "Yes; But not quite what I was getting at, The integration I was talking about was/is things like docks, info, message notifiers and inter app messaging, gnome used to use corba and kde dBus."

What you're looking for is Freedesktop.org. It was supposed to make the various desktops more inter-operable. It was started by KDE and for a while Gnome was working with them on it. However, later on Gnome lost interest in collaborating with other desktops (apparently seeing them as competitors).

Here's what happened from KDE's perspective. http://aseigo.blogspot.ca/2011/03/collaborations-demise.html

Re: Makes sense

@Long John Brass - "The app doesn't need to know jack shit about it's desktop environment."

Yes it does. Trying to shoehorn a complex app written for a large desktop monitor onto a small touch screen is never going to work. Either everything will be too small to see or else windows will get cut off and controls won't be reachable. Look at the disasters on the early netbooks with applications that weren't written for small screens.

@Long John Brass - "I believe that there is now a way for gnome and KDE apps for example to co-exist on one desktop"

You always could. You just had to have the correct libraries installed, which any decent Linux package manager handled completely automatically when you installed the app. Usually the only way that you knew you were using an app from "the other" desktop was by the fact that the theme didn't match perfectly and that the names of the KDE ones usually started with a 'K'. You could have both Gnome and KDE desktops installed, and switch from one to the other and still have all the same apps automatically show up in both sets of menus and run just fine. Some distros (e.g. Mandrake) used to install both Gnome and KDE by default, and have even more as an option.

That's got nothing to do with desktop versus mobile though. The latter relates to a different physical environment and different available modes of interaction.

Re: Good

@Mage - Unity wasn't a "single" GUI. There were two different GUIs - one for desktop and one for mobile. They had common visual elements and certain shared features, but they were two GUIs. The system had both and was intended to bring up the appropriate GUI depending upon the mode it was being used in. This was not part of the current shipping desktop Ubuntu, which still uses Unity 7 and X.

Application developers who wanted the same app to work in both environments were expected to write two GUIs, one for desktop and one for mobile, and the system would show the appropriate one, again depending upon current mode. The GUI tool kit was designed to support this dual mode.

In other words, it was the complete opposite to the approach that Microsoft took with Windows 8.

I suspect that Apple will eventually do with the iPhone and Mac what Ubuntu attempted to do with Unity, and their fans will ooh! and aah! at the latest Apple "innovation".

The original version of Unity was for netbooks. However, the current version is definitely not, even though they re-used the name. They just took the name and the look of the launcher and came up with a new interfaced designed for desktops. The main ideas that survives from the older Unity is having the launcher/dock on the left, as this fits modern form factor monitors better, and also using this to make the icons bigger and do double duty as dock and application switcher.

The current incarnation of Unity came about in reaction to the complete usability disaster that the early versions of Gnome 3 were. Ubuntu didn't want to continue to ship old versions of Gnome 2 like many other distros did, KDE was still in the throws of their own long running self-created version transition fiasco, and the other potential desktops had a look and feel from a decade before.

Hence, Ubuntu rummaged through the cupboards and cobbled up a new version of Unity. The early versions were rough, but Gnome 3 at the time was so bad that people widely predicted that Gnome was going to die off from lack of users. Gnome had to kill off support for Gnome 2 to get users to "upgrade" to 3.

Eventually, there was some change at the Gnome Foundation. They abandoned some of their more hallucinogenic inspired UI visions, borrowed ideas heavily from Unity, and came up with something that was at least somewhat usable.

Linux Mint came about as a reaction to Gnome 3, not as a reaction to Unity. The Linux Mint founders also thought the Gnome 3 developers were on drugs, and wanted an interface that looked more like Gnome 2. Originally it was just a set of extensions that re-skinned Gnome 3 radically to give it a different appearance and function (the end result looked nothing like Gnome 3).

However, changes to Gnome 3 kept breaking the Mint extensions, causing them to look elsewhere for a new desktop, hence what they currently have (which were also started in reaction to Gnome 3).

Linux Mint was based on Ubuntu for the same reason that a number of other distros are. Ubuntu offers a good compromise between solid but out of date Debian Stable and bleeding edge Debian Unstable.

The main reason that Unity was never used outside of Ubuntu was that Canonical never put the effort into separating the Ubuntu specific features from the generic features. If you pulled in Unity straight from Ubuntu, you also pulled in a lot of unrelated Ubuntu specific features and services. Nobody else wanted to do the work of maintaining a hard fork if Ubuntu weren't going to make that generic version the one they worked from, and Ubuntu weren't going to slow down and backtrack on their own development to make that possible. Hence, it wasn't practical to put Unity into Debian, and without there wasn't any practical way for the secondary distros based off Debian to offer it.

If Ubuntu had separated Unity better from Ubuntu specific features early on, then it may have been able to expand into the vacuum that the early versions of Gnome 3 left. Instead MATE (available on 2 dozen distros, including Ubuntu) filled that role.

Re: Mir -> Wayland then?

The whole point of Mir was that it was to be more focused on mobile than Wayland was, There's no point to Mir if Ubuntu Phone is being binned. They'll just use Wayland.

I can see the rational for focusing on the server and desktop markets, given how Android utterly dominates the global phone market. Ubuntu Server is doing well, so they will focus efforts on that and on IOT.

However, I will miss the Unity desktop on my PC. It's modern without being as radical as Gnome 3. I hope they will do something to improve the usability of Gnome when they switch to it.

Ubuntu started off as Debian with more polish. It looks like they're going back to their roots.

Re: Swings and those other things

I've never had problems with CUPS or printer drivers. I've always just plugged the printer in and hit print and it printed. No installing drivers, no selecting drivers, nothing like that. Somehow, it always just knew what the printer was and did everything needed without having to ask me.

With regards to how many people stick with the default Ubuntu desktop, from the data that I've seen, the overwhelming majority of them do. I used to collect user agent data from various public sources to analyse how usage versions of various Linux distros changed over time. There was virtually no correlation between actual usage and how often any distro or flavour was mentioned in various forum posts.

It is very likely that the average Linux user doesn't spend much time commenting on his or her distro in on-line forums. They just want to focus on their real interests, which isn't centred around Linux for its own sake. They would be the sort of person who would stick with the major distros and accept the defaults while they got on with doing what it was they got a computer for in the first place.

On the other hand, the sort of person who is interested in Linux for the sake of itself is also likely the sort who is motivated to try out various more obscure distros or flavours or desktops, spend the time to debug, configure, and learn about them, and then talk about them in on line forums.

I know several Linux users personally, and doubt that most of them are aware that other Linux desktops even exist. Those ones all use Ubuntu (Unity) by the way. They're just average people who got fed up with Windows Vista or Norton Anti-Virus and got a friend to install Ubuntu for them so they can browse the Internet and do their email without aggravation. Of course they're the sort of person whose never even heard of The Register, let alone comment here. I know of at least one person who I'm pretty sure is still convinced that she's got a pirate copy of Ubuntu because she didn't pay for it.

The few people who use Fedora or Suse something like that at home are all in the IT business and use RHEL on servers at work. I've never met anyone who uses Mint, despite reading posts about it all the time.

Re: It's confusing

@frank ly said: "I'm having difficulty undertstanding all that. 'Robot', 'unit', 'section', 'fixture', .... are robot/unit and section/fixture the same thing? "

The "robot" will be the big mechanical arm which moves about. In this case the manufacturer will be either Fanuc or Nachi. Those are two different robot companies, so it's hard to understand why both are involved unless of course both brands of robots were present.

Lincoln Electric makes welding equipment. The robots may have had Lincoln welders on the end of their arms, or they may have been loading parts into equipment that had Lincoln welders.

A "fixture" will be a unit of custom tooling that is machined to hold and clamp the parts being manufactured. The fixtures would be attached to the frame of the work cell, or to the end of a robot arm.

A "unit" or "section" would be subdivision of the larger overall production line. Those are not necessarily the terms used by the manufacturing companies, they may be just names made up by the lawyer. The sections being labelled "130" and "140" doesn't imply that there are 140 or more "sections". The work cells may be divided up into smaller sub-divisions, and there may be an implied decimal such that it was the 13th or 14th "section", or even the 1st section. You would have to see the electrical and mechanical layout to understand how it was labelled.

The overall production line will have been built in sections at the integrator, run off and approved by the customer. Then the sections would have been unbolted and unplugged from one another, put on trucks and shipped to the customer where they would have been bolted and plugged back together, tested, etc.

Flex-N-Gate appears to be the company that owns the factory in question. They're a large automotive parts manufacturer with multiple plants, and this is one of them.

Prodomax is a large Canadian automation manufacturer located north of Torronto. Their role in this will have been to design and build the production line. They would have bought the robots and loads of other components and designed them into the production line, built the framework and tooling, done loads of wiring, written software, etc. Fanuc, Nachi, and Lincoln Electric would likely have had very peripheral involvement in the actual project.

I've done business with Prodomax as a customer (although not recently), and they were a well run very professional organisation. They've won awards for being a well managed company. The chances that they did anything dodgy or cut any corners on safety are pretty slim, although it is of course impossible to discount some sort of human error.

If their customer was in Ontario, the equipment would have had to go through a formal safety review by a certified safety engineer (usually an independent third party consultant). I don't know what Prodomax does, but I do know that other Canadian companies won't sell equipment to US customers without a similar review simply because of legal liability reasons. I know of at least one small automation company who stopped doing business in the US because the cost of liability insurance there was too high to make it worthwhile when they could pursue business opportunities elsewhere.

Normal safety practice in a case where you are entering a work cell such as this to do maintenance is to lock out the equipment power switch with a padlock for which only you have a key. If there are multiple people involved, there are special attachments which allow multiple individual padlocks to be attached. If you go home and forget your padlock, then your supervisor has to talk to you on the phone and confirm your presence there before cutting the lock off with a set of bolt cutters.

In cases where you need the robotic equipment "live" to diagnose a problem, then you would insert a key into the machine somewhere to change the mode, and plug in a "three position switch". This would be a hand-held device, sometimes built into the robot teach pendant, which only allows the robot to move in very slow motion if the switch is in a middle position. If you let go of it or squeeze it too hard, the slow moving robot is disabled. This is a standard feature built into the robot itself, and is very reliable.

The reports say that the person in question worked in the maintenance department. As such, she should have been well trained in safety procedures. The equipment will have come with extensive manuals (not that anyone generally reads such things) which would have covered this. Whether she was authorised to enter the machine at that time is of course one of the questions which will likely be raised in the lawsuit.

The reports say that her duties involved adjusting the robot and tooling. Quite likely, she was the person whose job it was to tweak the robot to adjust for variations in the incoming component dimensions or material to deal with quality issues.

The reports are unclear, but it is quite possible that multiple different groups of people were working on different tasks in different parts of the work cell, and one group triggered an adjacent robot to cycle when she was in the machine working on another. Normally I would have expected her to lock out the adjacent robot before working on her own. Why that didn't take place is a very good question, and one that can probably be only answered by the supervisors working for her employer.