* Posts by JohnFen

5648 publicly visible posts • joined 20 Feb 2015

Oracle gets a bit touchy-feely as CEO Catz shares a digital transformation bedtime story

JohnFen

What I do

> Just what is it you lot actually do anyway?

What I do is avoid Oracle products and services to the greatest degree that I can.

Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy

JohnFen

Re: Possible? Yes. Probable? No.

Yes. And even worse than that, the additional attack surfaces are being manned largely by people who don't generally have system security in the front of their mind, and often don't know how that should inform their behavior. So those are particularly vulnerable attack surfaces.

JohnFen

Re: I'm baffled

Just to be clear -- I'm not either. I don't use them. But there's no denying that there are plenty of people who choose differently.

JohnFen

Re: I'm baffled

> Yet people seem to accept mobile banking and paymemt systems are secure.

Yes, they do. Those systems represent tradeoffs between security and convenience, and people are deciding that the tradeoff is worth it to them. That's fair -- we all decide the level of security that we're comfortable with. Elections are different, though, in that security risks with election systems involve everyone, not just individuals with accounts.

> Make yer minds up, either it is possible to make secure mobile apps or it isn't.

I think my stance was clear -- my mind is made up. It isn't possible to secure mobile apps to the degree that is necessary for election systems.

JohnFen

I'm baffled

I'm utterly baffled that anybody thinks that a mobile app being involved in an election process is anything remotely close to being safe or secure. That's even worse than electronic voting machines.

Don't break your swanky new Motorola Razr, you probably won't be able to get it fixed

JohnFen

Re: I wish they brought back the original V3i RAZR

Yes, I've looked at them and they seem like fine phones! They're already on my list of possibilities.

JohnFen

Re: I wish they brought back the original V3i RAZR

> I think just re-releasing the original, upgrade to current radios and screen technology, would probably sell out in no time.

If they did that, I'd buy one today.

Not a Genius move after all: Apple must cough up $$$ in back pay for store staff forced to wait for bag searches

JohnFen

Re: Minimum wage?

And be triply skeptical when "average" wages are cited rather than "median" wages.

JohnFen

This was a ruling in the California state supreme court. While Apple could technically appeal to the US supreme court to hear the case, unless it involves federal law in some way, or a dispute between the states (and this does not appear to involve those), the US supreme court will almost certainly refuse to hear it.

JohnFen

Good

It's great to see a company, particularly a large company, get slapped for this sort of behavior. It should happen more often.

Git your coat – you've pulled: Standalone command-line interface for GitHub hits beta

JohnFen

Re: Invented by Linus Torvalds, sure

> Github is hammering home that this original git working model is dead and buried.

Not hardly. I use Git heavily, but I won't touch Github with a ten foot pole (the reasons I abandoned Github are not only still there, but increasing). There is nothing they can do that would kill the original model of git for me. They're only affecting users of Github, which doesn't constitute anywhere close to the majority of Git users.

Huawei to the danger zone: Now Uncle Sam slaps it with 16 charges of racketeering, fraud, money laundering, theft of robot arm and source code

JohnFen

Re: Wow, DC is really out to get Huawei...

Yes. Unlike the claims the US makes with regards to the 5G nonsense, it will have to actually have solid evidence for these claims.

The possibility remains, of course, that the US has no such evidence and are just harassing Huawei. They could drag Huawei through the courts for a long time without such evidence. Ordinarily, I wouldn't think this was a likely scenario, but given the the weird hardon that Trump has for trashing Huawei, this seems like a possibility.

After just one phone, Essential Products ascends to the great venture capitalist in the sky

JohnFen

Ahead of its time isn't a good thing

> the first to market with notches and edge-to-edge displays while other manufacturers were still desperately clinging to chunky bezels.

Two trends in modern phones that I consider terrible and dissuades me from purchasing them.

Crypto-upstart subpoenas Glassdoor to unmask ex-staff believed to be behind negative reviews. EFF joins the fray

JohnFen

Re: Business Model

> Kraken does not know if the people that left the reviews are ex-employees who signed a non-disparagement contract taking away their legal right to speech.

Correct, which is probably why they want Glassdoor to reveal the identities, in order to make that determination. Also, it's established law that non-disparagement clauses in contracts (in the US) cannot restrain people from stating their opinions. In other words, the clause can prevent you from saying "the company is criminal", but not from saying "the company behaves in a way that I consider intolerable." Well, they can say they do, but courts cannot enforce that because it's a first amendment violation. That's the case that the EFF is making.

JohnFen

Re: Business Model

In this case, they're suing because the people who left the reviews are ex-employees who signed a non-disparagement contract. Kraken is alleging that those review violate that contract. That isn't any better, but it isn't a case of Kraken suing a customer for leaving a bad review.

JohnFen

Thanks, EFF!

I have yet to feel that I'm wasting my money by giving the EFF a regular monthly donation.

Startup Mycroft AI declares it will fight 'patent troll' tooth and nail after its Linux voice-assistant attracts lawsuit

JohnFen

Re: Startup Mycroft AI declares it will fight 'patent troll'

> Does anyone in the US sometimes worry that this kind of shenanigans might act as a damper on innovation and new ideas?

Yes. And it's not "might" -- it absolutely does. I can't even count the number of times I've encountered people who had fantastic ideas but decided not to pursue them because of the fear of tripping over some bogus patent or another.

Uncle Sam: Secretly spying on networks around the world without telling anyone, Huawei? But that's OUR job

JohnFen

The harder the US pushes on this

The harder the US pushes on this, the more ridiculous it looks.

Netgear's routerlogin.com HTTPS cert snafu now has a live proof of concept

JohnFen

A twofer!

Since I neither use Netgear's stuff nor do I ever allow the likes of service workers to be used, I am comfortable that this doesn't affect me. But it does reinforce that I win by avoiding both of those things!

You, FCC, tell us again why cities are only allowed to charge rich telcos $270 to attach 5G tech to utility poles?

JohnFen

> If the citizens want 5G, they're not going to be happy with the city pushing the costs up.

Correct, which means that the citizenry will force the city to levy smaller fees. If the citizens don't care (and, at least in my part of the country, most couldn't care less), then everything's good. I don't see the problem here.

> Unusually, the FCC seems to be doing its job here, lowering the barriers to tech rollout.

That isn't the FCC's job.

JohnFen

So what?

> Portland might not think its additional fees were too much but if every other city in Oregon were making similar demands or nationwide, this is prohibitive.

So what? If cities set the price so high that nobody is willing to install the system, then the system doesn't get installed. That seems like the sort of thing that cities should have the right to decide. The FCC is acting like rolling out 5G is some kind of national security thing that needs to be forced on everyone. It is not, and it shouldn't be.

Built to last: Time to dispose of the disposable, unrepairable brick

JohnFen

Re: "something more durable – with upgrade paths"

> However continuing miniaturisation has now made all of this impractical

It really hasn't. It's as practical as it always has been. The only difference is that you need to learn a slightly different skillset than with the older through-hole components.

Personally, I find working with modern SMD components easier than working with though-hole components in a ton of ways, and I have poor eyesight.

JohnFen

Re: This has always been my expectation

> You must be quite young.

Why, thank you! But I'm the opposite of young. When I first learned to program, I did so on punched cards (not kidding!)

> 10 years of life might of been doable in some cases, but system speed increases and RAM requirements were rolling in much faster than they have been since about 2000.

You're talking about a different thing than I. I was talking about how long the machine will continue to function, not necessarily how long you actually use it. That said, I've never owned a machine that I stopped using before it broke badly enough to not be worth repairing. When I needed to replace it with something faster, I'd just put the old machine to a different use. I still have a couple of machines that were manufactured in the '70s that work just fine today. 10 years is nothing.

JohnFen

Re: "something more durable – with upgrade paths"

> Once upon a time a fridge was repairable, a dishwasher was serviceable

In the last year, I have repaired both my fridge and my dishwasher -- so they're both certainly still serviceable.

JohnFen

Re: It's not just Laptops and Smartphones

> Hence service departments that actually repair things disappear, and the need for service manuals (which if any good are expensive to produce) disappear too.

For my key pieces of equipment, I'd absolutely pay some exorbitant amount for a good service manual. It would have quite a lot of time.

JohnFen

Re: agreed

Yes, but the internal ones are much better.

JohnFen

This has always been my expectation

> We'll still consume lots of kit, but expect it to last out the decade

I have always expected the kit I buy to last at least 10 years (with periodic minor repairs). I've rarely been disappointed, and the few times that I was meant that I didn't buy more gear from that manufacturer.

My current smartphone is 6 years old, and my primary laptop is well over 10 years old. Both are still going strong, just as they should be.

Google's second stab at preserving both privacy and ad revenue draws fire

JohnFen

Re: "insisting that people do prefer targeted ads over untargeted ones"

> but what that actually means is they prefer more relevant ads.

So much this. And "relevancy" is context-dependent. If I'm on a tech site, an ad for related tech is more likely to be relevant to me at the moment than one that isn't, regardless of my other interests. Plus, I don't block ads -- I block tracking. If a site is showing ads that don't rely on Javascript, then those are ads that I'll actually see, regardless of relevancy.

But I can't help but toss this in -- if the price for privacy is that ads aren't relevant to me at all then that's perfectly fine by me.

JohnFen

Re: THE place where people get content from millions of sites without paying

> I guess the problem today is that nearly all the web advertising is the equivalent of the inserts in the mags

That's not the problem I have at all. The problem I have is the spying that comes with the ads. If print magazine advertising spied on me, I would have had the same reaction to that as well.

This effort by Google is intended to preserve their ability to spy. They just want to move where the data being collected is processed from their servers to your machine, that's all. Doing that makes it no less objectionable.

JohnFen

Re: Squaring the circle

> I don't generally walk about naked in public, but there are people who I'm OK with seeing me that way.

Right -- the people you've given permission to see you naked.

> If Google can insinuate itself onto that list of "select people" - if not for you, then at least for a significant number of its users - then it can totally square that circle.

If someone has not given Google their informed consent, then Google has not squared that circle even if a significant number of its users have given such consent. Google is still being abusive to those who haven't.

JohnFen

No no no

> the system depends on Web Bundles (websites packaged as a file),

"Web bundles" are an absolutely terrible idea that needs to die. That they may be used in order to further erode privacy makes them even worse.

> that new APIs are "a necessary part of the broader goal of stopping tracking on the web."

No, they're not. This is a bit of a disingenuous argument. They may be a necessary part of finding a way for Google to be able to continue doing business as usual while reducing tracking, but they're certainly not necessary to top tracking.

> He maintains that the client-side JavaScript from advertisers would not be allowed to touch the surrounding page or network.

Perhaps. But can that JS phone home? Can it collect data (such as for fingerprinting purposes)?

> "I think something like TURTLEDOVE is feasible, and is necessary for dropping 3p cookies without trashing web sites' ads revenue,"

That may be the case -- Google seems to be trying to drop third party cookies while replacing the functionality of third party cookies -- which pretty much makes dropping those cookies pointless. Personally, I couldn't care less if web sites get their revenue trashed because they're reliant on this sort of advertising. This sort of advertising is an attack on users, and sites shouldn't be able to benefit from it. Of course, we all know that by "sites", what Google means is "Google".

I've been following what the online marketing press and sites have been saying about all of this, and it's getting even more frightening and antagonistic. What they're talking about now is coopting sites that require users to log in with accounts, so that the marketers can make use of that first-party data themselves. What this means is that those of us who are concerned about privacy need to stop having accounts on such websites.

These truly are the end times for TLS 1.0, 1.1: Firefox hopes to 'eradicate' weak HTTPS standard by blocking it

JohnFen

Re: Evenhandedness

> The problem is that most admins of those servers either dont give a damn or their managers dont give a damn

I understand. I don't think that fact justifies these sorts of actions.

> And the only way to force that is to break the servers at the browser.

So don't force it. The browsers breaking shit just to force the hand of others is unacceptable.

JohnFen

Evenhandedness

Since I admonish Google for being heavy-handed in similar ways, I'll admonish Mozilla as well. It is not the web browser's role to decide what is or is not acceptable, and I resent it when they do.

Fortunately, I use neither Chrome/Chromium nor the "modern" Firefox (in small part because of this sort of nonsense), so this won't affect me. But it irks me just the same.

Astroboffins may have raged at Elon's emissions staining the sky, but all those satellites will be more boon than bother

JohnFen

Re: Permission?

Yes, that was what I was referring to when I mentioned "ground stations".

JohnFen

Re: Permission?

> Space is not owned by America (much as they think it is), it is available to all nations.

True. But what Musk needs US licensing for isn't the use of space, it's the use of US ground stations and launching points. No US permission for anything is needed if neither of those things will be used.

JohnFen

Re: Jamming

> In practice not without the whole world knowing that you're doing it.

Nations that restrict internet access don't keep it a secret as it is. I don't think that they'd care if the whole world knows they're jamming starlink signals. Doing so wouldn't be illegal, after all, as the nations can make whatever laws about this that they wish.

JohnFen

Re: This is where we are now

> the solution is simple if these thousands of new satellites are an issue: install fast, affordable fiber internet everywhere people live.

No good. Doing that won't make Musk even richer.

JohnFen

Re: An interesting point of view

This fact is the only thing that gives me hope. If we manage to stop this madness, then we aren't going to be stuck with all of the satellites already deployed for very long.

JohnFen

Re: This is a small cost for saving the world

> We can mitigate the astronomical inconveniences and it will be a small price paid if it helps keep that 'non-dystopian future' option alive.

This isn't going to do that.

And precious little of what I see Musk doing can realistically count as working to "save the world". He a rich boy playing with rich boy toys. In his defense, if I had Musk's money, I'd do many of the same things -- they're cool! But I wouldn't try to fool others into thinking it was for altruistic reasons.

JohnFen

Re: Nuts

> they're all feeling the pinch of Skylink being competition they can't shut down

No, they're not. The radio signals to and from these satellites will be trivially easy to block or jam. Nations that want to prevent access to them won't have a problem doing so.

Google Chrome to block file downloads – from .exe to .txt – over HTTP by default this year. And we're OK with this

JohnFen

Re: Serious overreach

People ignoring warnings is not a problem the browser needs to take extreme actions to fix. At some point, everyone needs to be responsible for their own actions.

JohnFen

Re: Annoying tho

> I fear that in a few years we will be down to Chrome and Firefox. And a few years after that to just Chrome.

Indeed. Already, large portions of the web are unusable unless you're willing to enable JS (and thus expose yourself to spying). Those sites are unavailable to me already.

Sites that only work with Chrome or Firefox are equally unavailable to me. If there are no sites left that can work with other browsers, then the web becomes nonexistent to me entirely.

I do completely expect that this will happen in my lifetime. It's too bad. It was a good run while it lasted.

JohnFen

Serious overreach

I'm not OK with this, but since I don't use Chrome anyway, that doesn't matter.

This sounds like serious overreach on Google's part. Warning people is fine -- admirable, even -- but not allow insecure downloads at all? That's going a lot too far.

Oi! You got a loicence for that Java, mate? More devs turn to OpenJDK to swerve Oracle fee

JohnFen

Re: How much code did you bin?

No, it was reimplemented, not ported. This was necessary in order to maintain reliability, maintainability, and performance.

The amount of code was not monumental, but it was significant. The reimplementation was performed by three engineers working for about 6 months (including QA).

JohnFen

There's got to be Huawei we can defeat Chinese tech giant, thinks US attorney-general. Aha, let's buy stake in Ericsson and Nokia

JohnFen

Re: Ignorance-fuelled decisions

> it's capabilities, not intentions that matter here.

But if that's the case, then no nation should be using tech from any other nation -- because they all have the capability to do this sort of thing.

JohnFen

Re: Hardly the US way, is it ? State subsidies and all that.

Oh, this is entirely the US way. As used in the US, "socialism" is largely meaningless -- it's just an an insult on par with "asshole". In practice, the US doesn't mind "socialist"-flavored policies as long as it benefits large corporations, particularly if it only benefits large corporations.

JohnFen

It makes me smile

It makes me smile to see the impotent rage that this issue has elicited from the Trump administration.

Hey GitLab, the 1970s called and want their sexism back: Saleswomen told to wear short skirts, heels and 'step it up'

JohnFen

Re: " Joke What's the difference between a kilt and a skirt?"

But times, they are a-changin'!

While it's still reasonably rare, in my part of the US kilt-wearing has become common enough that it no longer raises any eyebrows.

JohnFen

> but being told what to wear does go both ways.

In my view the issue isn't that a dress code was specified, it's that "short skirts and high heels" were specified for the women. In other words, they're being told to sex it up. If they'd just said "dress is business casual" or somesuch and left it at that, there would have been exactly zero problem.

But, really, the deeper problem isn't that short skirts & heels were specified, it's that nobody saw that this was a bad thing to do.