* Posts by UncleDavid

23 publicly visible posts • joined 20 Aug 2016

iPhones hook up with Windows as Microsoft’s Phone Link dials up Apple's iOS

UncleDavid

If you can get a SMS on your desktop, doesn't that blow up 2FA? If someone can log in to my PC with a password guess, and use stored passwords that browsers insist on keeping, surely they can read the 6 digits that get them into my bank account.

That's why I never enabled the Windows/Android phone link.

Microsoft is busy rewriting core Windows code in memory-safe Rust

UncleDavid

Re: "I expect Microsoft to reuse the existing compiler"

As the person led the charge to suppress games (actually my team had already done some of that), Take A Tour, Movie Maker and lots of other crap from Server 2003, and rebrand its OOB, it drives me nuts too. Until then it was basically XP with a different process scheduler. Shout-out to Bill Veghte for insisting we do it.

Here's how the data we feed AI determines the results

UncleDavid

AI output as propaganda

Here in the US, an anti-technology group has trained an AI bot on various disputed animal studies and it predicted that the WHO will declare all microwave frequencies "probably or definitely" carcinogenic next year. This would be explosive if true, and you would expect it to be reported all over (spoiler: it's not, and wireless comms isn't even on the WHO's current list of focus topics).

So the "5G will kill us all" group I'm battling in town has removed the context, or more likely read a Facebook group that intentionally removed the context, and attributed the claim directly to the WHO. I fully expect them to use it next week when we consider their proposed "stop all wireless facilities" bylaw. Even one of the candidates for Selectman (I'm in Massachusetts) seems to have bought into the idea that the WHO has an announcement imminent - and she is already on the Board of Health. The other candidate has bought into the entire "microwaves cause cancer" ecosystem. Town Meeting is going to be brutal.

Voyager 1 data corrupted by onboard computer that 'stopped working years ago'

UncleDavid

70s electronics

This made me put batteries, with added aluminium foil to make them reach the contacts, in my Sinclair Cambridge Memory calculators (early 70's) and... nothing. No red LEDs lit up. This makes me sad.

The wild world of non-C operating systems

UncleDavid

And FORTRAN IV, of all things

The first versions of the variously-named OS'es on Prime computers, apart from the necessary assembly portions, were written in FORTRAN, which seemed weird to me even at the time but became useful as we cycled through four different instruction sets. Primos added PLP (an in-house cut-down version of PL/1) for new stuff; I still have a listing of my PLP Apple LaserWriter driver. Then the language gurus came up with what they called SPL, which was an over-complicated version of PLP, but I think it was mainly a vanity project intended to exercise a new compiler-compiler technology. It sucked, but soon afterwards it disappeared along with the rest of the company.

UncleDavid

Re: What about Assembly Language?

Doing a job at Lloyd's of London I had to make some changes to the RSX-11/M scheduling fundamentals to support the transaction processing efficiently, but we asked Reading to make the change to allow parallel seeks on a bank of disk drives. Was that you?

GitHub to replace master with main across its services

UncleDavid

What about "git"?

As a British-English speaker, I'm mildly offended by the word "git". It's used as a derogatory insult. However, it does apparently derive from a Scots word for "bastard", so insert own joke about the origin of the source control system here.

Britain has no idea how close it came to ATMs flooding the streets with free money thanks to some crap code, 1970s style

UncleDavid

Re: Experienced tester.

Or they have good intentions, but it's declared a corner case, and never gets to the top of the priority list, and the dev is getting yelled at for not moving on to the next feature.

UncleDavid

Re: Experienced tester.

At Microsoft, a regular bug bash day was part of the culture. Prizes for the most bugs (subject to triage). I bet we weren't alone.

Now the tester discipline is abolished, and devs test their own stuff (with all the perceptual and prejudicial flaws called out here) I suspect the bashes are less fruitful.

UncleDavid

Re: Experienced tester.

I once had a car where you had to press one button to increase the time on the clock, or the other button to decrease it. Of course the first thing I did was press both at once. The clock switched to 24 hour display.

Had a calculator that did date arithmetic. One of the first things I tried was the square root of my birthday. I eventually figured out the three numbers resulting were my biorhythms (remember them?)

Sometimes you aren't seeing a bug but an undocumented feature or Easter egg.

GCC 10 gets security bug trap. And look what just fell into it: OpenSSL and a prod-of-death flaw in servers and apps

UncleDavid

But... But... Eric Raymond himself assured me thirty years ago that OSS meant there could be no more security flaws, because "with many eyes, all bugs are shallow". I'll just leave that there without riffing on the general concept of shallowness. He also didn't know the difference between DOS and NT. This was all at the same presentation. At Microsoft.

Cache me if you can: HDD PC sales collapse in Europe as shoppers say yes siree to SSD

UncleDavid

Re: Define primary

If you're playing the Minute Waltz in a minute, you must be using technological assistance to begin with. Quarter note (ok, crotchet) = 420? Not with these fingers.

Need 32-bit Linux to run past 2038? When version 5.6 of the kernel pops, you're in for a treat

UncleDavid

WS2003 redux

>Another perhaps more relevant question might be, why did Linux go with a signed number of seconds since "the beginning of the epoch"?

Because we all learned the lazy habit from K&R, who decided that strlen should return an int (was unsigned int even a thing in 1978?). That allowed all of us, me included, not to care very much about doing what was clearly the right thing. After all, we were never going to have more than 32,767 of anything, And an extra 9 characters is so hard to type.

Despite the bitter tone, I'm serious here. strlen in K&R C is where it all starts.

WWW = Woeful, er, winternet wendering? CERN browser rebuilt after 30 years barely recognizes modern web

UncleDavid

I have Internet Explorer 4 on Solaris

I know it was only 21 years ago, but I recently dug out a CD of the first release of Internet Explorer 4 for UNIX (I was on the team at Microsoft) and ran the self-install on a Solaris 4 image using QEMU. IE started right up and looks exactly as it did when we released, doing a decent job with images. As someone has noted, you soon run into the fact that most of the web uses https.

Q: If Pesky Pepper had a peek at patient papers, at how many patient papers did Pesky Pepper peek? A: 231

UncleDavid

Why do you define "Norfolk" for the Yanks (who could easily look it up in their favorite mapping app) and not define "surgery"? (US: "Physician's Office". No scalpels involved).

Apple's launch confirms one thing: It's determined to kill off the laptop for iPads

UncleDavid

Facial recognition, detachable keyboard, home button gone, new pen, all the power I need... Tim Cook was describing my trusty Surface 4 Pro! Apple continues on its path of being 2-3 years behind Microsoft. Perhaps I don't need to upgrade to a 6 after all.

Nominet drains mug of tea, leans back, calmly explains how to make Whois GDPR-compliant

UncleDavid

Wikipedia's use of Whois

Part of my recent rummaging in Wikipedia is figuring out whether to recommend a block on editing by IP addresses that repeatedly vandalize. To do this right, it's important to find out whether the IP is assigned to a large ISP (so probably an individual customer) or to something like a school or public library (so you are likely blocking innocent users of a public terminal, for example). Whois is the tool of choice for finding out.

Does this change mean that Wikipedia self-appointed cops and nags will have less information to go on?

They forked this one up: Microsoft modifies open-source code, blows hole in Windows Defender

UncleDavid

I agree with statements above that there is no excuse for shipping these bugs, or for violating "it ain't broke don't fix it" by changing signed to unsigned without good reason... but I do understand the instinct. Since I first encountered K&R v1, I wondered why the hell the authors made strlen return a signed integer. I could only assume they were too lazy to type the (too-long) word "unsigned". Or was unsigned not in the first version of the language? - frankly I forget.

It just makes large parts of my brain hurt when an integer that can never represent a negative quantity (string or array length being the canonical examples) is declared signed. It's sad that "signed" is the default because I'd be so bold as to say that most of the integers I declare can never go negative.

Microsoft's Windows 10 Workstation adds killer feature: No Candy Crush

UncleDavid

WS2003 redux

Ahhh... memories of the time I subverted the normal approval process and persuaded certain engineers to remove the toys, media player, and "take a tour!" from Windows Server 2003 OOB experience, which was about to launch looking just like XP OOB. Looks like they have re-learned the lesson.

User asked help desk to debug a Post-it Note that survived a reboot

UncleDavid

Remove the note!

Who among us hasn't tried to dismiss an actual physical Post-It, which they earlier stuck on the monitor as a reminder, by clicking on the top corner? Repeatedly?

OK, who was somewhat tired at the time?

Just me then.

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

UncleDavid

Re: "the SMB server bug is the result of a buffer overflow in Microsoft's code. "

"Remember when MS claimed they'd spent $Bn training their devs to not write insecure code and totally re-written the code base to eliminate these flaws?"

Never claimed to have rewritten the codebase. Everyone was made to own, and responsible for reviewing, part of the old crufty code, some of which was years old. So someone's name it on this. But these 16/32/64 confusions, and (especially) the byte/char confusion when moving from the ASCII to the Unicode days, are incredibly difficult to spot. During the NIMDA (I think) attack, their security bods posted the offending code and even then most people couldn't see it until it was explained.

UncleDavid

Why connect to the killswitch server?

One thing I don't understand about the kill switch. It seems to look up the garbage name, and then connect to the server to see it it's responding. But since the key action seems to be registering the name, then surely having DNS return a valid IP address should be enough to say "stop". There would be no need to go on with a connection; the server itself could be clogged (the more successful the spread of the malware, the more likely that it), or down for a while, so the success of the kill would be flaky.

Or is the idea that, even after the name is registered, the kill switch can be turned back on by just shutting the service down?

Microsoft has open-sourced PowerShell for Linux, Macs. Repeat, Microsoft has open-sourced PowerShell

UncleDavid

Re: "On Linux we’re just another shell"

It's an open secret that when MS converted the Hotmail front-ends from BSD to Windows 2000 (what, over 15 years ago) and post-mortemed the project, one (among several) clear shortcoming was the scripting capabilities. Geoffrey was already toying with an interpreted, scriptable .NET language, and the HM experience was one of the drivers to make it into a product. Take the existing shells, superset them and apply to Windows.