* Posts by dajames

1666 publicly visible posts • joined 20 Mar 2011

Stolen Microsoft key may have opened up a lot more than US govt email inboxes

dajames

Re: Shouldn't such keys only be issued

On PCs not connected to the internet and kept in a secure location in Microsoft HQ?

Those who've heard of security generate their top-level keys (the keys used to sign other keys) inside dedicated tamper-proof hardware security modules. The keys can then be used inside the said modules but not exported in any way (except perhaps in an encrypted backup).

... but this is Microsoft we're talking about here ...

Samsung’s midrange A54 is lovely, but users won't feel seen

dajames

Screen too large ...

Well, no, I like big screens (with proper corners and no notch) ... but I like small phones. The madcap rush to bigger and bigger phones is leaving an increasingly large sector of the market with nowhere to go.

Please Samsung (and others) make a smaller version with a screen of no more than 6" for those of us with normal pockets!

You're too dumb to use click-to-cancel, Big Biz says with straight face

dajames

Re: Requiring 'simple' cancellation is a difficult standard for businesses to implement

Though in that instance, using the word "cancel" twice could be misleading!

Ah, yes ...

Do you wish to cancel?

Click continue to continue cancelling, or cancel to cancel.

Funnily enough, AI models must follow privacy law – including right to be forgotten

dajames

Re: 7 Data Protection Principles

Maybe, just maybe, that 'hard-to-forget' is a design feature....

I don't know ... methinks the people doing this so-called AI research find it hard enough to get machines to learn at all. I don't think unlearning is even on their radar, let alone something they've deliberately made hard.

Microsoft injects ChatGPT into 'secure' US government Azure cloud

dajames

Re: My arse

Microsoft said it won't be specifically using government data to train OpenAI models ...

One wonders how the system will be able to generate answers that have any relevance to a government context if it has only been trained using non-government data.

Garbage in, garbage out.

Google changes email authentication after spoof shows a bad delivery for UPS

dajames

Re: Bug/Vulnerability or just bad implementation?

This touches on the problem of SPF as a whole (it breaks relaying).

Absolutely!

SPF is better than nothing (maybe) and is easy to set up, compared with DKIM and the others, but it certainly brings problems of its own.

BOFH: Good news, everyone – we're in the sausage business

dajames

Re: gigaspandrels

1 spandrel - unit of exactly what? Codswallop? Bollocks? Skulduggery? Chicanery?

Just as jokes are funnier if you don't try (or need) to explain them, technobabble sounds much more impressive if you don't try to assign meanings to the terms of its art.

Plagiarism-sniffing Turnitin tries to find AI writing by students – with mixed grades

dajames

Doesn't add up!

To maintain a less than one percent false positive rate, we only flag something when we are 98 percent sure it is written by AI ...

It's hard to be sure with marketroid BS like that, but I think they're saying that 98% plus 1% is 100% ???

NIST says you better dump weak SHA-1 ... by 2030

dajames

Re: Trusted for deduplication too

Some will say that the odds of a SHA-1 collision for file deduplication are an impossible 1 in 2^160.

For an accidental collision, for any 160-bit hash algorithm.

The reason for discontinuing the use of SHA-1 is that the algorithm itself is broken. It is possible to engineer two messages that have the same SHA-1 hash, and to do so much more quickly than searching through all possible messages until two with the same hash are found by coincidence.

That is why the algorithm is deprecated.

Voice assistants failed because they serve their makers more than they help users

dajames

Re: Concept flawed.

Voice recognition and AI turn a simple request into a case of Chinese whispers. "Send me two and sixpence I am going to a dance" could turn into the start of a war.

You'll probably cause it to melt down! Everyone knows you need three and fourpence to go to a dance.

Linux kernel 6.1: Rusty release could be a game-changer

dajames

Re: The programmer's fault

This doesn't suddenly make C bad, it's just a tool after all ...

A chisel is just a tool. It needs to be sharp to cut wood, and that makes it dangerous.

If you had the choice of a chisel or a magic tool that would cut wood but not flesh you wouldn't choose to use the chisel. You'd say that the other tool was "better" because it wasn't so dangerous, and you might therefore say that the chisel was worse. You might even say that it was a bad tool.

Context is king.

Google says Android runs better when covered in Rust

dajames

Re: Unisys MCP Algol Heap Memory

Once again for the hard of understanding, there is no freeing from the heap unless the Algol 68 implementation implements garbage collection, which was unspecified in the Algol 68 standard.

Do you know of any real-world Algol68 implementation that did not implement a garbage collector?

Asking out of interest, because I've used several, and they all did.

dajames

Re: Good To Hear !

The only version of Algol which had heap allocation was Algol 68, which was a failure.

Algol68 was not a failure. It was a language so far ahead of its time that it was widely misunderstood and unjustly condemned as being "too complex". It was, however, a highly effective, efficient, and readable language that was used for production code all over the world for some years.

It was a language that was widely reviled by some vendors (IBM, in particular) as competition for their own compilation tools (PL/1 in particular).

It was a language that has been a major influence in just about every language developed since, from C++ to the bash shell.

I wouldn't suggest trying to use a 50-year old language for anything today, but don't write it off as a failure, and do understand that if it was a dead end that was because it was sidelined by commercial interests in other toolchains.

Modesty forbids me to suggest that readers might find it interesting to read a short retrospective on the language that I wrote, to celebrate its 50th anniversary, in Overload, a journal of the ACCU.

Mozilla, Microsoft drop TrustCor as root certificate authority

dajames

Re: Trust and CA's

I have no business with the CA and trust it less than i trust my bank so why should the CA be in a position to tell me whether my bank's certificate can be trusted?

The idea is that the CA's are so well-known and so universally trusted that the trust is implicit.

If a CA ever did anything that showed it to be untrustworthy then that implicit trust would be withdrawn and they would cease to be trusted by default as a CA.

... which is what's happening here.

I say "by default", above, because the fact that the CA's root certificate isn't handed to you as a de facto default, trusted, certificate doesn't stop you adding it to the browser's certificate store yourself.

Windows 10 – a 7-year-old OS – is still having problems with the desktop and taskbar

dajames

Re: Maybe it's time for M$ to shitcan half its workforce as per the current trend?

Surely their products couldn't get any worse?

Doesn't that depend on which half of the workforce they keep?

UK comms regulator rings death knell for fax machines

dajames

... some form of web portal like Docusign ...

Docusign, as far as I can tell from the limited information that Docusign themselves admit to on their website, depends on Docusign agreeing that a user agreed to sign a document, and Docusign themselves adding a name in cursive script to a PDF.

So, if Alice wants Bob to sign a document she uploades a PDF to Docusign and provides Bob's EMail address.

Bob follows the link in the EMail. Docusign ask him to create an account (if he doesn't already have one) and to log in. There is NO security in this process.

Docusign then show Bob a document they say is the one Alice uploaded. They could be lying. Bob agrees to sign it and provides the name he'd like to sign with. Docusign add that name, in a cursive font so the world can see that it's a 'real' signature, to the PDF. There is NO security in this process.

As far as I can tell there is NO cryptography in this. The "electronic signature" created by Docusign is not a digital signature as we would understand it. There is certainly NOT any RSA or DSA private key that is in Bob's possession and nobody else's.

If someone later challenges the signed document, the only way to prove that it is genuine is to ask Docusign, who will confirm that someone claiming to be Bob logged into an account that was created on-the-fly for Bob and agreed to the contents of the document. That is, if Docusign haven't gone bust by then, as they richly deserve to do if their service is really based upon such snake oil.

To make this computer work, users had to press a button. Why didn't it work? Guess

dajames

Re: Press the button

Low and behold makes no sense

I take it you've never been in that embarrassing situation where you slip on some wet straw as you walk into the cow shed, and the cows all make a noise and look at you?

Aerobot designed for hell-world Venus first braves something worse: Nevada

dajames

Unfortunately not. IUPAC claim dibs on naming these things and they decided it is sulfur.

Sadly for them, "dibs" cannot be claimed, only awarded. Most of the world will continue to spell Sulphur/Sulfur in the way that they have always spelt it, regardless of the idiocy spouted by IUPAC.

Can you imagine the howls from the Academie Française if IUPAC tried to stop them spelling it Soufre?

IUPAC accept that Aluminium/Aluminum (Damn but it's hard to type that the way my fingers aren't used to!) may be spelt either way, why can they not do the same for Sulphur?

dajames

You spelt sulphuric wrong!

You spelt "wrongly" wrong ... er ... wrongly!

Senior engineer reported to management for failing to fix a stapler

dajames

Re: Not just in IT

Turns out there's a button next to the keyhole that you need to press to remove they key. Who knew?

Yeah, I had a hire car -- some Japanese thing badged as a Ford -- in New Zealand, once, that had that ... feature. So annoying. So embarrassing.

BOFH: The Boss has a new watch – move readiness to DEFCON 2

dajames

"Disinterested" does not mean the same thing as "Uninterested"

... but I wouldn't expect the PHB to know that.

Linus Torvalds's faulty memory (RAM, not wetware) slows kernel development

dajames

Worth noting that all recent AMD CPUs support ECC except Ryzen CPUs with built in graphics (eg Ryzen 5600G).

My Ryzen 7 Pro 4750G supports ECC, that's why I chose it. Perhaps it's the "Pro" bit that makes it different, or maybe it's not quite as recent as you meant?

The motherboard is an ASUSTeK PRIME A520M-A, by the way.

Biden's Privacy Shield 2.0 order may not satisfy Europe

dajames

Restricting how signals intelligence can be gathered by US spy agencies ...

What the spooks do isn't really the point. If the spooks want our data they'll probably get it, possibly by asking our own spooks for it.

The real point is that commercial entities outside our own jurisdiction will get their hands on our data and we will have no legal mechanism to prevent them from monetizing it against us.

Is it time to retire C and C++ for Rust in new programs?

dajames

Re: Real programmers

These are schoolboy errors - if you’re competent and disciplined enough, you just don’t do this sort of thing.

EVERYBODY makes schoolboy errors from time to time. That's why we continue to improve programming languages so that errors are harder to make and easier to detect. Both C++ and Rust are much better than C in this regard.

dajames

Being able to consume C code *is* its most important feature of C++.

Well, it is and it isn't.

C++ would never have taken off had it not been readily compatible with the huge existing C codebase so, yes, that's immensely important to the fact that C++ exists today ... but it's hardly the point of the language.

The point of C++ is that it provides a higher-level abstraction than C, and greater type safety, and that it is therefore a much safer programming language. It's tragedy is that in order to gain widespread acceptance it had to be written in such a way that the vast codebase of existing C software -- much of which is poorly structured and difficult to maintain -- can be compiled as C++ code without first having to be rewritten in a safer C++ idiom.

C++ doesn't even get to tag legacy code as "unsafe", as Rust does, which would at least focus the attention on the fact that C++ doesn't have to be so.

Linux kernel 6.0 debuts, Linus Torvalds teases ‘core new things’ coming in version 6.1

dajames

I make it 31.31 with just both hands.

Are you suggesting Linus is non-binary?

Braking news: Cops slammed for spamming Waze to slow drivers down

dajames

Re: "as with removing cats ..."

What did you mean by the word "cats"?

Catalytic converters?

Internet pranksters send hundreds of cabs to Moscow street, cause gridlock

dajames

Moscow

... the other half charge off to Moscow, Idaho?

(Had to Google for those two, but I just knew that they'd exist somewhere in the USA)

You don't need to look so far afield, there's a Moscow in Ayrshire.

Microsoft extends Teams into VMware and Citrix VDI

dajames

... said OS, which I am tied to due to some work programs, is still a fucked up pile of shite which is added to every few weeks with more unneccessary crap and more bugs, adverts, telemetry, bloat instead of their engineers sitting down and sorting the fucking thing out.

Don't be shy -- tell us what you really think!

Nuclear power is the climate superhero too nervous to wear its cape

dajames

Re: Waste

FBRs assume a weapons cycle

No, not really ... FBRs assume that you have a need for more fissile material, that could be for weapons but could also be for power stations.

235U can be used for bombs, just as 239Pu can. So long as you have a source of suitable fissile material with sufficient putity you can make a bomb. you don't t need a FBR.

Yes, initially, FBRs were interesting because Uranium was thought to be scarce and governments wanted fissile material for bombs. Nowadays we know that Uranium is relatively plentiful and inexpensive, and the interest in breeder reactors is that they can be used to more thoroughly consume nuclear fuel and so reduce (somewhat) the hazards associated with radioactive waste.

dajames

Re: You fail physics forever

If it lasts for thousands of years, by definiton it's not dangeroursly radioactive.

There are a number of different factors at play. A radioactive element that has a long half-life emits radiation at a low rate, but if that radiation is particularly energetic it is dangerous.

Another radioactive element with a much less energetic decay but a shorter half-life may also be dangerous because it emits radiation at a higher rate.

239Pu has a half-life of around 24 thousand years, but that hardly makes it "not dangerous"!

dajames

Re: Deaths are not the only metric

Nuclear energy is not safe. It is not clean.

No, it isn't. Nobody's saying it is.

What people are saying is that it is safer and cleaner than alternative energy sources using fossil fuels.

We are in the unfortunate position that we have grown accustomed to a lifestyle that is expensive in terms of energy and -- not wishing to give up that lifestyle -- we need to generate a large amount of energy. We know of only so many ways to do that, and nuclear is potentially the least damaging.

CO2 will certainly render the planet uninhabitable if we continue to produce it. If we're careful and lucky radioactive waste won't.

dajames

Re: Exclusion Zone

Now, why don't you take the first step. Go and live there.

What? Are you crazy? It's in a warzone!

dajames

Re: Waste

There's still a lot of FUD surrounding power generation, most people for example think that pumped storage like the Cruachan Dam generates electricity where it is actually a net-user of electricity using off-peak energy to pump water to the upper reservoir to meet peak demand.

Actually, Cruachan claims to be 110% efficient. That is, the amount of electricity generation is 110% of the maximum possible from the water pumped into the dam because the water in the dam is augmented by run-off rainwater from the surrounding mountains.

That's what they told me on the very interesting tour, anyway.

Our software is perfect. If something has gone wrong, it must be YOUR fault

dajames

Re: UX Designer?

... unable to parse the spaces out of a credit card number.

Yeah, ... or the hyphens out of a bank sort code (I'm looking at you HMRC)!

Microsoft: Outlook desktop app crashing due to missing identity setting

dajames

Re: There is a reason it is called 'LookOut'

Round here it's referred to as "OutHouse", for obvious reasons.

Businesses should dump Windows for the Linux desktop

dajames

Then an incoming (fanboi) mayor demanded his Outlook or Nothing, so all that valuable work had to be rolled back.

As I recall the reasons were a little more commercial than that. Microsoft persuaded the incoming mayor to switch back to Windows and in return moved their German headquarters (back) to Munich.

Some overview on Wikipedia.

dajames

I suspect by this what you mean is that by default the first time a new Windows system is set up, the user details you use will be given local administrator rights.

This is why, when I still used Windows at all, I would always install the OS as a user named "Installer". I'd then create another with my own name and no administrator rights which I'd use day-to-day.

I'd add the "can debug programs" privilege (via a "developers" group), but with that I was able to do all my everyday work without touching the Installer account or the (disabled) "Administrator" account.

dajames

Re: LibreOffice is not as good as MS Office

And if management want you to send them the data which they can easily handle, without going through hoops to convert or munge it, what then?

You should probably report them to someone. Letting management have access to any data in editable form is a serious no-no!

Just send them a PDF.

Google tells Apple to 'fix text messaging' in bid to promote RCS protocol

dajames

Re: Children, Please!

Apple and Google, please agree on something so your users have a seamless experience with something as simple as text...

Agreed ... but that's the problem, isn't it? We're talking about "something as simple as text" but they're talking about "features like end-to-end encryption, high quality media sharing, read receipts, typing indicators and more."

I like SMS. Like most other mobile phone users in the UK I get unlimited SMS text messages FREE, but have to pay -- albeit not very much -- for mobile internet usage. For the things for which I use SMS I don't care about sophistications like encryption and media-sharing; I just want to send a simple short text message.

SMS uses a standard protocol that is set by the standards used by the carriers. All phones have to support those standards, at some level, as they have to conform to those standards. Deciding not to expose the protocol at app level is just perverse, stupid, and limiting.

I'm in two minds as to whether using a single app to manage SMS messaging and IP-based messaging is helpful or confusing ... but there should at the very least be a way to send a message specifically by SMS rather than any other protocol, and there should be a way to receive SMS messages.

MMS is a completely different bucket of hake. MMS is not free, and in fact is stupidly expensive. It costs hugely more to send media by MMS than by IP-based protocols, and I can't see any redeeming benefits, except that MMS may be accessible on some non-smart phones. There's a clear win for the IP-based protocols, here, but it's really nothing to do with texting.

Enough with the notifications! Focus Assist will shut them u… 'But I'm too important!'

dajames

In France, the government changes the speed limits regularly on a whim. Obviously it is not practical or affordable to change all the road signs every time the speed limit is changed. So they change some of them and leave the rest where they are and you just have to know what the legal speed limit currently is - by catching it on the news, for example.

... which must be particularly annoying if you have paid extra for your car to have a little camera that reads speed limit signs so that it can tell you how fast to drive! I understand that's a "thing" nowadays.

[SWMBO has a 6-year-old mini on which such a feature was available, but strangely she did not elect to spend the extra cash on it!]

dajames

New Road Layout Ahead

... if you're a [not] regular user of the road ... it will be meaningless as you'll have no knowledge of what it was like before the change

Not entirely. It's still a useful warning that you're about to encounter people who think they know the road layout, but don't, and who will come screaming at you out of the blue where it's not (but used to be) their right of way.

dajames

Re: It's not just the OS...

A "do not disturb, except phone calls" feature would be nice.

Android has "Do Not Disturb", and can allow alarms, calls, calls from known numbers, etc., to be exceptions. IME it works well ... and I use my phone as an alarm clock so it's plugged in right by my ear all night (otherwise I'd forget to charge it).

This is newish ... maybe Android 10 and later?

Pull jet fuel from thin air? We can do that, say scientists

dajames

If a service is no longer required, you can't repurpose the tracks.

The usual reason for rail services ceasing to be required is that the passengers or goods that formerly used that service have switched to using the roads -- because, despite the environmental impact, the roads offered a cheaper and/or more convenient means of transport.

Given that we're talking, here, about a policy of using railways in order to reduce our dependence on environmentally unacceptable road vehicles there is very little reason to suppose the rail service will ever cease to be profitable.

dajames

Re: The plan for the combustion fleet isn't to ban them from the roads

I'd say that any transport strategy that involves weaning people off of cars is doomed to failure. There is no way people are willingly going to give up the usefulness that comes with (having access to) a car.

It's certainly the case that people won't willingly give up cars -- because they are, as you say, useful.

Methinks that's the point about "weaning people off" cars, they won't give them up willingly, but can they be persuaded?

In most cases the answer is probably "no", but as society changes more people may decide that they can do without. There is some evidence that that sort of change is taking place -- young people eschewing car ownership and even not bothering to learn to drive -- in towns, at least. I don't see it extending to rural areas any time soon.

dajames

Efficiency doesn't really matter if the energy is "free", as long as it can scale to produce reasonable quantities.

True ... but in this case the syngas isn't really "free", it's produced using solar energy that could have been used to do something else, and if that something else offers more return -- higher efficiency -- then, yes, efficiency does matter.

China's 7nm chip surprise reveals more than Beijing might like

dajames

Re: Embargo

If this goes through China will eventually be crippled.

It's the corollary to the old proverb:

If you give a man a fish, you feed him for a day, but if you teach him to fish, you feed him for the rest of his life.

... but if he watches you fishing and works out how to do it for himself he will destroy your profitable fish export business within a lifetime!

BOFH: Selling the boss on a crypto startup

dajames

...data as a plural...

One thing you find where data are concerned ... there are usually a lot of them!

dajames

*bastardised*

Er, no, really not. Not according to Fowler

Wikipedia link to entry for Fowler's Modern English Usage.

I know most of us in Rightpondia like to spell everything that ends with an "-ise" sound with an 's' because it saves thinking, but when the ending is an "-ize" suffix to verb a noun-form it is a borrowing from Greek, in which it would have been spelt with a Zeta. The usual transliteration of Zeta into the English alphabet is 'Z'.

The OED records both spellings, but prefers '-ize'.

Microsoft closes off two avenues of attack: Office macros, RDP brute-forcing

dajames

Macros

That macros in Office documents cause security issues should be no surprise to anyone. These issues arise because the model is fundamentally broken -- the data and the program logic should have been made separate from the outset. That is: The macros should not have been stored in the same file as the data, but should have been made separate entities.

That way it would have been possible to send the data (only) of an Office document by EMail (or any other way) in a file that would have been readable by Office on another machine, but only as a read-only document as the logic required for recalculation would have been absent. If you wanted the recipient to be able to alter the data you would have to ensure that the recipient also had access to the macro 'program' (which, in a corporate environment, would have been pre-installed by IT services, who would have checked what it did and protected it from subsequent alteration).

Unfortunately, back in the day when Microsoft were pushing software to perform all these 'clever' tasks they had no concept whatever of security, and so lumbered us with a broken document/program model that has troubled us all ever since.