This looks like fun – it’s Mycroft, an “open source AI” (basically, Siri, Cortana, Google Now etc). It would be even better if they did the language processing locally, but at least if it’s open source you can see what it is doing. There’s a stretch goal of $125k for Linux desktop control, which would be very cool. The drive closes in six days, and they still need $10,000 or so to hit their goal. Back it today; I have :-)
Q: Could you tell me if it’s possible to make the DIR command list files in alphabetical order?
A: Earlier versions of DOS didn’t allow this but there’s a way round it. MS-DOS 5 gives you an /ON switch to use with DIR, for instance:
DIR *.TXT /ON /P
would list all the files with names ending in .TXT, pause the listing every screenful (/P) and sort the names into alphabetical order (/ON).
Users of earlier DOS programs can shove the output from DIR through a utility program that sorts the listing before printing it on the screen. That utility is SORT.EXE, supplied with DOS. … [So:]
DIR | SORT
diverts the output from DIR into SORT, which sorts the directory listing and sends it to the screen. Put this in a batch file called SDIR.BAT and you will have a sorted directory command called SDIR.
I guess earlier versions of DIR followed the Unix philosophy of “do one thing”…
An excellent moment from “Not Even Close: The State of Computer Security“:
Compare and contrast: a Wall Street Journal article linked directly, and one reached via Google (click the top link in the search results). The former leads to a preview and a paywall (or, at least, a signupwall), the latter does not.
The press are so concerned about the dominance of Google, at least in Europe, that they are making various (also foot-shooting) moves to try and bring in ancillary copyright. So why, I wonder, is the WSJ enhancing that dominance by privileging Google users over other users in terms of access to their content?
Q: Ever since I moved up from my old Amstrad 1512 to a 386 I have been annoyed by the way Num Lock comes on when the PC is started up or re-booted. I still use the numeric keypad in preference to the additional cursor key block. Is there any way Num Lock can be turned off automatically?
A: As far as I know, not even the latest version of DOS allows you to set the state of Num Lock on start-up. However, there is a short program you can create which, when run from AUTOEXEC.BAT, turns Num Lock off. Depending on whether you use MS-DOS or DR DOS, type one of the listings shown here into a text editor and save it as a plain ASCII file called NUMOFF.LST.
MS-DOS (Debug) version: a100 XOR AX,AX MOV DS,AX MOV AL,BYTE PTR (417) AND AL,DF MOV BYTE PTR (417),AL XOR AH,AH INT 21 rcx 10 nNUMOFF.COM w q
DEBUG < NUMOFF.LST
All being well, you will now have a program called NUMOFF.COM. Test it by pressing Num Lock to bring the keyboard light on, and type NUMOFF. The light should go off.
30 years later, this still isn’t trivial in GNOME… But the book authors get kudos for creativity in finding out how to send someone a working and useful binary via the medium of dead trees.
Using the -z option to rsync is a dumb idea on a gigabit network.
Q: I post files containing DTP pages and graphics on floppy disks to a bureau for printing. Recently I produced a file that was too big to fit on the disk and I know that I will be producing more in the future. What’s the best way round the problem?
A. There are a number of solutions, most of them expensive. For example, both you and the bureau could buy modems. A modem is a device that allows computers to be connected via a phone line. You would need software, known as a comms program, to go with the modems. This will allow direct PC-to-PC transfer of files without the need for floppy disks. Since your files are so large, you would need a fast 9600 baud modem [Ed: approx 1 kilobyte per second] with MNP5 compression/error correction to make this a viable option.
In this case, however, I would get hold of a utility program called LHA which is widely available from the shareware/PD libraries that advertise in PC Answers. In earlier incarnations it was known as LHarc. LHA enables you to squash files into less space than they occupied before.
The degree of compression depends on the nature of the file. Graphics and text work best, so for you this is a likely solution. The bureau will need a copy of LHA to un-squash the files before it can use them, or you can use LHA in a special way that makes the compressed files self-unpacking.
LHA has a great advantage over rival utilities in that the author allows you to use it for free. There is no registration fee, as with the similar shareware program PKZip, for example.
Every time they brought out a new, larger hard disk, they used to predict the end of the need for compression…
A software organization wants to make a promise, for example about its data practices. For example, “We don’t store information on your location”. They can keep that promise in two ways: code or policy.
If they were keeping it in code, they would need to be open source, and would simply make sure the code didn’t transmit location information to the server. Anyone can review the code and confirm that the promise is being kept. (It’s sometimes technically possible for the company to publish source code that does one thing, and binaries which do another, but if that was spotted, there would be major reputational damage.)
Geeks like promises kept in code. They can’t be worked around using ambiguities in English, and they can’t be changed without the user’s consent (to a software upgrade). I suspect many geeks think of them as superior to promises kept in policy – “that’s what they _say_, but who knows?”. This impression is reinforced when companies are caught sticking to the letter but not the spirit of their policies.
But some promises can’t be kept in code. For example, you can’t simply not send the user’s IP address, which normally gives coarse location information, when making a web request. More complex or time-bound promises (“we will only store your information for two weeks”) also require policy by their nature. Policy is also more flexible, and using a policy promise rather than a code promise can speed time-to-market due to reduced software complexity and increased ability to iterate.
Question: is this distinction, about where to keep your promises, useful when designing new features?
Question: is it reasonable or misguided for geeks to prefer promises kept in code?
Question: if Mozilla or its partners are using promises kept in policy for e.g. a web service, how can we increase user confidence that such a policy is being followed?
What is a browser for? What should it do, or not do? What should it be?
People within the Mozilla project have been recently discussing the user value of some new features in Firefox. I think a person’s view of questions of this nature will depend on their view of the role of the browser. One option is the “featureless window on the web” view – the browser is nothing, the site is everything. But as one participant said, this leads to all the value-add and features being provided by the sites, which is not a recipe for user control, or for using the browser to advance the Mozilla mission.
I think the best vision for Firefox is as your “Internet butler” – quiet and refined, highly capable, provides what you need even before you know you need it, who gently guides you out of trouble but generally does his thing without you needing to think about him or provide explicit direction or management.
Bertie using an early voice interface prototype
So I’d like to propose the “Jeeves Test” for evaluating feature proposals for Firefox. It works like this: imagine Bertie Wooster, relaxing in an armchair in his apartment, with a cigarette, a gin and tonic, and a tablet computer. Then take the user value proposition of an idea, write it in appropriately deferential language, and see if you can imagine Jeeves whispering it into his ear. If you can’t, perhaps it’s not something we want to do.
To make that a bit more concrete, here are some examples of things that might pass: “Here’s an English translation of this Serbian page, sir”, or “For your safety, sir, access to this malware page has been blocked”. And here are some which might not: “For your convenience, sir, I’ve exempted aol.com from your popup blocker”, or “You’ll be pleased to find, sir, that the user interface has been substantially rearranged”.
There may be occasions where we’d want to do something which doesn’t obviously pass the Jeeves Test, if the effects on the broader web ecosystem of making the change are significantly positive. Some of the things we do to improve web security but which have a short-term compatibility impact might fall into that category. “Let me ensure this site doesn’t load for you, sir” generally doesn’t go down well, after all. But in those cases, that longer-term or broader value has to be clearly articulated – before we make the change – if we are to avoid an exasperated “Dash it, Jeeves… why?” from our userbase.
Some people say that all Eurovision songs are the same. That’s probably not quite true, but there is perhaps a hint of truth in the suggestion that some themes tend to recur from year to year. Hence, I thought, Eurovision Bingo.
I wrote some code to analyse a directory full of lyrics, normally those from the previous year of the competition, and work out the frequency of occurrence of each word. It will then generate Bingo cards, with sets of words of different levels of commonness. You can then use them to play Bingo while watching this year’s competition (which is on Saturday).
Here’s a sample card from the 2014 lyrics:
Have fun :-)
Ben Klemens has written an essay criticising Mozilla’s moves towards an HTTPS web. In particular, he is worried about the difficulty of setting up an HTTPS website and the fact that (as he sees it) getting a certificate requires the disclosure of personal information. There were some misunderstandings in his analysis, so I wanted to add a comment to clarify what we are actually planning to do, and how we are going to meet his concerns.
However, he wrote it on Medium. Medium does not have its own login system; it only permits federated login using Twitter or Facebook. Here’s the personal information I would have to give away to Medium (and the powers I would have to give it) in order to comment on his essay about the problems Mozilla are supposedly causing by requiring people to give away personal information:
Don’t like that? That’s OK, I could use Facebook login, if I was willing to give away:
So I’ll have to comment here and hope he sees it. (Anyone who has decided the tradeoffs on Medium are worth it could perhaps post the URL in a comment for me.)
The primary solution to his issues is Let’s Encrypt. With Let’s Encrypt, you will be able to get a cert, which works in 99%+ of browsers anyone uses, without needing to supply any personal information or to pay, and all at the effort of running a single command on the command line. That is, the command line of the machine (or VM) that you have rented from the service provider and to whom you gave your credit card details and make a monthly payment to put up your DIY site. That machine. And the cert will be for the domain name that you pay your registrar a yearly fee for, and to whom you have also provided your personal information. That domain name.
If you have a source of free, no-information-required server hosting and free, no-information-required domain names (as Ben happens to for his Caltech Divinity School example), then it’s reasonable to say that you are a little inconvenienced if your HTTPS certificate is not also free and no-information-required. But most people doing homebrew DIY websites aren’t in that position – they have to rent such things. Once Let’s Encrypt is up and running, the situation with certificates will actually be easier and more anonymous than that with servers or domain names.
“Browsers no longer supporting HTTP” may well never happen, and it’s a long way off if it does. But insofar as the changes we do make are some small infringement on your right to build an insecure website, see it as a civic requirement, like passing a driving test. This is a barrier to someone just getting in a car and driving, but most would suggest it’s reasonable given the wider benefit to society of training those in control of potentially dangerous technology. Given the Great Cannon and similar technologies, which can repurpose accesses to any website as a DDOS tool, there are no websites which “don’t need to be secure”.
I was in the middle of debugging some code when a background Slashdot tab from 10 minutes ago suddenly started playing a sponsored video. Truly and genuinely, the opening of this video contained the following:
Did you know that it takes you 15 minutes to get back into the work zone after being interrupted by an alert or message?
Yes. Yes, Slashdot, I did…
I would like to use a stronger word than “bad” in the title, but decency forbids.
HSBC has, or used to have, a compulsory 2-factor system for logging in to their online banking. It used a small widget called a Secure Key. This is good. Now, they have rolled out an Android/iOS/Blackberry app alternative. This is also good, on balance.
However, at the same time, they have instituted a system where you can log on and see all your banking information and even take some actions without the key, just using a password. This is bad. Can I opt out, and say “no, I’d like to always use the key, please?” No, it seems I can’t. Compulsory lowered security for me. Even if I don’t use the password, that login mechanism will always be there.
OK, so I go to set a password. Never mind, I think, I’ll pick something long and complicated. But no; the guidance says:
Your password is not case sensitive and must be between 8 and 30 characters. It must include letters and numbers.
So the initial passphrase I picked was both too long, and didn’t include a number. However, the only error it gives is “This data is invalid”. I tried several other variants of my thought-of passphrase, but couldn’t get it to accept it. Painful reverse-engineering showed that the space character is also forbidden. Thank you so much, HSBC.
I finally find a password it’ll accept and click “Continue”. But, no. “Your session is invalidated – please log in again.” It’s taken so long to find a password it’ll accept that it has timed me out.
Q: How do I rename a sub-directory? The only way I can find is to make a new one with the new name, copy all the files over from the old one, and then delete the original!
A: As you have found, the MS-DOS REN command doesn’t work on sub-directories. For a programmer it is a relatively trivial task to write a utility to do this job, and DR DOS 6 has a RENDIR command used in the same way as REN.
The manual for MS-DOS 5.0 advises the reader to do what you’re doing already, and indeed DR DOS 5 didn’t make provision for renaming directories. You can, however, use the DOS shell program to rename directories. If you want to stick with the command line, the best alternative is to get hold of a utility program written to do the job. Such programs are commonly found in shareware/PD catalogues.
Better think carefully before choosing that directory name…