Posts by Jusme 134 publicly visible posts • joined 18 Dec 2007
@Peter Kay - Got a model number?
Not the OP, but I have a nice Philips UWS that acts as a decent KVM switch between two laptops [USBC K+V+M] and [DP with USB K & M]:
Philips 499P9H- 49 Inch Curved Dual QHD Monitor
https://www.amazon.co.uk/dp/B07MY2DXPH
(It also has a pop-up webcam, but it's crap)
The first mouse I owned (and still have...) had the raw quadrature outputs from the shaft encoders as it's interface. I had to build (from TTL parts) a circuit to generate a movement interrupt and a direction flag for each axis, and write a "driver" for it. In Z80 assembler.
Now where's my chisel...
> The reason cert lifetimes have been getting shorter and shorter has nothing to do with money - the push for shorter lifetimes comes mostly from LetsEncrypt, which offers them for free.
I thought the push was coming from Apple and Google. Whatever. This seems to me to be the wrong solution to the problem. Basically we've given up on making certificate revocation work* **, so the only alternative is short-lived certificates, to make sure $badguys have to work overtime once they spot an opportunity.
* Bit like the lazy/incompetent programmer resorting to a poll loop because interrupts were too hard for them.
** The paranoid may suggest this is another happy accident...
> Is that just a feeling or can you link to some evidence?
It's been normalised as "best practice" in the corporate world (ref. Google, e.g. https://security.stackexchange.com/questions/107542/is-it-common-practice-for-companies-to-mitm-https-traffic).
No idea how pervasive it is outside corporate environments, but I don't believe anyone who says it can't be done.
Seems to me that this push to PKI-based "security"*, especially with shorter and shorter certificate validity times, has a nice side effect of forcing everything to be a live service / subscription model. If you don't keep updating, and paying the subscription** it just stops working.
* The air quotes are deliberate, as I'm not convinced this actually makes anything more secure now, especially in the web/browser world where network-level m-i-t-m snooping of https is normal business.
** Either actual £/$, or by having the latest circle of enshitification (monetisation) forced on you. Good luck keeping an older version of a browser that still supports ublock origin working for much longer, for example.
+1 for FrameMaker, the only DTP tool I've used that seemed to understand page layout properly.
Cost a packet though, and we only had limited licences (again on Sun workstations). I often had the job of kicking FlexLM up the backside when it had a sulk.
I also had a row with the management when PCs started to infect the workplace. "You should be using Word for documentation" "But the Engineers all have Sun workstations on their desks, only the managers have PCs with Solitaire, er I mean Word...".
> Another thing that holds back wider deployment certainly for bigger organisations is the idea having to re-number v6 hosts to new provider-allocated ranges
...
> In a way this has actually forced more centralisation on the internet, where orgs will outsource their edge to a CDN so the public-facing network and addressing is not their problem.
At which point you might as well stick with IPv4 RFC1918 addresses internally, and your "CDN" will have (possibly shared) public IPv4 addresses for your "website" so everyone can access it.
> ipv6 is a mess. it has been made overly complicated, IMHO. And if you don't use NAT (NAT in V6, I mean) you'll end up having to renumber your entire LAN if you change provider (unless you own your own v6 netblock and have it routed through your current provider). And anyway if you want your internet to work, you still NEED v4 until everyone else (100% of them) is on v6 too. And this statement says it all. Since everyone still needs v4, why bother configuring a dual stack solution? Since I need v4 anyway, I just stick with it.
Yep, that's pretty much my song too.
IPv6 was designed by academics and made over-complicated, in a misguided attempt to solve too many problems. We already rejected OSI for that. If it had just addressed the core problem, 32-bit addresses, in a way that was directly compatible, by now we might have had 100% support, but, as evidenced by the fact that we haven't, it's clearly too hard and too different.
> For one horrible moment there I though that some idiot had decided that PNG files were executables. Now I read it a second time, I see that the nasty is in the remote script - I assume Windows only - run by the duped user.
Exactly. Sounds to me like the 'PNG' angle is just the command channel to an already compromised host, not an attack vector. Won't stop the dibbles banning PNG files in the usual exit-horse-door-bolting exercise though.
> All I ever used Winamp for was for Shoutcast streaming. Is it still good at that?
No idea, I only ever play mp3's from files, those being on shared filestore is as network-y as it gets. I suspect this version pre-dates internet streaming though (back then streaming meant you could start playing the song before the "download" from napster had finished, and if you were lucky it would all come down in time :)
> Should I completely avoid the 5.x versions?
Probably...
> A good player was the old version of Winamp before it went mad...
Still using version 2.64 here, before the rot started. I think the next version included a web browser to show ads, or something annoying, so I've kept the zip and been using that version ever since. It plays my mp3's, doesn't get in my face, and even works on 'doze 11.
> Revenue for the first half of 2024 was reported as $144 million, a 61 percent increase from the same period in 2023. Gross profits stood at $34.2 million, up 47 percent.
And the shareholders will now expect that to be repeated, and even bettered, year on year. And when it isn't, their dividends will be taken from the company assets until there's nothing of value left.
> I have had no issues with my zen + HE tunnel setup...
> In day to day use however, lots of places seem to block HE IPv6 ranges.
I used the same approach (using Zen and Virgin for IPv4 connectivity), and yes, some things work fine. Reading around, it doesn't seem to be that sites are blocking HE, but there are peering issues that HE seem to be on the wrong side of. Until that nonsense is sorted, using IPv6 is a bad joke.
Edited to add:
Zen seem to provide some level of IPv6 capability on the Fritz Box router they supply, but I couldn't get it to work at all. Virgin seem to have absolutely no interest in IPv6, and are still delivering their cable TV over proprietary co-ax, not IP (I know this because they foisted their STB on me to get a decent discount on the broadband. Since I way paying for it, I hooked it up (via the ethernet port) and it seemed to be going ok with the menus etc. but as soon as I tried to watch any content it errored out because the co-ax wasn't connected. Unfortunately the Virgin termination point is in the server room, and the big TV isn't, so their fancy STB went back in its box.)
> Tests show it's just too hard to put the unused 240/4 block to work
Probably easier than deploying IPv6
> Two thirds of the internet is not on IPv6 and is thriving on network address translation
Exactly.
IPv6 reminds me of OSI networking, as beloved by mainframes of a certain flavour. Designed by committee, and including all sorts of clever stuff to satisfy everyone. Unfortunately they both ended up being too hard to implement, and as a result, the simplicity of IPv4 still rules the internet.
(Yes, I've deployed IPv6, and until recently had a fully IPv6 enabled network - DNS, email, web, etc. Unfortunately the problems it causes (several*) seem to exceed the benefits it gives (none), so I'm now removing all IPv6 capability - I just don't need it.
<asbestos underwear installed...>
* For starters:
Problem 1: The IPv6 internet seems to be fragmented - not all addresses are always reachable from all providers due to commercial politics.
Problem 2: If I change provider, I have to change addresses on everything. Yes, I could use IPv6 NAT, but that was strongly discouraged by the IPv6 cult and only got included (late in the day) because it's necessary in the real world.
Problem 3: Practically no consumer ISPs (in the UK at least) support IPv6 properly (i.e. give you a /48 global prefix)
> The QBone is probably cheating a bit, but I/O devices are typically large/rare/mechanical so acquiring them working can be a significant challenge and expense.
Doesn't TNMoC use a Raspberry PI to emulate a room full of washing machine-sized discs on their ICL 2966?
Still impressive that the original OCP and IOC cabinets still work :)
> There were several aesthetically pleasing designs: https://www.theguardian.com/environment/gallery/2011/sep/14/shortlist-designs-electricity-pylons-in-pictures
Hell's teeth, there's some real fugly nonsense there! I actually quite like the British Standard Pylon, a majestic steel giant holding wires aloft. A small price to pay for the benefits of mains electricity, that we all depend on for every aspect of our lives.
I've said this before, and been downvoted, but I'll say it again.
Google wants Chrome to be a secure content delivery platform, so they can fully control and monetise the web, just like a cable TV company. They've locked down the network side by making everything https, now they're locking down the browser so you can't tamper with the content. They've turned their search engine into a curated portal (you'll only get your site seen if you pay them or they think it's good enough to be included). What next? I suspect further tightening of certificates so that "unapproved" ones get some kind of subtle warning, then less subtle, then blocked by default?
We're all dooooomed....
> This sounds like the boss needed educating that plugging ethernet cables into the wrong port is not going to cause explosions (or other less spectacular types of physical damage).
Unless someone was using an "unconventional" PoE implementation (not impossible if analog CCTV, telephony, or the coffee maker was also being patched through the structured cabling).
I sleep better knowing our data is being carved into sophisticated linear rust* and taken offsite**
It scares me when I hear of companies that think replication is a sufficient backup, and long-term archive? Whassat?
It depresses me that requesting a tape library in our datacentre raises eyebrows and sarcastic comments.
* Yes, we do regularly test restore too.
** Yes, it is encrypted.
OpenStack is used by some extremely large users... So, it is very much a "product". NASA, UK GDS, CERN, China Mobile, not to mention a bunch of hosting companies running their own cloud products (eg OVH)...
Exactly, those large users can afford to dedicate teams to configuration and deployment of OpenStack. For smaller organisations there is no click-and-play, as there is (was) with VMware. OpenStack is a huge learning curve when virtualisation technology isn't your core business.
I guess if the dealer is getting out of the market there's no need for "first ones free" offers anymore. Like with early Windows, we could play at home for free and learn about all these great new toys, then take them into the workplace and get our employers to pay big bux for them. Classic 1...2...profit!
It'a a pity OpenStack never made it as a product. From 2020 (https://forums.theregister.com/forum/all/2020/10/22/openstack_at_10/):
"Last time I looked, OpenStack was still a science project. You get a bag of bits (very nice bits, certainly), but putting them together to make a working virtualisation environment takes a lot of time/effort/knowledge. Compare with VMware, which "just works" (though they're trying their best to break it with every new release), and you can be spinning up VMs through a nice-ish GUI within minutes of installation. OpenStack needs to be a product, not a technology..."
Don't think much has changed.
The thing is, you pay for an ad-free experience. then eventually they start showing ads to paying customers[1] too, just to keep the price down[2].
I'm conflicted, as people need to earn a living, and content/hosting isn't free, but overall I think this is another "nope", as the money will likely go to the wrong people.
[1] Well typically if you're seeing ads you're their product.
[2] aka increase their profits
"The bigger picture view: iOS, iPadOS and Android have shown that immutable OS deployment and image-based update distribution works, well, in the field, at vast scale, on devices with no local tech support. This stuff is out there today and used by literally billions of people. It works."
And for an applicance, that's great. I have an iPhone and a PS5, and am quite happy that they're locked down and managed, because I just want them to work.
But I also want to be able to learn and develop, and this march to "closed" systems is making the barrier to entry higher and higher. How long before Windows gets locked down to make loading unapproved "apps" difficult? Can't be far off that now. And it seems Linux is hot on it's heels. Will I need a vendor-supplied SDK to develop my own software?
"So go get the source and build it yourself." Yep, that certainly works today. Until I need to get the bootloader signed by MS for it to run on any modern hardware. And it won't be able to connect to the internet because it won't have the necessary certificates.
Ok, I'm being a bit pessimistic, but there are people out there who would approve of this.
I see where they're going with this, but I hope they don't lose sight of the biggest USP of the Pi - the ability to tinker with hardware via GPIO on a cheap (throw-away) module. PCIe is hardly a hobbyist accessible interface, and by the time you've added M2 SSDs etc. and made this a (pretty decent, if still minimal) ARM PC, you're not going to want to be poking wires into it.
I'm sure they've run the numbers and know that a lego-kit PC is probably going to sell better than a souped-up microcontroller, but learning about the nuts and volts is something we seem to be losing out on these days </grumpy old man>
> Oh wow. How does that work? Surely forcepoint doesn't have the root certs for all certs? How can it replace all certs in one swoop so all https connections from a company PC are compromised?
They (my employer, the company that owns the kit) installs their own CA by group policy (these devices are locked down tighter than a gnats chuff). All https connections are intercepted by the Forcepoint proxy, which generates and presents a server certificate for the site being accessed. The client (browser) sees this as valid, as it's signed by an installed CA, and makes the HTTP request. The Forcepoint proxy checks the request against its naughty list, and if ok, makes the request out to the real site. The response passes back through the Forcepoint proxy, which scans it for naughty words and naked aardvarks, and if you're lucky, passes it back to the client (browser).
I think they bypass this for some know sites like the big banks, presumably to avoid liability if anyting goes wrong, but I wouldn't use the work kit for anything like that anyway (which is fine by them).
> In the second situation your connection is encrypted, and only readable by that specific website. No way for anyone else to listen in.
Except that isn't true. It only needs *one* of the many CAs to have leaked, or allow, their root cert or an intermediary to be used by a person with interest and they can m-i-t-m *any* site by issuing their own cert for it, on the fly. Heck, that process is standard practice in corporate environments (the certificate for every site I visit on our corporate kit is signed bt Forcepoint). At this point https is pure security theatre.
(Sorry, that's not an elephant, really...)
> This, or real-time (or faster) video encoding for every targeted advert they insert into the playback stream, which is computationally expensive, and thus expensive in terms of hardware and power usage in a data centre.
Too many years ago, a "friend" signed up with a usenet provider that specialised in binary newsgroups, possibly easynews. I was quite impressed that they generated zipfiles of the selected, er, "articles", on the fly as you downloaded them. Back then I thought that was computationally expensive. I don't have a problem believing that real-time splicing of a pre-encoded, but dynamically selected, ad bitstream into an outgoing video stream would be too big an ask, and that allows tailoring right down to the individual.
> I suspect the ads would exactly have to match a "gap" in source video to avoid having to re-encode the next chunk of that (until the next video 3 minutes later).
The odd time I've been unfortunate enough to witness ads on Twitch (which makes it doubly unfortunate), they didn't seem to mind splatting them over the stream regardless of the content.
I've always been curious why the ads aren't burned in to the video stream on YT. The technology to do this certainly exits, and they would be unblockable and unskippable, so the reason must be commercial.
Don't get me wrong, I'm not suggesting this as a solution (and it's fairly likely someone at YT has thought of it already...), and if they ever did implement it my YT hours would drop from negligible to nil. Maybe that's the reason - there is nonzero value to the borg in having me watch the occasional Big Clive or Photonic Induction video, and nonzero x 10^100 buys a lot of yachts...
I dislike having certain "dangerous" commands in the history, in case a little bit of lag, or jitters on the arrow keys, causes them to reappear at an inconvenient time. I tend to do things like:
# mv important-sounding-dir xyzzynosuch
# rm -rf xyzzynosuch
Or
# bash +o history ## new shell with no history retained
# dd if=/dev/zero of=/dev/sdb
# exit
Of course I've still had several ohnoseconds over my ${too_many} years in this game. That's why I'm quite keen on backups...
"I’m people, and I want an electric car, so does my wife"
Really?
Or do you actually want a means of transporting yourself, your cohorts and your chattels from A to B cheaply and conveniently?
Most people don't really care if their vehicle is powered by dead dinosaurs, angry atoms or unicorn farts, they just want "a car", and today, the ICE is generally the best fit solution for that problem, and the BEV isn't.
Batteries are crap.
If battery technology had advanced the same rate semiconductors, magnetic media and networks have over the last decades we'd be flying across the Atlantic on a pack of AA's by now. The fact that it hasn't suggests it won't, it certainly isn't for the want of trying*. Your phone battery lasts so much longer now not because the battery is so much better, but because the electronics are. Unfortunately it still takes the same amount of energy to move a tin can and it's contents now as it always did, and always will, so there's little other scope for improvements to the range.
There's also the problem of charging, even if a perfect battery existed. The filler hose at your local supermarket delivers the equivalent of around a megawatt of power while it's dispensing fuel. That's a lot of amps and a lot of volts to get the same energy delivery in a short time. Electrical things with megawatts on their nameplates tend to live in locked rooms with big warning signs, for good reasons, not out on the high street for anyone to play with.
* Unless you think Big Bad Oil has been keeping it hidden for all this time, which requires strong metallic millinery to believe**
** Unlike the much more plausible conspiracy that Big Bad Oil has been suppressing it's real enemy, nuclear, by funding FUD for 50 years...
"Change can happen quickly...If there is a structural or a monetary imperative"
Actually I think that's exactly wrong. Trying to coerce people into something they don't really want is, at best, a slow process. The reason ICE vehicles took over from horses so quickly was because people wanted the freedom they gave, despite their initial limitations. The huge demand fuelled their mass production, and provision of the infrastructure to support them. There was no "government incentive" to get an ICE vehicle, people *wanted* them.
Compare with those abhorrent CFL lamps that they tried to push on us a few years back. They may have had a lower energy consumption than incandescent lamps, but in every other way they were significantly worse. People didn't really want them, so they had to be forced on us, by banning incandescents and subsidising their production, and by getting the energy companies to supply them to disinterested customers and add the costs to their bills. Then along came viable LED lighting. *Poof* CFLs (and finally incandescents) were history. No incentives or laws needed - they are actually better than the alternatives, and people wanted them.
People don't really want electric cars. They may have lower emissions at the point of use (but it's not clear if their total environmental impact is actually that much less than ICE), and they are generally inferior in most other respects (cost, range, choice...). Unfortunately there probably won't be an "LED" moment for personal transport. Barring a 10-fold improvement in battery technology, which is unlikely at this point, or development of a safe suitcase-size fusion reactor, which is still pure sci-fi, the only solution to the very real problem of fossil fuel exhaustion is a significant reduction in the availability of personal transport. This will most likely happen by pricing them off the roads, as "cheap" ICE vehicles are outlawed and only those who can afford BEVs will be able to enjoy the freedom of personal transport. People won't like that.
Re:
> But if you are giving it away with the GPL why not just enable it in the first place?
and
> So hell the how can the Linux devs review this to include it? Will the source code have all the details in the Git headers/comments?
I strongly suspect the kernel code is nothing more than a channel from user-space to the hardware, which will be used to send encrypted keys that will have as-yet undefined purposes (but likely, as suggested, enabling features in return for extra £, DRM etc.).
Given the prime movers of this (Intel, IBM), I also strongly suspect it is intended to be of more benefit to corporate users than us proles.
> RSI? We shopped at Farnell.
+1
The RS rep at Uni was a snobbish prat who didn't think students should get copies of their catalogue, or be allowed to order directly. Luckily by that point I already had a Farnell trade account (set up by a friendly rep when they noticed how much I was spending with them), and regular free copies of their catalogue (back when the catalogue could double as building material). They were rewarded with plenty of business sent their way after graduation. At one point I even had a better credit line on my personal account than the company I was working for, due to some issue over payment terms, so had to put a large order through on expenses!
Pity they've now been taken over by a corporate conglomerate and don't seem to be as efficient as they used to be. Nothing lasts, nothing lasts...
Reads to me that "Matt" actually did a heroic job working around the problems caused by broken hardware:
"The reason that the reported fault address had been incremented to the next instruction was that the machine had actually executed the instruction, using whatever noise was on the memory bus at the time the instruction executed."
Do these words not make anyone who cares about open and free software a little bit worried?
The fact that _Microsoft_ have total and absolute control of what you are allowed to run on your hardware?"
The may well be playing sort-of fair at the moment (but still dragging their feet and griefing a legitimate project), but they can raise the barrier whenever they want.
And don't say "secure boot is totally optional, so it doesn't matter". It's a very small step to it becoming mandatory in the current paranoid climate...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
