Posts by Jusme 145 publicly visible posts • joined 18 Dec 2007
...it might be in a secure location, not out on the street. Still a bit ugly though.
Unrelated anecdote. In Before Times, we used to have a cash machine in our access-controlled office. One night there was a break-in, but the dumb scrotes were more interested in the shiny (but pretty crap) large plasma screen in reception to walk 5 meters further and grab some easy cash.
Yes, it is. Its been around for 30 years and still hasn't displaced IPv4 in a meaningful way.
My thoughts as to why (as someone who has implemented, and now rolled back, a fully IPv6 capable network):
* Its an over-complicated mess. Much like ISO networking, there are so many options and parameters and features that implementations differ, and are hence incompatible.
* It was pushed too hard. Making IPv6 the default, before it was fully available, made things not work. Disabling IPv6 made things work, with a mental note to "turn off IPv6" that has persisted.
* Zeroconf/autoconf/link-local addressing. What's the point? So you can have a working IPv6 subnet with no "configuration". But as soon as you need to talk to the outside world (i.e. anything on a different subnet, even within your organisation) you need a global address, so you need configuration.
* A huge part of the IPv6 address is wasted for autoconf to work (8 of the 16 bytes), with nebulous justifications like it maks scanning for valid addresses impossible and allows randomisation. Newsflash, as soon as an IPv6 node talks, it "broadcasts its IP address", so that bit of security-by-obscurity doesn't last long.
* If it's implemented properly, there are only 65536 * [IPv4 address space] prefixes, which is what ISPs should be handing out. With this "few" prefixes available, it doesn't live up to the "more than everyone in the universe will ever need" tagline. What has happened is that ISPs only have so many prefixes to offer, so split them up, giving customers less than a /48 and breaking the protocol. Understandable, as nobody needs 2^80 IP addresses to themselves (which is what a single prefix gives you). But that's the design...
* NAT. Ok, so I sign up and get a /48 prefix to myself/company. I configure global IPv6 addresses on all systems using that prefix. Then I fall out with my ISP and have to renumber everything. IPv6 NAT was actively discouraged at the start, as once you take the NAT pill you quickly realise you can live without IPv6 for much longer...
* Corporate politics. Just as things were starting to come together, the final straw for me with IPv6 was a split in the internet in IPv6 land, caused by peering issues with the big providers. Once again, turning IPv6 off made things work. I won't be turning it back on again.
There are a few places where IPv6 makes sense, like huge mobile IP providers whose endpoints are really on a private network, as it's simpler than IPv4 NAT at that scale, but as the default Internet Protocol - nope.
...I'd tag this article as flamebait :)
4GL
Rapid Application Development
Low Code
Vibe Coding
All wet dreams of MBA-types wanting to use cheap labour to replace expensive skilled workers.
Just like most things "AI", they look good at first sight ("Look at this amazing app little Johnny has built"), but are likely to cause so many issues with security, data integrity, reliability, stability, scalability, maintainability, yada yada... that the lifetime cost will be much more than it would have been if a skilled developer/team was employed to create it in the first place. Of course the manager of the initial development will have trousered his bonus for delivering something on time, and has long-since moved on.
> Notepad++
I'm probably going to get some heat for this, but even Notepad++ is getting a bit too big for its boots. At this level I just want a text box that records what I type and doesn't try and format, correct, guess what I want to do next, or otherwise bugger about with my thoughts, however insane they might be. If I want a word processor I'll use a word processor. If I want an IDE I'll use an IDE. If I want an AI chatbot I'll shoot myself.
vi forever :)
When Red Hat decided to dump it's non-corporate users overboard, I had a good hard look at the alternatives (Alma, Rocky, SuSE, Ubuntu, various BSD-based distributions), and settled on Alma, as it offered compatibility with RHEL (so I didn't have to spend ages re-learning how to do the same things in different ways), but from the outset said it wasn't going to try to be a byte-for-byte clone as CentOS was (and Rocky was promising to be). I hoped that this meant it wouldn't follow RedHat down the road of turning RHEL into a closed, proprietary, OS, and it seems this is an example of it doing exactly what it said it would. Regardless of the merits of Btrfs, having it available is one of the benefits of an "open" OS, not the "our way or the highway" approach of IBM/Microsoft/RedHat.
So Well done Alma!
> New World (an MMO from 2021) initially (in the beta) had unlimited framerates in the menu screen...
A lot of games still do. I recently had a bug report from SWMBO that her game was always stuttering for a few seconds after using the menus, A bit of diagnostics with afterburner soon showed that in the menus the fps went through the roof, as did the GPU temperature, causing it to throttle. It took a few seconds of normal gameplay for it to cool down enough to run at full speed again.
(Unfortunately the solution was to replace the very e$pensive gaming laptop with an even more e$$$pensive water cooled space heater of a PC, after concluding that gaming laptops suck for heat management).
> It doesn't require any allocation of money to put IPv6 into a network...
So someone is going to volunteer to to all these things to your network for free, and support it forever? And you're going to let them, without a network design, documentation, risk assessment, contingency plan, outage schedule, training of support and helpdesk?
IPv4 + NAT is "free", because that's what is on the ground, working, and making you money (hopefully).
IPv6 is a cost, and the benefit to consumer-level ISPs doesn't seem to justify that cost, else they would be doing it.
> 64 bytes from fe80::3e7c:3fff:fe6b:7ce8%enp4s0: icmp_seq=1 ttl=64 time=1.07 ms
That's not their global IPv6 address, it's a "link local" address, that is of no use other than on the [virtual] wire connecting the two devices.
This is one of the reasons IPv6 is a pain, it has these extra addresses that are intended to make it "just work", but in practice it doesn't, and now you have another vulnerability unless you know about and protect against.
And mandating technology has never worked. If it's sufficiently better than what we have already it will be adopted. If it isn't, it won't.
"Smart", "Eco", "Green", "AI". As with all things, these should be treated as warning labels. Any such attributes are more likely for the benefit of the supplier / manufacturer, not the consumer.
(And the only way "Smart" meters will help reduce your electricity bill is by allowing you to turn things off when they jack up the price because the sun ain't shinin' an the wind ain't blowin')
> cables are technically infeasible for transmission, i.e. very high voltage AC (400kV) at long distances (>50km).
There's a few undersea cables that may contest that assertion (https://en.wikipedia.org/wiki/Submarine_power_cable). Pylons don't work too well underwater :)
But yes, buried cables are a lot more expensive than air insulated transmission lines, at any voltage, as described in other comments.
Personally, I like the UK pylons, and yes, I would have one in my back yard.
> I'm with you bro. I wrote a simple wrapper shell script, that reduces the functionality of screen to 2 things...
Ditto, but three:
[ian@vm46 ~]$ grep screen ~/.bashrc
alias s='screen -r'
alias ns='screen -S'
alias ss='screen -ls'
's name' Connects to an existing session
'ns anothername' Creates a new session
'ss' Lists current sessions
@Peter Kay - Got a model number?
Not the OP, but I have a nice Philips UWS that acts as a decent KVM switch between two laptops [USBC K+V+M] and [DP with USB K & M]:
Philips 499P9H- 49 Inch Curved Dual QHD Monitor
https://www.amazon.co.uk/dp/B07MY2DXPH
(It also has a pop-up webcam, but it's crap)
The first mouse I owned (and still have...) had the raw quadrature outputs from the shaft encoders as it's interface. I had to build (from TTL parts) a circuit to generate a movement interrupt and a direction flag for each axis, and write a "driver" for it. In Z80 assembler.
Now where's my chisel...
> The reason cert lifetimes have been getting shorter and shorter has nothing to do with money - the push for shorter lifetimes comes mostly from LetsEncrypt, which offers them for free.
I thought the push was coming from Apple and Google. Whatever. This seems to me to be the wrong solution to the problem. Basically we've given up on making certificate revocation work* **, so the only alternative is short-lived certificates, to make sure $badguys have to work overtime once they spot an opportunity.
* Bit like the lazy/incompetent programmer resorting to a poll loop because interrupts were too hard for them.
** The paranoid may suggest this is another happy accident...
> Is that just a feeling or can you link to some evidence?
It's been normalised as "best practice" in the corporate world (ref. Google, e.g. https://security.stackexchange.com/questions/107542/is-it-common-practice-for-companies-to-mitm-https-traffic).
No idea how pervasive it is outside corporate environments, but I don't believe anyone who says it can't be done.
Seems to me that this push to PKI-based "security"*, especially with shorter and shorter certificate validity times, has a nice side effect of forcing everything to be a live service / subscription model. If you don't keep updating, and paying the subscription** it just stops working.
* The air quotes are deliberate, as I'm not convinced this actually makes anything more secure now, especially in the web/browser world where network-level m-i-t-m snooping of https is normal business.
** Either actual £/$, or by having the latest circle of enshitification (monetisation) forced on you. Good luck keeping an older version of a browser that still supports ublock origin working for much longer, for example.
+1 for FrameMaker, the only DTP tool I've used that seemed to understand page layout properly.
Cost a packet though, and we only had limited licences (again on Sun workstations). I often had the job of kicking FlexLM up the backside when it had a sulk.
I also had a row with the management when PCs started to infect the workplace. "You should be using Word for documentation" "But the Engineers all have Sun workstations on their desks, only the managers have PCs with Solitaire, er I mean Word...".
> Another thing that holds back wider deployment certainly for bigger organisations is the idea having to re-number v6 hosts to new provider-allocated ranges
...
> In a way this has actually forced more centralisation on the internet, where orgs will outsource their edge to a CDN so the public-facing network and addressing is not their problem.
At which point you might as well stick with IPv4 RFC1918 addresses internally, and your "CDN" will have (possibly shared) public IPv4 addresses for your "website" so everyone can access it.
> ipv6 is a mess. it has been made overly complicated, IMHO. And if you don't use NAT (NAT in V6, I mean) you'll end up having to renumber your entire LAN if you change provider (unless you own your own v6 netblock and have it routed through your current provider). And anyway if you want your internet to work, you still NEED v4 until everyone else (100% of them) is on v6 too. And this statement says it all. Since everyone still needs v4, why bother configuring a dual stack solution? Since I need v4 anyway, I just stick with it.
Yep, that's pretty much my song too.
IPv6 was designed by academics and made over-complicated, in a misguided attempt to solve too many problems. We already rejected OSI for that. If it had just addressed the core problem, 32-bit addresses, in a way that was directly compatible, by now we might have had 100% support, but, as evidenced by the fact that we haven't, it's clearly too hard and too different.
> For one horrible moment there I though that some idiot had decided that PNG files were executables. Now I read it a second time, I see that the nasty is in the remote script - I assume Windows only - run by the duped user.
Exactly. Sounds to me like the 'PNG' angle is just the command channel to an already compromised host, not an attack vector. Won't stop the dibbles banning PNG files in the usual exit-horse-door-bolting exercise though.
> All I ever used Winamp for was for Shoutcast streaming. Is it still good at that?
No idea, I only ever play mp3's from files, those being on shared filestore is as network-y as it gets. I suspect this version pre-dates internet streaming though (back then streaming meant you could start playing the song before the "download" from napster had finished, and if you were lucky it would all come down in time :)
> Should I completely avoid the 5.x versions?
Probably...
> A good player was the old version of Winamp before it went mad...
Still using version 2.64 here, before the rot started. I think the next version included a web browser to show ads, or something annoying, so I've kept the zip and been using that version ever since. It plays my mp3's, doesn't get in my face, and even works on 'doze 11.
> Revenue for the first half of 2024 was reported as $144 million, a 61 percent increase from the same period in 2023. Gross profits stood at $34.2 million, up 47 percent.
And the shareholders will now expect that to be repeated, and even bettered, year on year. And when it isn't, their dividends will be taken from the company assets until there's nothing of value left.
> I have had no issues with my zen + HE tunnel setup...
> In day to day use however, lots of places seem to block HE IPv6 ranges.
I used the same approach (using Zen and Virgin for IPv4 connectivity), and yes, some things work fine. Reading around, it doesn't seem to be that sites are blocking HE, but there are peering issues that HE seem to be on the wrong side of. Until that nonsense is sorted, using IPv6 is a bad joke.
Edited to add:
Zen seem to provide some level of IPv6 capability on the Fritz Box router they supply, but I couldn't get it to work at all. Virgin seem to have absolutely no interest in IPv6, and are still delivering their cable TV over proprietary co-ax, not IP (I know this because they foisted their STB on me to get a decent discount on the broadband. Since I way paying for it, I hooked it up (via the ethernet port) and it seemed to be going ok with the menus etc. but as soon as I tried to watch any content it errored out because the co-ax wasn't connected. Unfortunately the Virgin termination point is in the server room, and the big TV isn't, so their fancy STB went back in its box.)
> Tests show it's just too hard to put the unused 240/4 block to work
Probably easier than deploying IPv6
> Two thirds of the internet is not on IPv6 and is thriving on network address translation
Exactly.
IPv6 reminds me of OSI networking, as beloved by mainframes of a certain flavour. Designed by committee, and including all sorts of clever stuff to satisfy everyone. Unfortunately they both ended up being too hard to implement, and as a result, the simplicity of IPv4 still rules the internet.
(Yes, I've deployed IPv6, and until recently had a fully IPv6 enabled network - DNS, email, web, etc. Unfortunately the problems it causes (several*) seem to exceed the benefits it gives (none), so I'm now removing all IPv6 capability - I just don't need it.
<asbestos underwear installed...>
* For starters:
Problem 1: The IPv6 internet seems to be fragmented - not all addresses are always reachable from all providers due to commercial politics.
Problem 2: If I change provider, I have to change addresses on everything. Yes, I could use IPv6 NAT, but that was strongly discouraged by the IPv6 cult and only got included (late in the day) because it's necessary in the real world.
Problem 3: Practically no consumer ISPs (in the UK at least) support IPv6 properly (i.e. give you a /48 global prefix)
> The QBone is probably cheating a bit, but I/O devices are typically large/rare/mechanical so acquiring them working can be a significant challenge and expense.
Doesn't TNMoC use a Raspberry PI to emulate a room full of washing machine-sized discs on their ICL 2966?
Still impressive that the original OCP and IOC cabinets still work :)
> There were several aesthetically pleasing designs: https://www.theguardian.com/environment/gallery/2011/sep/14/shortlist-designs-electricity-pylons-in-pictures
Hell's teeth, there's some real fugly nonsense there! I actually quite like the British Standard Pylon, a majestic steel giant holding wires aloft. A small price to pay for the benefits of mains electricity, that we all depend on for every aspect of our lives.
I've said this before, and been downvoted, but I'll say it again.
Google wants Chrome to be a secure content delivery platform, so they can fully control and monetise the web, just like a cable TV company. They've locked down the network side by making everything https, now they're locking down the browser so you can't tamper with the content. They've turned their search engine into a curated portal (you'll only get your site seen if you pay them or they think it's good enough to be included). What next? I suspect further tightening of certificates so that "unapproved" ones get some kind of subtle warning, then less subtle, then blocked by default?
We're all dooooomed....
> This sounds like the boss needed educating that plugging ethernet cables into the wrong port is not going to cause explosions (or other less spectacular types of physical damage).
Unless someone was using an "unconventional" PoE implementation (not impossible if analog CCTV, telephony, or the coffee maker was also being patched through the structured cabling).
I sleep better knowing our data is being carved into sophisticated linear rust* and taken offsite**
It scares me when I hear of companies that think replication is a sufficient backup, and long-term archive? Whassat?
It depresses me that requesting a tape library in our datacentre raises eyebrows and sarcastic comments.
* Yes, we do regularly test restore too.
** Yes, it is encrypted.
OpenStack is used by some extremely large users... So, it is very much a "product". NASA, UK GDS, CERN, China Mobile, not to mention a bunch of hosting companies running their own cloud products (eg OVH)...
Exactly, those large users can afford to dedicate teams to configuration and deployment of OpenStack. For smaller organisations there is no click-and-play, as there is (was) with VMware. OpenStack is a huge learning curve when virtualisation technology isn't your core business.
I guess if the dealer is getting out of the market there's no need for "first ones free" offers anymore. Like with early Windows, we could play at home for free and learn about all these great new toys, then take them into the workplace and get our employers to pay big bux for them. Classic 1...2...profit!
It'a a pity OpenStack never made it as a product. From 2020 (https://forums.theregister.com/forum/all/2020/10/22/openstack_at_10/):
"Last time I looked, OpenStack was still a science project. You get a bag of bits (very nice bits, certainly), but putting them together to make a working virtualisation environment takes a lot of time/effort/knowledge. Compare with VMware, which "just works" (though they're trying their best to break it with every new release), and you can be spinning up VMs through a nice-ish GUI within minutes of installation. OpenStack needs to be a product, not a technology..."
Don't think much has changed.
The thing is, you pay for an ad-free experience. then eventually they start showing ads to paying customers[1] too, just to keep the price down[2].
I'm conflicted, as people need to earn a living, and content/hosting isn't free, but overall I think this is another "nope", as the money will likely go to the wrong people.
[1] Well typically if you're seeing ads you're their product.
[2] aka increase their profits
"The bigger picture view: iOS, iPadOS and Android have shown that immutable OS deployment and image-based update distribution works, well, in the field, at vast scale, on devices with no local tech support. This stuff is out there today and used by literally billions of people. It works."
And for an applicance, that's great. I have an iPhone and a PS5, and am quite happy that they're locked down and managed, because I just want them to work.
But I also want to be able to learn and develop, and this march to "closed" systems is making the barrier to entry higher and higher. How long before Windows gets locked down to make loading unapproved "apps" difficult? Can't be far off that now. And it seems Linux is hot on it's heels. Will I need a vendor-supplied SDK to develop my own software?
"So go get the source and build it yourself." Yep, that certainly works today. Until I need to get the bootloader signed by MS for it to run on any modern hardware. And it won't be able to connect to the internet because it won't have the necessary certificates.
Ok, I'm being a bit pessimistic, but there are people out there who would approve of this.
I see where they're going with this, but I hope they don't lose sight of the biggest USP of the Pi - the ability to tinker with hardware via GPIO on a cheap (throw-away) module. PCIe is hardly a hobbyist accessible interface, and by the time you've added M2 SSDs etc. and made this a (pretty decent, if still minimal) ARM PC, you're not going to want to be poking wires into it.
I'm sure they've run the numbers and know that a lego-kit PC is probably going to sell better than a souped-up microcontroller, but learning about the nuts and volts is something we seem to be losing out on these days </grumpy old man>
> Oh wow. How does that work? Surely forcepoint doesn't have the root certs for all certs? How can it replace all certs in one swoop so all https connections from a company PC are compromised?
They (my employer, the company that owns the kit) installs their own CA by group policy (these devices are locked down tighter than a gnats chuff). All https connections are intercepted by the Forcepoint proxy, which generates and presents a server certificate for the site being accessed. The client (browser) sees this as valid, as it's signed by an installed CA, and makes the HTTP request. The Forcepoint proxy checks the request against its naughty list, and if ok, makes the request out to the real site. The response passes back through the Forcepoint proxy, which scans it for naughty words and naked aardvarks, and if you're lucky, passes it back to the client (browser).
I think they bypass this for some know sites like the big banks, presumably to avoid liability if anyting goes wrong, but I wouldn't use the work kit for anything like that anyway (which is fine by them).
> In the second situation your connection is encrypted, and only readable by that specific website. No way for anyone else to listen in.
Except that isn't true. It only needs *one* of the many CAs to have leaked, or allow, their root cert or an intermediary to be used by a person with interest and they can m-i-t-m *any* site by issuing their own cert for it, on the fly. Heck, that process is standard practice in corporate environments (the certificate for every site I visit on our corporate kit is signed bt Forcepoint). At this point https is pure security theatre.
(Sorry, that's not an elephant, really...)
> This, or real-time (or faster) video encoding for every targeted advert they insert into the playback stream, which is computationally expensive, and thus expensive in terms of hardware and power usage in a data centre.
Too many years ago, a "friend" signed up with a usenet provider that specialised in binary newsgroups, possibly easynews. I was quite impressed that they generated zipfiles of the selected, er, "articles", on the fly as you downloaded them. Back then I thought that was computationally expensive. I don't have a problem believing that real-time splicing of a pre-encoded, but dynamically selected, ad bitstream into an outgoing video stream would be too big an ask, and that allows tailoring right down to the individual.
> I suspect the ads would exactly have to match a "gap" in source video to avoid having to re-encode the next chunk of that (until the next video 3 minutes later).
The odd time I've been unfortunate enough to witness ads on Twitch (which makes it doubly unfortunate), they didn't seem to mind splatting them over the stream regardless of the content.
I've always been curious why the ads aren't burned in to the video stream on YT. The technology to do this certainly exits, and they would be unblockable and unskippable, so the reason must be commercial.
Don't get me wrong, I'm not suggesting this as a solution (and it's fairly likely someone at YT has thought of it already...), and if they ever did implement it my YT hours would drop from negligible to nil. Maybe that's the reason - there is nonzero value to the borg in having me watch the occasional Big Clive or Photonic Induction video, and nonzero x 10^100 buys a lot of yachts...
I dislike having certain "dangerous" commands in the history, in case a little bit of lag, or jitters on the arrow keys, causes them to reappear at an inconvenient time. I tend to do things like:
# mv important-sounding-dir xyzzynosuch
# rm -rf xyzzynosuch
Or
# bash +o history ## new shell with no history retained
# dd if=/dev/zero of=/dev/sdb
# exit
Of course I've still had several ohnoseconds over my ${too_many} years in this game. That's why I'm quite keen on backups...
