* Posts by Jusme

104 publicly visible posts • joined 18 Dec 2007


Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections


Re: Never understood certs

> Oh wow. How does that work? Surely forcepoint doesn't have the root certs for all certs? How can it replace all certs in one swoop so all https connections from a company PC are compromised?

They (my employer, the company that owns the kit) installs their own CA by group policy (these devices are locked down tighter than a gnats chuff). All https connections are intercepted by the Forcepoint proxy, which generates and presents a server certificate for the site being accessed. The client (browser) sees this as valid, as it's signed by an installed CA, and makes the HTTP request. The Forcepoint proxy checks the request against its naughty list, and if ok, makes the request out to the real site. The response passes back through the Forcepoint proxy, which scans it for naughty words and naked aardvarks, and if you're lucky, passes it back to the client (browser).

I think they bypass this for some know sites like the big banks, presumably to avoid liability if anyting goes wrong, but I wouldn't use the work kit for anything like that anyway (which is fine by them).


Re: Never understood certs

> In the second situation your connection is encrypted, and only readable by that specific website. No way for anyone else to listen in.

Except that isn't true. It only needs *one* of the many CAs to have leaked, or allow, their root cert or an intermediary to be used by a person with interest and they can m-i-t-m *any* site by issuing their own cert for it, on the fly. Heck, that process is standard practice in corporate environments (the certificate for every site I visit on our corporate kit is signed bt Forcepoint). At this point https is pure security theatre.

(Sorry, that's not an elephant, really...)


> Have they considered that anything the "good guys" get on Monday, the "bad guys" get hold of by Friday?

The Friday before, that is...

Privacy advocate challenges YouTube's ad blocking detection scripts under EU law


Re: I've always been curious...

> This, or real-time (or faster) video encoding for every targeted advert they insert into the playback stream, which is computationally expensive, and thus expensive in terms of hardware and power usage in a data centre.

Too many years ago, a "friend" signed up with a usenet provider that specialised in binary newsgroups, possibly easynews. I was quite impressed that they generated zipfiles of the selected, er, "articles", on the fly as you downloaded them. Back then I thought that was computationally expensive. I don't have a problem believing that real-time splicing of a pre-encoded, but dynamically selected, ad bitstream into an outgoing video stream would be too big an ask, and that allows tailoring right down to the individual.

> I suspect the ads would exactly have to match a "gap" in source video to avoid having to re-encode the next chunk of that (until the next video 3 minutes later).

The odd time I've been unfortunate enough to witness ads on Twitch (which makes it doubly unfortunate), they didn't seem to mind splatting them over the stream regardless of the content.


I've always been curious...

I've always been curious why the ads aren't burned in to the video stream on YT. The technology to do this certainly exits, and they would be unblockable and unskippable, so the reason must be commercial.

Don't get me wrong, I'm not suggesting this as a solution (and it's fairly likely someone at YT has thought of it already...), and if they ever did implement it my YT hours would drop from negligible to nil. Maybe that's the reason - there is nonzero value to the borg in having me watch the occasional Big Clive or Photonic Induction video, and nonzero x 10^100 buys a lot of yachts...

GNOME Foundation's new executive director sparks witch hunt


Re: It's not a witch hunt.

Teletype KSR33 or bust :)

<old git>I programmed my first computer using a hex keypad and rotary switches to load the instructions into RAM</old git>

Workload written by student made millions, ran on unsupported hardware, with zero maintenance


I'm curious...

Exactly what crucial financial parameter needs to be read over GPIB? That's more about reading volts and amps from electronic test gear isn't it?

Scripted shortcut caused double-click disaster of sysadmin's own making


Re: cd /tmp && rm -rf *

I dislike having certain "dangerous" commands in the history, in case a little bit of lag, or jitters on the arrow keys, causes them to reappear at an inconvenient time. I tend to do things like:

# mv important-sounding-dir xyzzynosuch

# rm -rf xyzzynosuch


# bash +o history ## new shell with no history retained

# dd if=/dev/zero of=/dev/sdb

# exit

Of course I've still had several ohnoseconds over my ${too_many} years in this game. That's why I'm quite keen on backups...

Ten-day optical burst shows star eating giant planet, scientists say


Is that you Galactus?


America ain't exactly outlawing gas cars but it's steering hard into EVs


Re: Change can happen quickly...

"I’m people, and I want an electric car, so does my wife"


Or do you actually want a means of transporting yourself, your cohorts and your chattels from A to B cheaply and conveniently?

Most people don't really care if their vehicle is powered by dead dinosaurs, angry atoms or unicorn farts, they just want "a car", and today, the ICE is generally the best fit solution for that problem, and the BEV isn't.


Re: Current EV battery technology is unsustainable

Batteries are crap.

If battery technology had advanced the same rate semiconductors, magnetic media and networks have over the last decades we'd be flying across the Atlantic on a pack of AA's by now. The fact that it hasn't suggests it won't, it certainly isn't for the want of trying*. Your phone battery lasts so much longer now not because the battery is so much better, but because the electronics are. Unfortunately it still takes the same amount of energy to move a tin can and it's contents now as it always did, and always will, so there's little other scope for improvements to the range.

There's also the problem of charging, even if a perfect battery existed. The filler hose at your local supermarket delivers the equivalent of around a megawatt of power while it's dispensing fuel. That's a lot of amps and a lot of volts to get the same energy delivery in a short time. Electrical things with megawatts on their nameplates tend to live in locked rooms with big warning signs, for good reasons, not out on the high street for anyone to play with.

* Unless you think Big Bad Oil has been keeping it hidden for all this time, which requires strong metallic millinery to believe**

** Unlike the much more plausible conspiracy that Big Bad Oil has been suppressing it's real enemy, nuclear, by funding FUD for 50 years...


Re: Change can happen quickly...

"Change can happen quickly...If there is a structural or a monetary imperative"

Actually I think that's exactly wrong. Trying to coerce people into something they don't really want is, at best, a slow process. The reason ICE vehicles took over from horses so quickly was because people wanted the freedom they gave, despite their initial limitations. The huge demand fuelled their mass production, and provision of the infrastructure to support them. There was no "government incentive" to get an ICE vehicle, people *wanted* them.

Compare with those abhorrent CFL lamps that they tried to push on us a few years back. They may have had a lower energy consumption than incandescent lamps, but in every other way they were significantly worse. People didn't really want them, so they had to be forced on us, by banning incandescents and subsidising their production, and by getting the energy companies to supply them to disinterested customers and add the costs to their bills. Then along came viable LED lighting. *Poof* CFLs (and finally incandescents) were history. No incentives or laws needed - they are actually better than the alternatives, and people wanted them.

People don't really want electric cars. They may have lower emissions at the point of use (but it's not clear if their total environmental impact is actually that much less than ICE), and they are generally inferior in most other respects (cost, range, choice...). Unfortunately there probably won't be an "LED" moment for personal transport. Barring a 10-fold improvement in battery technology, which is unlikely at this point, or development of a safe suitcase-size fusion reactor, which is still pure sci-fi, the only solution to the very real problem of fossil fuel exhaustion is a significant reduction in the availability of personal transport. This will most likely happen by pricing them off the roads, as "cheap" ICE vehicles are outlawed and only those who can afford BEVs will be able to enjoy the freedom of personal transport. People won't like that.

OVHcloud opens up Bring Your Own IP service for IPv4 failover


An IPv6 block...

...should be a /48. Anything smaller is doing it wrong.

IPv6 address: Prefix 6 bytes (/48), subnet 2 bytes, interface 8 bytes (/64).

Red Hat signals Intel's software-defined silicon will debut in Linux 5.18

Black Helicopters


> But if you are giving it away with the GPL why not just enable it in the first place?


> So hell the how can the Linux devs review this to include it? Will the source code have all the details in the Git headers/comments?

I strongly suspect the kernel code is nothing more than a channel from user-space to the hardware, which will be used to send encrypted keys that will have as-yet undefined purposes (but likely, as suggested, enabling features in return for extra £, DRM etc.).

Given the prime movers of this (Intel, IBM), I also strongly suspect it is intended to be of more benefit to corporate users than us proles.

Windows XP@20: From the killer of ME to banging out patches for yet another vulnerability


> They're there to run Quicken 2004, never found a better substitute for that

gnucash does a fair job, I think it was written to emulate the original Quicken, before it became cr@pware. It can (or at least could) import your Quicken data.

Microsoft turns Windows Subsystem for Linux into an app for Windows


Re: Found a shortcut

> No need for all this WSL nonsense, it's just a solution for a non-existent problem.

It solves a very real problem (for Microsoft): how to keep corporates paying for Windows licences when their workloads are slowly-but-surely moving to Linux...

Config cockup leaves Reg reader reaching for the phone


I thought that was plusnet...


I'm sure ex demons have a few tales to tell though (floor SWL exceptions and ice lollies spring to mind...)

Good times, long gone :(

Hacking the computer with wirewraps and soldering irons: Just fix the issues as they come up, right?


Re: Wire-Wrap Gun?

> RSI? We shopped at Farnell.


The RS rep at Uni was a snobbish prat who didn't think students should get copies of their catalogue, or be allowed to order directly. Luckily by that point I already had a Farnell trade account (set up by a friendly rep when they noticed how much I was spending with them), and regular free copies of their catalogue (back when the catalogue could double as building material). They were rewarded with plenty of business sent their way after graduation. At one point I even had a better credit line on my personal account than the company I was working for, due to some issue over payment terms, so had to put a large order through on expenses!

Pity they've now been taken over by a corporate conglomerate and don't seem to be as efficient as they used to be. Nothing lasts, nothing lasts...


I'd hire him...

Reads to me that "Matt" actually did a heroic job working around the problems caused by broken hardware:

"The reason that the reported fault address had been incremented to the next instruction was that the machine had actually executed the instruction, using whatever noise was on the memory bus at the time the instruction executed."

CentOS Stream: 'I was slow on the uptake, but I get what they are doing now,' says Rocky Linux founder


"Kurtzer said that Microsoft, which issues the certificates, had delayed things"

Do these words not make anyone who cares about open and free software a little bit worried?

The fact that _Microsoft_ have total and absolute control of what you are allowed to run on your hardware?"

The may well be playing sort-of fair at the moment (but still dragging their feet and griefing a legitimate project), but they can raise the barrier whenever they want.

And don't say "secure boot is totally optional, so it doesn't matter". It's a very small step to it becoming mandatory in the current paranoid climate...

Rocky Linux release attracts 80,000 downloads as ex-CentOS users mull choices


Sorry but...

...RedHat have poisoned the well. Next move will be away from them, not to another pretender.

Openreach to UK businesses: Switch is about to hit the fan. Prepare for withdrawal of the copper-based phone network now or risk disruption


Re: The future is coming

> > To counter that, we'll all need ~~big batteries~~ bike powered generators to backup our household electricity.

Filthy great (and small) diesel generators more like


Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model



...two (or more) processes that are running code I control can communicate with each other, but because this is done through an inefficient/unintended/undocumented feature it somehow "breaks the OS security model"?

I'm not big on MacOS, but I would assume it provides shared store/sockets/pipes, and possibly other methods of proper IPC, between co-operating processes?

Yes, malware could use it as an unofficial/untracked channel, but at the point where you have code doing that you've got much bigger problems already.

House of pain: If YAML makes you swear, shout louder – the agony is there for a reason



...bastard sibling of python. Love-children of the scented chip-fat smoking top-knot brigade. The the sort of "languages" I'd invent as a kid before understanding more formal methods. Full of inconsistencies and hacks to make them more generally useful. Unfortunately they'll probably take over the world by sheer weight of numbers.

(Well I got more upvotes than down last time I posted that, just about.)

George Clooney of IT: Dribbling disaster and damp disk warnings scare the life out of innocent user


Re: Sun fun

We used to have an in-house CAD system that was launched from a shell script on our Sun network. The program was rather flaky, and crashed frequently. Some comedian <cough> modified the launch script to detect a crash exit, and then play a random sound clip from a small selection (bomb exploding, toilet flushing etc.). My favourite was a clip from Jeff Wayne's War of the Worlds CD "And suddenly, the lid fell off".

Penguin takeover: We tried running some GUI Linux apps on Windows the official way – and nothing exploded


I worry...

...that this is how Microsoft are going to monetise Linux and Linux applications via their enterprise agreements. I can see a rule in large enterprises that the base OS must always be Windows, suitable licensed and paid for, even if you have mission-critical Linux applications to run. No native Linux allowed (ner ner Red Hat...)

It also perhaps explains why the Wayland display server has been pushed so hard in some quarters...

Something went wrong but we won't tell you what it is. Now, would you like to take out a premium subscription?



I've seen that on certain brand of managed switch. Thought it was a clever anti-hacker device too, but given the general competence of the rest of the UI I think not.

Another annoyance is sites with ridiculously short activity timeouts, that then fail the first attempt to log back in after gratuitously congratulating themselves on protecting you.

Stale cookies FTW.


Liar, liar, pants on fire

"Network problems are preventing connecting to Microsoft Exchange"

No, the network is fine, the Microsoft Exchange server is a smouldering pile of virtual ash...

OVH flames scorched cloud customers with pledge to build data centre fire simulation lab


SBG1 data centre status in doubt again

If you look at the site layout, it would be awkward for SBG1 to remain while SBG2 is demo'd and rebuilt. As SBG1 looks half toast anyway, moving any remaining kit elsewhere seems sensible, even it it's into more containers north of SBG4. Of course they may still call that "SBG1"...



helloSystem: Pre-alpha FreeBSD project chases simplicity and elegance by taking cues from macOS


Re: Further simplicity and ease of use...

> So I'm guessing it's some sort of ruby application

Yep, ruby is in there too, but I have half an idea what that one is.

The application is RedHat Satellite.

I find it strange that some of these off-the-wall names seem fine (perl, python, apache, yum...) whereas others really grate (celery, trousers, candlepin, pulp, ...).

Probably Grumpy Old Man syndrome.


Re: Further simplicity and ease of use...

Currently running:

hammer, foreman, rake, celery, candlepin, pulp, squid, passenger_helper

A virtual prize if you can guess the application. (s)OT as it's not exactly a desktop, but does illustrate the ministry of silly names was in full session.

CentOS project changes focus, no more rebuild of Red Hat Enterprise Linux – you'll have to flow with the Stream



Looks like our next tech. refresh will be onto a different distribution.

Actually, that might not be a bad thing, as RedHat seem to be royally buggering up RHEL by taking away useful, simple and working things and replacing them with new, complicated and broken ones (systemd, ntp, ... ).

OpenStack at 10 years old: A failure on its own terms, a success in its own niche


Re: "platform that is easy to use, simple to implement"

Last time I looked, OpenStack was still a "science project". You get a bag of bits (very nice bits, certainly), but putting them together to make a working virtualisation environment takes a lot of time/effort/knowledge. Compare with VMware, which "just works" (though they're trying their best to break it with every new release), and you can be spinning up VMs through a nice-ish GUI within minutes of installation.

OpenStack needs to be a product, not a technology...

Microsoft will release a web browser for Linux next month. Repeat, Microsoft will release a browser for Linux – and it uses Google's technology


Re: Does anyone want this?

Microsoft. They want this.

They can see a shift to Linux, and want to make sure they can still keep getting their eye-watering licence fees for Windows. Hence WSL etc.

"Oh, $bigcorp, you're thinking of moving to Linux. Well how about you run all those nice Linux apps on Windows instead, for a very unreasonable fee, and we'll let you keep your MS partner status..."

AI in the enterprise: Prepare to be disappointed – oversold but under appreciated, it can help... just not too much


AI Is snake oil

I once wrote a simple "bot" to act as a CPU opponent in an on-line game. It had various levels of ability, from playing purely random (but legal) moves, to analysing the game state and making the move most likely to result in a win, but tempered with a varying degree of randomness. It worked very well - most human players were really impressed by this "AI" opponent, especially when a random move appeared to be "inspired" gameplay.

I've recently taken (well, was forced to take) a course in AI and neural networks. It convinced me that even the experts in this field don't have a clue how it works, and just keep turning up the complexity dial until they get acceptable results from the test data. A big mistake they seem to make is then extrapolating these results to new inputs - at a small distance outside the training set it can look quite convincing, but the further the real-world data gets from the training set the worse the results, up to the point where RNG would be just as effective.

A further mistake is to mis-represent what their AI baby is doing. "This model recognises numbers". No it doesn't - it has absolutely no concept of "numbers", only a set of arbitrary shapes that it has been told to classify into specific buckets that we call "numbers". Show it a shape that any human would instantly (and yes, sometimes incorrectly) recognise as a number - e.g. a stylised 7-segment numeral or a heavily cursive one, and the AI would fail. "So it just needs more training data...", but that's not how human intelligence works - we can recognise numbers, with great accuracy, in forms and contexts we have never seen before. This "AI" is nothing but a poor, over-complicated, incomprehensible pattern recognition algorithm. A decent engineer could do a much better job at number recognition by writing a proper pattern-recognition algorithm, but that is hard work and needs skill. The "AI" solution just throws lots of data at a block box until it gets good enough results to satisfy test criteria, no skill required. The mistake is to then apply this outside the limited domain of the training dataset and expect "computer" accuracy (i.e. believe it 100%). Intelligence is not a brute-force game, it's much more subtle.

Phew, good to get that rant off my chest :)

In the frame with the Great MS Bakeoff: Microsoft sets out plans for Windows windows


This seems appropriate...


If you wanna make your own open-source chip, just Google it. Literally. Web giant says it'll fab them for free


Re: VHDL's still a verbose horror, then.

I much prefer schematics, though in the hardware community it seems that's a bit like saying you prefer to program in LOGO.

HDLs are great for the core function blocks (state machines, counters, logic etc.), but for me nothing beats a proper diagram* showing how it all connects together. It also keeps you mind on the structure and physical implementation too - doing it all in HDL can lead to "writing code" syndrome, where one forgets it's not a programming language.

* Not the "tangle of gates" kind of schematic spat out by synthesis tools, or the "component library" flavour with pages of boxes with no interconnecting lines, just labels on the pins. A good schematic should be a work of art, but nobody got time for that these days, especially at modern hardware complexities.

Lockdown endgame? There won't be one until the West figures out its approach to contact-tracing apps


Wrong answer

This is the wrong answer, because:

It's a technical solution to a medical problem. The only long-term solution is a vaccine. In the meantime, we either destroy our society or have thousands die. A tough choice, and at the moment we seem to be managing to do both.

It assumes a sufficient %age of the population have suitable hardware, and are willing to, and capable of, using this "app". Unlikely.

The chances of developing something reliable and effective on this scale at such short notice, even for these rock-star organisations, is minimal. There will be bugs, and security flaws. It will be pwnd by $badguys.

It's a prime example of how so many see technology they don't understand as "magic", and assume that magic can solve any problem, because it's magic, isn't it...

Oh Hell. Remember the glory days of Demon Internet? Well, now would be a good time to pick a new email address


Re: Sad to see it go


My sign-up letter was signed by Giles Todd.

The past really is a different country...

Stob's vital message to Britain's IT nation: And no, it's not about that


Ob. xkcd


"Bacofoil millinery faction" - stolen...

Beware the three-finger-salute, or 'How I Got The Keys To The Kingdom'


Re: Back in the day...


But the location of the break key was top-right, not top-left like wot I rote.


Back in the day...

...we had many Sun servers. Being cheapskates, we didn't endow them with the customary (and rather nice, for the time) Sun CRT and keyboard - they were only for workstations. Instead they had some ancient ICL serial terminals pressed into service for local consoles.

Now these ICL serial terminals had an interesting key layout, with a "break" key on the top-left, conveniently placed immediately above the return key and to the right of the backspace key. Pressing the "break" key, as one would expect, generated a serial-line break condition. Unfortunately these early Sun servers interpreted a serial line break on the console port as a "break to monitor", immediately and unconditionally halting the running OS (SunOS 3), and somewhat degrading their role as file servers or whatever. If you were quick, typing "cont" would restore normal operation, if not...

Yes, I pressed it by accident. And learned to type "cont" very quickly. As did others, who weren't so familiar with the foibles of this setup. By the time they'd typed a few *nix commands into the monitor, figured things weren't quite right, and called someone over, it was too late to safely just continue (as we discovered the hard way), so a full reboot, and fsck, was required - usually most of an hours downtime.

Fun times...

Who's that padding down the chimney? It's Puma, with its weird £80 socks for gamers


Well I'm all for a game of footsie...


Quic! Head to the latest Chrome version and try out HTTP/3



Well it seems well intentioned, but given the parents of this innovation (Google and Cloudflare - wannabe owners of the internet) I'm not sure this is a Good Thing.

Also, if QUIC/IP is replacing TCP/IP, shouldn't that be implemented in the OS, rather than every application? I can imagine a world where there are dozens of buggy, incompatible implementations, so browser X won't talk to site Y. Oh... isn't that handy..........

Rolling in DoH: Chrome 78 to experiment with DNS-over-HTTPS – hot on the heels of Firefox

Big Brother


Another notch... so soon


Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month

Big Brother

Another click on the ratchet

Data channel locked down with https, DNS locked down with DOH, content locked down with DRM. Emails rejected unless they come from one of the big providers. Barriers to entry erected. Only Big Business allowed to play soon.

It's not the internet any more Toto, it's Cable TV Mk2, with a credit card reader as a viewing card.

Paranoid? Maybe. True? We'll see...

Devs slam Microsoft for injecting tech-support scam ads into their Windows Store apps


I see the problem right here...

"programmers who use Redmond's Advertising Software Development Kit (SDK) to display ads in their apps"

Pot, meet kettle...

Uncle Sam wants to tackle bias in algorithms by ordering tech corps to explain how their machines really work


Well that's AI fsck'd then...

Not that it'll ever happen.

Slow Ring Windows 10 fragged by anti-cheat software in the games you're playing at work, says Insiders supremo


WTF is a Slow Ring???



Oh, an alpha release...

<crawls back into my box>

Behold, the world's most popular programming language – and it is...wait, er, YAML?!?


Makes me pine for the days of XML...

yaml, bastard sibling of python. Love-children of the scented chip-fat smoking brigade.

They're the the sort of "languages" I'd invent as a kid to solve a particular problem. Full of inconsistencies and hacks to make them more generally useful. Unfortunately they'll probably take over the world by sheer weight of numbers.

Now please vacate my lawn, it's getting dark.