* Posts by Sam Liddicott

541 posts • joined 5 Apr 2007


Take your pick: 'Hack-proof' blockchain-powered padlock defeated by Bluetooth replay attack or 1kg lump hammer

Sam Liddicott

Re: Blockchain

That could describe what they did, but how about a replay attack?

Perhaps you meant challenge-response using a private key.

Ooops that could also be a known-plaintext attack to reveal the private key.

So while it could be done, even by depending on a private key, you also accidentally also specified a failing system

Sam Liddicott

Re: Confessions of a bolt cutter

Possibly they were of the belief that he served their interests and not the other way around.

Microsoft to pull support for PHP: Version 8? Exterminate, more like...

Sam Liddicott

Another server configuration that PHP runs on termed WIMP for good reason, and it DOES have windows in it.

FTP is crusty and mostly dead, right? AWS just started supporting it anyway

Sam Liddicott

Good. FTP doesn't require that either the file source or destination be the control client.

Control client C can coordinate a transfer from server A to server B

In Rust we trust? Yes, but we want better tools and wider usage, say devs

Sam Liddicott

The biggest problem with rust is 3rd party library authors (or authors of wrappers) lying about ownership transference for those cases where Rust can't work it out -- thus undermining all the guarantees of rust.

That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed

Sam Liddicott

Are these bugs deliberate?

It's clearly a programmer error - it's not valid to call that function without valid credentials!

At least that's the sort of response I get when I report bugs.

I reported today how bash's printf %q format can leave a dangling unused backslash which voids the whole safety benefit of %q

Apparently it's a programmer error to expect to use %q as advertised.

It's not safe to use a truncating size specifier with %q e.g. %.8q

It could be made safe, but why bother for "a programmer error"?

I don't think these sorts of bugs are deliberate but I know others do.

Oh Hell. Remember the glory days of Demon Internet? Well, now would be a good time to pick a new email address

Sam Liddicott

Re: Sad to see it go

I believe the spelling is:


I have it on good authority

What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out

Sam Liddicott

Re: JS lib house of cards - you ARE the weakest link!

I remember this being a problem for Microsoft just over 20 years ago with an exploitable libtiff having been statically linked into their apps.

Your mission, should you choose to accept it, is to save data from a computer that should have died aeons ago

Sam Liddicott

worse than an Acorn electron

Worse than an acorn electron - an 8 bit CPU on a 4 bit data bus -- which pretty much ruined it.

25 years of Delphi and no Oracle in sight: Not a Visual Basic killer but hard to kill

Sam Liddicott

Re: Pascal has always been great

I wrote a device drivers in turbo pascal to work with a windows Delphi app.

Its job was to pre-register client handles with windows csmapper so that apps could regisster with card services (pcmcia) *after* windows had started (csmapper was intednded only for clients that loaded before windows started).

There was quite a bit of dpmi stuff going on to ensure that callbacks occured in the correct virtual machine (if there were dosbox clients running under windows).

Turbo pascal didn't lack anything C could do.

Blame of thrones: Those viral vids of PC monitors going blank when people stand up? Static electricity from chairs

Sam Liddicott

Re: For extra fun ...

And how many men are you?

When is an electrical engineer not an engineer? When Arizona's state regulators decide to play word games

Sam Liddicott

Re: It's all in the 'title'

I was taught that a "professional" is one in whom gross misconduct or dishonesty could of itself bar them from effective participation in their profession.

That is, their integrity is gone, not merely that a registration board has de-listed them.

Who would hire a software engineer found guilty of inserting back doors without their employers knowledge? Or who would lie on a passport form? If you can't trust their word, you can't trust their work.

Hence, a professional being trusted to sign a passport form because of what they have to lose if they lie.

That code that could never run? Well, guess what. Now Windows thinks it's Batman

Sam Liddicott

Re: writing a variable twice.

Until you learned (which I didn't until decades later) that you could treat page 0 as being an array of 256 registers.

Brexit bad boy Arron Banks' Twitter account hacked: Private messages put online

Sam Liddicott

Re: "Twitter [...] have broken GDPR rules"

That sounds like an argument for partial revocation of human rights.

Madame guillotine also waits for you, citizen Robespierre, by your own argument.

Sam Liddicott

Re: "Twitter [...] have broken GDPR rules"

These are they same people who think that the vote to leave the EU shouldn't apply to them; cousins of the "not my president" bunch.

Many self identify as liberal and democratic; and get angry with those who don't enable their pretense.

Sam Liddicott

Re: "Twitter [...] have broken GDPR rules"

They know that voting against something doesn't make the result inapplicable to them.

Something that many remainers apparently don't understand,

Sam Liddicott

Re: Re:because it's exactly how these people think.

no actual quotes follow...

When the IT department speaks, users listen. Or face the consequences

Sam Liddicott

Re: Beautiful

It was possible even in DOS well before Windows 95 with the "join" command.

Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching

Sam Liddicott

Re: Fixing the symptom…


How many OS do you know of that sort the results of readdir?

That would require the OS to either read all of the filenames before returning any of them, or that the FS maintain an order, and most FS do not.

Sam Liddicott

Re: Fixing the symptom…

And what locale or collation rules? Is a before B?

Boris Brexit bluff binds .eu domains to time-bending itinerary

Sam Liddicott

Re: Brexit

To be fair, we should have had a vote on joining the EU in 1992.

if the voters who have lamentably aged 27 years in the intervening period could have voted then, we would have to be in this mess now.

Oracle demands $12K from network biz that doesn't use its software

Sam Liddicott

Re: "Palmer believes Oracle is billing the wrong entity"

The anger is because the minimum licence quantity is 500

Sam Liddicott

Single user license?

Try getting a single user licence and you will find that you can't.

The minimum quantities for 500 users when I last checked.

I think the business plan when is to go for small businesses who won't need a 500 user licence but will have some employees that will run the add-on anyway.

Combine that with the fact that the licence conditions may vary over time, I believe a legitimate use can become an illegitimate use and subject to the licence.

In Hemel Hempstead, cycling is as bad as taking a leak in the middle of the street

Sam Liddicott

Re: At werdsmith.

I see what you did there.

Nice demonstration!

Canonical adds ZFS on root as experimental install option in Ubuntu

Sam Liddicott

Re: The SFC can kiss my taint...

So that those who care about copyright and/or respect the law can also have nice things.

(A license is permission).

'Numpty new boy' lets the boss take fall for mailbox obliteration

Sam Liddicott

Re: 100% honesty 90% of the time

and modulate it

Behold, the world's most popular programming language – and it is...wait, er, YAML?!?

Sam Liddicott

Re: Proppa language bruv

Where do you place ASCII with C?

Chinese Super Micro 'spy chip' story gets even more strange as everyone doubles down

Sam Liddicott

Re: A Matter of Trust

True dat!

Too many people feel the need to come to a premature conclusion, and get very choppy with Occam's razor to help them do it.

They consider that extraordinary claims require extraordinary evidence and then chop away, not thinking of the extraordinary value that they might be chopping away for want of a little patience.

Oracle? On my server? I must have been hacked! *Penny drops* Oh sh-

Sam Liddicott

Hacker installed Oracle and then dobbed you in for the reward money

Surprised it hasn't happened yet... or has it?

Click your heels, um, mouse thrice and you've quickly got Ubuntu on Hyper-V in Win 10 Pro

Sam Liddicott

As soon as "seamless mode" is supported I can ditch virtualbox

Vodafone cops ads rap over Martin Freeman's vanishing spaceship

Sam Liddicott

Re: They're all the same speed

speed means data rate in this conversation.

The DSL data rate need not be related to the peering data rate, and on a badly managed ISP may be much less

In a similar way, a 5 lane driveway between the front door and road won't reduce your journey time to the Sainsbury's even though the 5 line driveway is in your control.

IPv6: It's only NAT-ural that network nerds are dragging their feet...

Sam Liddicott

My printers "google-print" module mysteriously wouldn't work until I disabled ipv6 on the printer.

ZX Spectrum reboot latest: Some Vega+s arrive, Sky pulls plug, Clive drops ball

Sam Liddicott

Re: What we need

> And only putting three registers on the 6502 was just dumbfuckery of the highest order.

> Shame on Peddle!

Once we decide something is not worth knowing about, we lose the opportunity to find out we are wrong.

I used to have that view, but years later found out that 6502 page zero access was treated specially and very fast, effectively giving another 256 registers.

Sitting pretty in IPv4 land? Look, you're gonna have to talk to IPv6 at some stage

Sam Liddicott

Re: Never!

> NAT is *not* a security feature!

and yet it successfully prevents unwanted external access for so many users, while permitting desired external access through uPNP and NAT helpers.

Have you tried pushing an unexpected connection through a NAT router?

Early experiment in mass email ends with mad dash across office to unplug mail gateway

Sam Liddicott

Re: Groupwise

Despite the Precedence: junk

header that Unix systems had been using for years.

Sysadmin sank IBM mainframe by going one VM too deep

Sam Liddicott

At one point British Telecom called # "gate" much to the bafflement of every single one of their customers.

Declassified files reveal how pre-WW2 Brits smashed Russian crypto

Sam Liddicott

Re: Paranoia and hot pockets

I hope you start writing for el Reg -- I mean not just in the comments section

Official: The shape of the smartphone is changing forever

Sam Liddicott

Re: Wouldn't it be nice ..

the case -- that makes your phone really thick again but without increasing the battery life.

Why don't they attach a flip front cover to the battery case which is thicker because it has more battery?

Microsoft Edge bug odyssey shows why we can't have nice things

Sam Liddicott

Malicious compliance

I'm waiting for the other side of the story to show up in Reddit's malicious /r/MaliciousCompliance

Google-free Android kit tipped to sell buckets

Sam Liddicott

Re: What do people want in a smartwatch?

"tells the time" <-- wooden bobbins, I tells ya!

My list is:

* time-travels you to whatever time you want it to be -- never be late again!

* charges "Instantly" by time-travelling after charging back to the point at which it need charging

* split-time heirloom mode where on the death of the first heir it time-travels back to be inherited by the second heir (using the diagonal slash rule to cope with any number of heirs and sub-heirs).

* time travel shopping - buy a holographic anti-gravity translator combination from etsy-bay in future end-of-line close-out sales at bargain prices

Devuan ships second stable cut of its systemd-free Linux

Sam Liddicott

Re: Storm in a teacup

Devuan is here, get over it.

Don’t talk to the ATM, young man, it’s just a machine and there’s nobody inside

Sam Liddicott

Re: "Don't talk to the ATM..."

"Perform a U-turn where possible"

Not unless you say please

OnePlus 6: Perfect porridge? One has to make a smartphone that's juuuust right

Sam Liddicott

Re: Qi Charging

I haven't found a better value phone since my Elephone P9000.

As you say it's usually wireless charging missing, and it's a must.

How many ways can a PDF mess up your PC? 47 in this Adobe update alone

Sam Liddicott

Re: Well...

For those who want to try it: Lazarus-ide using FPC (Free Pascal Compiler) https://www.lazarus-ide.org/

VMware to finally deliver full-function HTML5 vSphere client

Sam Liddicott

I hope they show network interfaces in a consistent order instead of randomly.

What a mesh: BT Whole Home Wi-Fi users moan over update

Sam Liddicott

Mine fails to even notice some devices on the network. They can use the network but don't show up in any admin screens as being on the network.

Also, although it claims to have timed blocking rules, but there is no default blocking rule, so any blocked person simply changes their mac address to avoid blocks.

Telegram still won't hand over crypto keys it says it does not store

Sam Liddicott

They keys are online

The keys can be found in the library of babel. https://libraryofbabel.info/ just point FSB to that.

(Probably equivalent to paying a fine in pennies)

BoJo, don't misuse stats then blurt disclaimers when you get rumbled

Sam Liddicott

-50% / +100%

The Boris figure is right to within -50% +100%.

The actual amount is only an issue to those who don't care about the principle at stake.

The EU cost could reasonable be as high as £660M per week: http://www.brugesgroup.com/blog/costs-and-liabilities-associated-with-the-european-union.

But even if there were some idiots who somehow thought the referendum was on an NHS budget increase of precisely £350M per week, there were plenty of others who actually read the question on the ballot paper before voting.

Even if the figure were not in dispute, as it was not on the ballot it would be part of the budget, debated in parliament (Gina Miller and the remainers would like that) and in fact could still be granted even now!

On the other hand, Ted Heaths lies were lies in principle, not of quantity, but none of those remainers who get so very excited about "lies" care about that, it was before their time!


The new, new Psion is getting near production. Here's what it looks like

Sam Liddicott

Re: No Google?

Is it a phone, though?

TalkTalk plans to bail on mobile in major shake-up for beleaguered biz

Sam Liddicott

This explains why TalkTalk recently increased their Mobile rates; perhaps they wish to make the business look more attractive with higher projected Revenue.

I used it as an excuse to bail out of the contract and move to ID.



Biting the hand that feeds IT © 1998–2020