* Posts by Displacement Activity

361 posts • joined 2 Jun 2008


Dozens of Iranian media websites devoured by the Great Satan, apparently

Displacement Activity

Get a grip, Reg

Your readers are fairly technical. So:

  • How did the websites get taken down?
  • How did a .tv site get taken down?
  • Are domain registrars based in the US subject to some US laws we should know about?
  • Does the US think it has control over .com and .net domains?
  • It appears that Verisign agreed to transfer ownership of .com and .net domains without the authority of the current owners. Should we all bail out of .com and .net?

And so on.

And, while you're at it, maybe an opinion on the meaning of 'truth' and who polices it.

When software depends on a project thanklessly maintained by a random guy in Nebraska, is open source sustainable?

Displacement Activity

Here is a list of open source components shipped with MS products: https://3rdpartysource.microsoft.com/

That's impressive. But it would be more impressive if large parts weren't 'Redistributed OSS', bits for Android, and so on.

God bless this mess: Study says UK's Christian beliefs had 'important' role in Brexit

Displacement Activity


Dear Reg,

it would make life a lot more interesting for us poor readers if we could vote on the story itself, rather than the opinions of other commentards (which can be, to be frank, a bit dull and irrelevant).

So, how about it? Please make sure to include a wide range of alternatives including, for example, "Study authors are deluded morons who are seeking to legitimise their own simplistic prejudices by writing a load of bollocks".

Spy agency GCHQ told me Gmail's more secure than Microsoft 365, insists British MP as facepalming security bods tell him to zip it

Displacement Activity

Re: O365 but not as you know it


it's "provided for all the cloud working capabilities", but "only within an enclosed environment".

Surely that's an oxymoron?

Someone defeated the anti-crypto-coin-mining protection for Nvidia's 'gamers only' RTX 3060 ... It was Nvidia

Displacement Activity

Re: Gamers also have to contend with bots and scalpers looking to make a profit

I'm on XPlane! Sort of, anyway - it's unusable on i7/Intel UHD. I can't get 2080 cards. There are some UK retailers with expensive 2060s, and there are a couple of good 2060 results on the speadsheet, so maybe I'll go for that.

Displacement Activity

Re: Gamers also have to contend with bots and scalpers looking to make a profit

Anybody spending megabucks on gaming is truthfully trying to "keep up with the jones" and show off, rather than be into "hyper competitive gaming".

Actually, no. I've spent the last couple of months trying to get any graphics card that will give me a decent frame rate on a flight sim. You can't buy anything for love or money. Not really "gaming", but I imagine the shoot-em-uppers have the same problem.

European Commission redacts AstraZeneca vaccine contract – but forgets to wipe the bookmarks tab

Displacement Activity

Re: Substituted Article 5 (page 11)?

Interesting. Are 5.1 and 5.4 inconsistent? Unfortunately, I got the scanned version on Friday. I can't find a link to the pdf version anywhere in the article or the comments. The scanned version is absolutely clear, though - the commission hasn't got a leg to stand on.

Also pretty astonishing that there are 140+ comments and only 2 or 3 people appear to have read it. The rest is just noise.

The killing of CentOS Linux: 'The CentOS board doesn't get to decide what Red Hat engineering teams do'

Displacement Activity

Re: So?

You forgot number 0. Give everything away to Bill Gates.

LibreOffice rains on OpenOffice's 20th anniversary parade, tells rival project to 'do the right thing' and die

Displacement Activity

Re: But Office365 is free!

Really? Details appreciated. I'm on 2010 because the cheap 5-licence 'Home and Student 2010" appears to allow far more than 5 installs. Still, not keen on the cloudy bits.

We've heard some made-up stories but this is ridiculous: Microsoft Flight Simulator, Bing erect huge skyscraper out of bad data

Displacement Activity


Back in the day (20 years?) I could land on the roof of the Willis Tower in Chicago on the MS flight sim. Moved on to a better sim.

'We stopped ransomware' boasts Blackbaud CEO. And by 'stopped' he means 'got insurance to pay off crooks'

Displacement Activity


"Like a lot of companies, we get millions of intrusion attempts a month and unfortunately one got into a subset of our customers and a subset of our backup environment."

Curious that Blackbaud lost my school data and my university data. Seems like this subset may be rather large.

Intel's 7nm is busted, chips delayed, may have to use rival foundries to get GPUs out for US govt exascale super

Displacement Activity

Can't see it...

TSMC now has 2(?) Fabs in mainland China. Ok, Intel's masks would probably never get beyond Taiwan, but I can't see the PRC connection helping.

And Philips must have been kicking themselves for the past 30+ years, after bankrolling TSMC and then walking away.

Teardown nerds delve into Dell's new XPS 15 laptop to find – fancy that – screws and user-serviceable parts

Displacement Activity

Re: HP Microserver Gen8/Gen9 and their failiing NAND chips used for iLO system monitoring.

Hadn't heard of the flash problem, but I reckon GenX in general is pretty much done. Gen8 excellent, I had to give away my Gen9 after it bricked, Gen10 ok but too much cost cutting. Pity.

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer

Displacement Activity

Re: General concern

The UK has the class system

You've been watching too much Monty Python. I have spent decades working in British engineering and have never seen any form of discrimination based on 'class'.

Hey, Boeing. Don't celebrate your first post-grounding 737 Max test flight too hard. You just lost another big contract

Displacement Activity

Re: El Reg, a little reporting accuracy??

And, of course, airlines around the world have been regularly flying maxes to boneyards.

You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS

Displacement Activity

Don't get it...

They've built an SDR TCAS, which is not really interesting. To get it to do anything, they have to get it *close* to an approaching aircraft - it's physically impossible to pretend to be close, without the next-gen faster-than-light SDR2. And, if they have managed to get their kit near an approaching aircraft, then the target aircraft should get out of the way anyway. There may be some limited mileage in putting it on the ground, spoofing their altitude, and hoping that they can persuade passing aircraft to gently ascend or descend.

Note that 'security' doesn't mean authentication here. ACAS uses 64-bit messages. The Wikipedia article makes the point that it can't be extended to even 128 bits because it would then be too slow to handle high-traffic scenarios.

The only interesting thing here seems to be the comparison of Python and C++.

Belief in 5G conspiracy theories goes hand-in-hand with small explosions of rage, paranoia and violence, researchers claim

Displacement Activity

601? Seriously?

They surveyed 601 people. So how many loons did they find? 6? 10? Seems a pretty poor basis on which to be writing papers and drawing multiple correlations. Or are they perhaps running out of grant money?

RetroPie 4.6 brings forth an answer to 'What do I do with this Pi 4 I bought last year?'

Displacement Activity

Re: Pi 4 mouldering?

+1 for effort. Got my 4B about a month ago. Loaded lots of software, and it worked great until I tried to plug an audio DAC on, which is what I got it for. It now pretty consistently fails to boot.

So, it's mouldering in a drawer, while I try to find the time to (a) work out what the power management firmware updates are all about, or (b) send it back during lockdown and hope for the best.

Academics: We hate to ask, but could governments kindly refrain from building giant data-slurping, contact-tracing coronavirus monsters?

Displacement Activity

Are we still reporting 'letters from academics', then?

While you're at it, I would rather like to hear Bob Geldof's view. And perhaps Lily Allen.

Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends (and something about privacy)

Displacement Activity

Re: what the f*ck is a "sidewalk"?

Weird. I was going to post with title "WTF is a sidewalk", or possibly crosswalk. Any Why TF do I always have to do it more than once??

Anyway, fixed it in my current website. The contact form justs asks the user to answer a very simple (technical) question, and there are several valid one-word answers. Anyone who's on the website and wants to contact me will know the answers, and I don't want to speak to anyone else.

High-resolution display output or Wi-Fi: It seems you can only choose one on Raspberry Pi 4

Displacement Activity

"mini computer" != "minicomputer"


I've still got my copy of Mick and Brick, which was the bible of bit-slice (and mini) design. On p259 a '16-bit time-sharing CPU' is described as the heart of a 'minicomputer'. Even more bizarrely, I've still got the handbook for the Varian 72, which I used in an early job, published in March 74. It describes itself as a 'minicomputer'.

OTOH, a 'mini computer' is just a miniature computer.

In more recent news, I'm just about to get a Pi Zero...


Stallman's final interview as FSF president: Last week we quizzed him over Microsoft visit. Now he quits top roles amid rape remarks outcry

Displacement Activity
Thumb Down

Linux; sod GNU

Been using Unix since the 80s, on V7, I think. I'm currently running 7 different flavours of Linux. Over the years I've come to the conclusion that the one thing that has really screwed Linux, and kept it as a backwater (if you ignore Android, of course) is... Stallman. I presume he was a moderately competent programmer, since his name is on Yacc and, I think, bits of emacs. Maybe he should have left it there.

Ex-Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury, Feds allege

Displacement Activity

He got caught because of "service provider records that point to Kvashuk", and because he used a device with a "specific device identifier"? Seriously? What a plonker.

And Microsoft pays $116,000 (£93K) for a testing job? WTF? You'd think they could produce some useful software for that sort of money.

And I'm not quite sure what the problem is with having assets of $1.76M on a salary of $116K. That's a multiplier of 15, which doesn't sound like it's completely out of the question. Unless you're a banker, of course, in which case it's way too low.

ReactOS 'a ripoff of the Windows Research Kernel', claims Microsoft kernel engineer

Displacement Activity
Thumb Down

@Lee D: really? @ReactOS: WGAF?

"Reverse engineering those "affected" files in the normal way would easily reveal private symbols".

Please explain how you would get macro names out of this process. I assume the code is in C, in which case the copiler doesn't even see the macro names, as per, 6.2.1, etc.

@ReactOS: Anyone who has the extraordinary lack of imagination which would be required to reverse-engineer and copy a Microsoft kernel deserves everything they get, and more.

Dev's telnet tinkering lands him on out-of-hour conference call with CEO, CTO, MD

Displacement Activity

Yes, alpha particles

<nerd mode>

Cosmic rays cause soft errors in memory chips and general circuit failures. At sea level, 'cosmic rays' are primarily high-energy neutrons. Neutrons are uncharged, so don't themselves cause circuit upsets. However, when they're captured in a nuclei in a circuit element, they produce charged secondaries, including alpha particles, which do cause circuit upsets. See https://en.wikipedia.org/wiki/Soft_error#Cosmic_rays_creating_energetic_neutrons_and_protons, for instance.

</nerd mode>

Amid Trump-China tariff tiff, Cisco kit prices to resellers soar up to 25%

Displacement Activity


"Chinese-built components coming into the US" are almost certainly assembled PCBs and systems, and are unlikely to be anything with any significant IP attached.

I've been with companies (in the UK) who have outsourced assembly to China for 35+ years. Everybody who does this has always lived in fear that they'll be ripped off and their IP will be stolen. The upside is maybe 50% off your end-user price, and the downside is potentially losing your IP and your market completely.

Whatever Trump does or doesn't actually say or believe, if anything, it's a fair bet that everyone in the electronics business (outside China) is breathing a sigh of relief, whatever they say in public. The dust will settle eventually, and the end result will either be that the Chinese start to play ball, or that manufacturing will return on-shore. Both of which are Ok by me. Sure, the US will take a hit short-term, but that's someone else's problem.

Nokia reinstates 'hide the Notch' a day after 'Google required' feature kill

Displacement Activity

Re: Can't make sense of this.

And... umm... what is a 'notch' anyway?

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Displacement Activity
Thumb Down


And what if you have set up DNS to route *only* 'www.foo.com', or *only* 'foo.com', to your server?? This isn't particularly unusual - my local hardware shop is 'www.woc.com'. 'woc.com' isn't routed and doesn't work. So, go there with Chrome, and you think you're on 'woc.com', which doesn't exist. Or does Google want to run DNS as well?

Those tossers have already achieved the impossible, which is to make me start using MS's excuse for a search engine. Chrome is next on the delete list.

Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer

Displacement Activity

Not really news, and How To Screw Maps

I've been using Google exclusively for 15+ years without problems. Then, a couple of months ago, they started swamping my searches with ads. Not just at the top - mixed in throughout the search results, even when I'd clicked the invisible 'hide ads' button, making the real results unusable. Really, really dumb ads, and all for the same thing - say, 8 different ads for Dubai hotels, all on the first page of results. The connection? I had *flown* over or through those places, with a maximum stay of a couple of hours, over the last year or so, with maps turned on. Seriously. I've never been to Jersey, but flew over at 35,000ft, and got pages of ads on camper van hire in Jersey. In case I crashed, presumably.

My fix is to to dump Google. MS has screwed me in thousands of ways, but their search engine hasn't quite got to this level of stupidity. And duckduckgo if I can be bothered.

RIP: Sinclair ZX Spectrum designer Rick Dickinson reaches STOP

Displacement Activity


So long, Rick. We spent many happy nights in the Baron after work, along with Jim and Dave, and occasionally Clive, back in 80/81. If there's a bar where you're going, get me one in.

BCC is hard, OK? Quite a lot of orgs blurted your email addresses in GDPR mailouts

Displacement Activity

Re: BCC is actually slightly hard

Sounds like mine is pretty much the same - also for a kid's club I helped to run (small world!). I've got an extra level of security - everyone gets their own club address, and has to post through a proxy, which modifies all the mails so that no-one ever gets a 'real' outside-world mail address. It never uses BCC, of course - it's far too wooly.

Displacement Activity

BCC is actually slightly hard

I've written a mass mailer, which uses anonymised addressing. The main confusion is that your mail program talks to the rest of the world over SMTP, which knows nothing about "BCC". Quick overview here:


Comp sci world shock: Bonn boffin proposes P≠NP proof, preps for prestige, plump prize

Displacement Activity

Re: "And P=NP is completely irrelevant to crypto in general. "

Posted by someone with absolutely no understanding of the subject they are posting about.

Curiously, I'm probably the only person writing here who works in precisely what I was writing about, full-time.

Displacement Activity

Current cryptography assumes P≠NP?!

And at the following link:

Ask many computer scientists what happens if P = NP and you'll get the response that it will kill cryptography.

Really? Knowing that there's a class of problems that are harder to compute than to verify isn't going to affect public-key crypto. That will only be affected by one specific problem: the difficulty of deriving a private key from a public key, ie. the ease of factorisation. Everyone knows that factorisation is currently difficult, and that everyone is working on it, and that quantum computers can handle it (already, but only for small numbers) with Shor's algorithm. Whether or not P = NP will make no difference; it's already known that public-key is dead in the longer (or shorter) term.

And P=NP is completely irrelevant to crypto in general. There are already lots of practical systems around the world sharing private keys using provably-secure quantum mechanics, with no public key anywhere. Ok, I know that some people reading this won't agree that something is provable because they can't prove it themselves, but still not P=NP.

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

And knowing where to look...


Ergo, any trust infected was still running it's own improperly configured separate mail system in preference to using the centrally provided NHS Mail system (nhs.net)

I'm not sure that this actually came in by mail. There was an IBM guy on Radio 4 this morning saying that they'd scanned a billion (literally) mails and hadn't found any with the original infection. Is the source for the mail infection angle just one statement from Telefonica?

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

I have an application that can run only on Debian 5 (it's being phased out). A good part of it are kernel modules... etc

Sorry, but your post makes absolutely no sense. I really hope that you're not involved in NHS commissioning.

Displacement Activity

Re: One lesson to be learnt frin this (was Wormable holes)

@Richard 12

If you airgap it, how do you get the images off? Today, things like X-rays and MRIs etc.pass the images etc. into your records and can be seen on screens throughout a hospital. Making them only available on a few screens near the MRI etc. is pointless.

Don't airgap it; open one port, and write an app that retrieves images. Transer with standard sockets code; it's trivial, and the comms can be done in a couple of hundred lines of standard C.

And you wouldn't even think about running this on XP, or Win10, or whatever, and using SMB.

Displacement Activity

Re: Eh?

Microsoft provided the patches to those who had contracted for support of XP. No hoarding.

Errr... the point is that MS pointed the finger at the NSA for hoarding. MS selectively disclosed, and the NSA selectively disclosed. No hoarding.

Just in case Microsoft didn't understand: intelligence agencies and hackers all round the world spend their life looking for zero-days, for their own reasons. How MS can then blame them and whine that they're 'hoarding' is beyond me. F***tards.

Sophos waters down 'NHS is totally protected' by us boast

Displacement Activity

Re: Fault?

Obsolete OSes and timely application of patches are one issue, but this could just as well have been a zero-day.

Sooner or later you're going to get an infection inside your network. What you want is (a) to detect it quickly, (b) to limit the spread, and (c) to allow the affected parts to be wiped clean easily.

Well, yes, but you omitted the fundamental problem - don't, by default, assume that your computers have to be on a network. They don't. And, if they do, don't just share everything on SMB/whatever.

Whoever decided that an MRI scanner/X ray machine/whatever had to talk SMB should be fired. It would take a day to knock up a program to transfer X-ray images over a basic sockets connection, and another week to turn it into a client/server app to find and return any image.

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

Displacement Activity

Re: Biggest problem is the apostrophe

Hello AC1 what wrote the apostrophe thing, nice to meet you.

I should probably warn you that meating AC0 may not be a nice thing to do, and is probably illegal.

Displacement Activity

Re: Biggest problem is the apostrophe

@AC: +1 for assisting Mr. Stiles with his enema. However, I would like to point out that 'spelt' *was* probably appropriate (anywhere outside the US, anyway).

And I have to wonder whether anyone defending JS has actually used it. It's an extraordinary mismash of the obscure, esoteric, and downright inane. It was knocked up in a weekend (Ok, more or less), and has been constantly added to ever since. And, whatever you write, there's always some tosser somewhere who'll refuse to run it because you clearly intended to break out of their browser and trash their system, despite your inability to access any files.

Still, on the plus side, there won't be much competition from Stanford graduates in the jobs market.

TCP/IP headers leak info about what you're watching on Netflix

Displacement Activity

Re: Stating the obvious

That's not how it works. The connection is HTTPS, so the secret key is specific to the browser session, so it's not the same as matching "up the flashes around your curtain upon scene changes". The flashes will be specific to the viewer.

Silverlight/DASH/VBR produces specific sequences of video segment sizes, which can be extracted from the headers. Apparently.

And, more interestingly, someone is still using Silverlight.

SVN commit this: Subversion to fix file renaming after 15 years

Displacement Activity

I actually use both

Here's the thing: one's distributed, one isn't. If you're writing a Linux kernel, distributed is great - 20,000 people get their own complete repo, and mess it up to their heart's content, and you never expect to hear from 19,950 of them ever again.

In the average dev environment, you want that like a hole in the head. You want one centralised repo, and you need to enforce discipline. git can more or less do that, eventually, but it's difficult, and it's not the git way (how many git users even know what a bare repo is for?)

I have to deal with someone who does fixes and adds features by cloning a git repo on his local machine, with the master being his previous local clone, and who very infrequently pushes anything remotely. I then have to try and work out WTF is going on and then merging myself. That would never, ever, happen in an svn enviroment.

I've also used RCS, CVS, Clearcase, and Perforce. For my money, svn does the job, and it's intuitive, and easy to learn. For the right project Perforce is also a good choice, if you've got the money, and someone to read the manual and do the difficult bits.

Why is the Sinclair ZX Spectrum Vega+ project so delayed?

Displacement Activity
Thumb Up

Good on you, Clive...

The complete 70's retro experience for only £100. Brilliant idea. I think I'll personally give it a miss, though - I was sat in Sinclair HQ the first time around, and that was enough for me.

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

Displacement Activity

Re: Lots of shouty, no content

I've just scanned it as well, but I can't find anything of any value. It even explicitly states "Note that the focus of this paper is not measuring the security state of specific JavaScript libraries. Rather, our goal (and primary contribution) is to empirically examine whether website operators keep their libraries current and react to publicly disclosed vulnerabilities". The technical content on vulnerabilities appears to be zero.

Java? Nah, I do JavaScript, man. Wise up, hipster, to the money

Displacement Activity

Re: @wolfetone

"What do you think all those new fangled hipster bootstrap/angular/ember/FOTM.js GUIs are querying? Protip: it ain't C. "

Errr.... protip++... yes it is. Maybe not for you but, in my case, Bootstrap/JS querying C++ and some plain-old-C. The code that implements the CGI/JSON/etc stuff is tiny and trivial compared to the rest of the app, and those SQL APIs generally start life as C anyway.

And, if you want real money, you'll get twice as much with a Maths degree/C++/Matlab as you will with Java.

And, if you're currently delivering pizzas, you're a lot more likely to make money with JavaScript than with Java.

Firefox 52 kills plugins – except Flash – and runs up a red flag for HTTP

Displacement Activity

BBC flash


Go to news.bbc.co.uk, find a vid, right-click, confirm you're on flash.

Go to http://www.bbc.co.uk/html5, opt in to HTML5.

Reload your vid, should now be on ContinuousPlayPluginHTML. Tested of FF 51.

Google's Chrome is about to get rather in-your-face about HTTPS

Displacement Activity
Thumb Down

Follow the money

1 - Google charges for TLS on inbound connections;

2 - Google is a prime mover behind 'TLS Everywhere', and is now starting to factor this into page rankings;

3 - (Google's) Let's Encrypt certificates prove exactly nothing except that you have control of the server for which the certificate was granted (you only have to post stuff on it to get the certificate);

4 - Bad People control their own servers anyway, so can trivially get their own certificates; MITM is therefore irrelevant on these sites

95% of sites have exactly *no* reason to worry about whether someone is forging their site, or whether there's a MITM somewhere in the connection. So, Google is screwing us, and we have to pay the price by dicking about with TLS on our own sites, and keeping certificates up-to-date, and trying to ignore pointless warnings, and handing cash to them if we're stupid enough to host with them.

Stallman's Free Software Foundation says we need a free phone OS

Displacement Activity

"Have you forgotten that GNU provide the GNU tools, you know, all the userland stuff for Linux, available for many other UNIX's as well ?"

Errr.... I'd be a lot more impressed if they hadn't taken a huge amount of *existing* free software, and rewritten it simply because they disgreed with the definition of 'free'.

Samsung set a fire under battery-makers to make the Galaxy Note 7 flaming brilliant

Displacement Activity

"placing anodes and cathodes in locations where they were likely to come into contact"

Doesn't seem to have happened, judging from the limited summary you're printed. Different parts of the negative electrode may have touched each other. The negative electrode touched the "positive tab". If the actual electrodes had touched, it seems pretty unlikely that affected batteries would have survived any attempt at charging.



Biting the hand that feeds IT © 1998–2021