* Posts by Colin Guthrie

117 publicly visible posts • joined 18 Apr 2007


Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user

Colin Guthrie

Policy can still let you down

I remember a while back that I found a several years old bug in the policy file for a tool called sectool which was a RedHat thing. It's policy file ultimately gave all users the right to do things as root. So install a package to audit security and it messes up your security! Fun times.

Polkit is handy overall tho'. Gives flexibility to run a restricted set of tasks very cleanly with defined API on the system/user buses (speaking to appropriate daemons running as other users etc). It's pretty clean (from a usage perspective) generally even if the JS interpreter might seem like overkill. Running commands via the CLI is just one use case for polkit - sudo certainly can't do 90% of what polkit can. The same policy mess up I found (which was pre the big polkit rewrite IIRC) could have just as easily been a file packaged in /etc/sudoers.d/ folder.

Job ad for designer proves its point with MS Paint shocker

Colin Guthrie

Re: Polygraph Examiner

"Oh, what can it mean to a daydream tea-leaver and a Homecoming queeeeeeee eeeen?"

Asus Zenbook UX31E

Colin Guthrie

No 256GB SSD in the UK

It's really annoying as I have been waiting for this laptop for several months - one of the few that match my requirements for screen res and size etc.

Sadly the primary problem I'm seeing is that the SSD is just too small. 128GB is not bad, but I've been using 160GB for a while and it's a tight fit as it is, so dropping 32 gig is no mean feat!

While the 256GB SSDs are offered in other countries, you just can't get one in the UK model (I asked Asus directly and there are no current plans to offer a UK keyboard layout with 256 SSD). Such a shame :( I would certainly like to know if I can upgrade it in the future if I did opt for the smaller drive.

Samsung outs MacBook Pro lookalike laptop

Colin Guthrie
Thumb Up

Quite nice...

... although I don't like the large keyboard... I'll use my lappy with an external keyboard for any kind of serious data entry. Hopefully the smaller version will have a smaller keyboard.

So it's maybe between this and the new ASUS UX21 then I guess.... :)

Apple paid $2.6bn of $4.5bn Nortel patent grab

Colin Guthrie

Sue for what? Originality?

Sue them for what? Not using round numbers? That would be new depths of low even for Apple's legal department!

You've clearly never been in a bidding war before. Using odd numbers or "a little bit more" is extremely common. Our house buying system in Scotland is based on the "Offers Over" scheme. When bidding you pretty much make up your mind about what you want to pay, say £230k then "add a little on" just in case someone else bids £230k. Of course everyone does this, so you try and think of *something* original such that someone's £230,001.00 bid doesn't gazump your bit of £230,000.01... e.g. £230,012.34 or similar.

So this is quite standard practice.

Major overhaul makes OS X Lion king of security

Colin Guthrie

Can you point me to the Canonical commits....

.... that implemented ASLR in the kernel (or in userspace)? I wonder of those "Canonical commits" came from people with @redhat.com email addresses.... that would be weird if they did, wouldn't it.?

As a disclaimer, I have no idea who actually did implement ASLR in the kernel, just that I strongly suspect it wasn't Canonical.... their record of kernel contributions are shockingly low generally (David Henningsson's and other Canonical folk's recent sound related fixes in the kernel have been very much welcomed tho' :))

Google location tracking can invade privacy, hackers say

Colin Guthrie

I'm getting a bit sick of all the "let's get annoyed about this" sheep...

I've been a pretty vocal privacy advocate for a while, but I'm really struggling here...

Google is doing something via Android, but (as shown above is ensuring the user is asked first.

Google used to do this via Street View cars but messed up and "accidentally" logged actual data. If they'd just tracked location+MAC I doubt it would be a massive problem.

Skyhook used cars to log location+MAC

So why is Google being berated for it's actions here? The wifi-slurp aside, I don't really see the big deal. I mean if they used a camera on their car to read the big numbers you carefully affix to your front door and map the location to the numbers would that be evil? These numbers are something you "broadcast" via visible light frequencies after all. Is that really any different to broadcasting your MAC's via non-visible frequencies?

If you are that privacy concious then either find a wifi system that doesn't broadcast a MAC or use wired Ethernet (and don't forget to remove the numbers from your front door too!).

I take privacy very seriously, but this is something you are consciously broadcasting. If you don't like the fact that someone is picking up that broadcast then don't do it in the first place.

I'm sorry but all the furore over this issue is just crazy and smacks of people getting annoyed because that's the cool thing to do these days, without really thinking about it for ten minutes.

I'd like to see all these uber-nerds who are up in arms about Google slurping data immediately stop their SETI@Home systems because, let's face it, it was slurped in the same way... what's the difference?

Microsoft: IE9 not yet 'broadly' available

Colin Guthrie

Just curious...

...what proportion of Firefox's updates were automatic ones initiated by the browser itself? If you compared the *manual* Firefox downloads to the IE9 downloads that might be a fairer comparison?

Ten... wireless keyboards

Colin Guthrie
Thumb Up

My Recommendation

By far and away the coolest and slickest wireless keyboard I've seen is the Logitech diNovo Edge.

It's perfect for the living room PC, albeit a little on the pricey side, but works great with the PS3 even if I do use it with my Media PC (XBMC+MythTV) these days rather than the PS3

Open sourcerers port media centre to iOS

Colin Guthrie


Hand in your Geek Card. You need to jailbreak to get VLC these days. The official App Store model is incompatible with the GPL license of the VLC codebase and it was removed. If you already have it installed, then good for you.

I just hope that this kind of tablet+TV architecture will help push XBMC into a more MythTV architecture. I use both media systems for the bits they do best, but much prefer the frontend of XBMC, while loving the backend/PVR capabilities of MythTV. For me the ability to install several frontends for MythTV trumps the fact that XBMC is essentially a standalone architecture. So a shared metadata database and video/music/image-source's for accessing it from any XBMC frontend would be an awesome upshoot from these developments :)

Doctor Who to marry Doctor Who's daughter

Colin Guthrie

Peter Davison missed the.....

.... "I always wanted my daughter to marry a Doctor" line!

BT fibre-up-your-exchange poll in 6-way Mugabe style pileup

Colin Guthrie

Couldn't vote

I couldn't vote as I don't have a landline. I complained to BT and the guy "talked me through" the process right up until the point where I had to enter a land line number which is when he went "Oh. Hmmm".

Christians vs metalheads in FB flame war

Colin Guthrie

Social Media does not Cause Social Change... discuss

This article in the New Yorker seems particularly relevant to this:


It discusses how all major social change has been connected to strong ties and that social media such as Twitbook and MyFace etc. are really weak ties and thus don't involved real social change. Obviously this doens't apply at small-scales as in this case, but it's still an interesting opinion.

Apple files patent for iPad weight loss

Colin Guthrie

How much...

...would ir reduce the weight of an iPad, in grammes and %age?

I would have through the real weight in the device was not the case, but rather the screen and battery...

Internet Explorer 9 preview thinks inside box, outside browser

Colin Guthrie

Sunspider cheating

I'm surprised an article about IE9 today does not cover the "sunspider cheat" controversy of yesterday.....

The terabyte iPad is coming

Colin Guthrie


When Memristors become reality, it will totally change "flash storage" (not sure it would technically still be "flash", but certainly it would be solid state.

Not only will the capacity increase dramatically for the same form factor end units, but the memristor itself can be "reprogrammed" as a "dynamic CPU" to execute discrete logic functions autonomously. Use it for long term storage, short term storage (it's quick enough) and for discrete calculations!

It will totally change PC architecture, from CPU through L1/L2 caches, through system RAM, through backing store.

At least that's what the marketing blurb says... Hope it will happen :D

Facebook Places checks in to UK

Colin Guthrie

Privacy settings are confusing


Privacy settings:

Places I check into * Friends Only.

* (and people nearby).

So, erm "Friends Only" in this instance means all the people "nearby" too? Not nice.

Bye-bye to bizarro bye-laws, says UK.gov

Colin Guthrie

I propose...

...that we pass a local by-law in "Vultureville" that spell and grammar checks should be performed prior to publication:

"They has also been, as safety valve" : WTF?

Mozilla Thunderturkey and its malcontents

Colin Guthrie

The problem is not at the client side

The real problem here is not really with the client. Yes TB eats ridiculous amount of memory but it's serves me fairly well. The problem IMO is that the functionality it's trying to include is at the client side..... and that's wrong.

Yes, sync and store capabilities for offline access is fine too, but for me the it's the server side that should index and catalog my mails - the client side should simply download and cache that index rather than redoing the work.

The Google Mail approach to storage is IMO best. There is no such thing as "folders" really, just labels that can be exposed as folders. I think that this concept itself is a winner but MUAs need to be aware fo this so as not to download (and locally index) the same message twice).

Really views should be much smarter. My contact lists (and the cateogries I put my contacts in, work, family, friends etc) should be exposed as virtual folders. I should be able to click on my 'Family/Joe Bloggs' "folder" and simply see all the mails that were sent to or from (in a nice threaded manner of course). If I click on 'Family/Jane Bloggs' "folder" then this would show all the mails to or from Jane (whcih may also include some of the same messages that were in the 'Joe' "folder".

By making the client side dumber, the same virtual hierarchy can be presented to me via my thick MUA client I like to run on my desktop, or via the thin and reduced version I run via webmail etc.

Folders are dead, we need semantic storage at the server side, and clients that can leverage this to it's full potential.

When this happens, thunderbird and other MUAs will start to suck less.

I'm lost without Google Wi-Fi snoop

Colin Guthrie
Thumb Up

SSID/MAC + Lat/Lng is OK in my book

I think the publicly broadcast bit of the WIFI snooping is perfectly acceptable. I mean I have these big numbers on my front door and there is this bit sign at the end of the road... I see it no different to that.

The logging of the actual data is a big no-no, but I can see how wireshark could have been set up in this way quite easily and provided they are held to account on this part, I'm perfectly happy.

But overall, I don't really see what the fuss is about.

Want nips like church coat pegs? Click here

Colin Guthrie
Thumb Up

Don't you mean that "nipples are *back* in"?


Google's WiFi snoop - who knew and who didn't?

Colin Guthrie
Jobs Halo


Didn't Apple buy a company that basically did *exactly* this when it developed it's CoreLocation technology? I though CoreLocation was able to use Triangulation, GPS, and WiFi hotspot MACs to try and work out where it was.

I fail to see why this venture by Google is bad mmm-kay whereas the system bought by Apple is somehow OK?

I'm not legitimising either company, but I personally do not feel that MAC+Location is something that is private. I broadcast it. I've chosen to do this. If I don't want someone looking at my TV then I have to close my curtains and the same is true of my wireless network. If I don't like it, then I'll turn it off and plug in instead.

I can't have it both ways.

Ubuntu 10.04 triumphs over GRUB bug

Colin Guthrie

Good descriptiong of "Development Cycles"

I've been quite surprised that several articles talk about the X server problem and this Grub problem as if it's somehow strange or amazing. This stuff goes on all the time in development release cycles. Maybe the QA in Ubuntu is lacking and these issues didn't crop up until quite late in the day, but it's hardly "news" that Ubuntu has a bug in Xserver or in Grub, it's just part of the cycle. Do you put out a headline for every issue submitted to their bug tracker? No, so why mention these two specifically.

Seems like another nice bit of polish from the Ubuntu team but while they continue to bastardise standards and encourage application developers to roll their own UIs rather than work with a standard system (the whole desktop notifications debacle), they wont get my vote.

Megan Fox not world's sexiest woman: Official

Colin Guthrie

You must be....

You must be new here.

Epic Fail: How the photographers won, while digital rights failed

Colin Guthrie

What about the degrees of opposition to the opposition?

What you fail to point out properly is that the opposition to the opposition of clause 43 was several orders of magnitude less.

It's like saying that there was an eating contest where Bill had to eat a dozen cheeseburgers while Ben had to eat a dozen aeroplanes and then saying that Bill had won because of his better organisation and planning.

Facebook stands up to UK.gov's cyberbullying

Colin Guthrie
Thumb Up

Why are there no Facebook groups *against* the button?

There are several pro-button groups but no anti-button, pro-education groups?

It'll take a well worded intro and group description to promote it, but perhaps someone from El Reg should step up to the plate and write such an opening gambit?

Flat-pack plug designer wins top award

Colin Guthrie

Plug-Off in 3.... 2..... 1. Go!


Facebook faces Home Sec over lack of 'panic button'

Colin Guthrie

Jim Gamble is a nutjob

I've listened to interviews with him on the radio and he's a complete tosser. He is completely tunnel visioned about the effects this button would have and he completely misses the point about online security.

This button doesn't solve anything. It just gives parents some a completely false sense of security about their childrens' online activities.

A "panic" button? Who the hell would literally sit there in their own home, in front of their own computer and literally "panic" that the evil person is going to get them? If you are stupid enough to go meet them and they turn out to be a nonce, *that's* the time to panic. Where is your stupid button then Jim?

Honestly, stop peddling us this bullshit line and put your resources into doing something actually useful to protect children, like better education and training in schools.

SSD tools crack passwords 100 times faster

Colin Guthrie

Salty goodness

@Tom I don't think they are trying to login, but rather taking the encrypted hash of the password and ultimately working out what password would be needed to generate that hash.

If this is the case, they are suggesting the use of a lookup table here (which makes sense as seeking in the lookup table would be faster on SSD). Does that mean that the hashes they are trying to crack are not salted? Salting generally makes lookup tables useless due to the explosion of combinations needed.

US must redesign killer hot dogs

Colin Guthrie

Are you choking? Theres an app for that...


Stats boss slams Tory use of crime figures

Colin Guthrie


They do expand on it, it just wasn't written/reported here. Basically in the past it was up to the police to decide what made a crime violent, but now the person reporting the crime ultimately decides if it's violent - or something like that. Ultimately it's gone from being an educated judgement to having hard and fast (and encompassing) rules. Arguably this change makes the numbers more robust, but it did mean the figures shot up.

Colin Guthrie
Thumb Down

Did anyone hear Grayling on the Today program?

I don't know how that guy can sleep at night... he basically said "Yeah it's wrong but everyone's doing it so we're not going to listen to the big warning about misrepresentation and misrepresent them anyway." What a knob.

Draconian new electoral laws for South Australia?

Colin Guthrie

Article fail!

Public outcry and perhaps a small dose of common sense means this "law" has already been repealed (or at least the promise to repeal retrospectively)


This was all known at the time of your article was published.....

Now do I post this scathing comment on El Reg's journalistic integrity under AC..... :p

UK BitTorrent admin acquitted on fraud charge

Colin Guthrie
Thumb Down


I think you missed the point of Ally J's post.... /me hopes you're not in a jury anytime soon :p

2016 bug hits Windows phones

Colin Guthrie

A HEX on all your houses!

This is the work of witches I tells you!

The year of twenty 0x10 is upon ye!!!

Colin Guthrie


I suspect that someone "fixed" the y2k problem and used a HEX (base 16) number to store the date. This has worked fine for 00 through 09, but once 10 comes along that is 16 in base 10. Could be something as simple as that.

English language falls to the Slashdot effect

Colin Guthrie


So "unfriend" is meant as a verb here - i.e. the *action* of removing someone from your friends list... I worry that it will be come an noun: unfriend; an enemy. Once that falls into general usage, there will be no need for the word enemy any more... If you really dislike someone, then could become a plusunfriend..... and we can reserve a special phrase for global villains like Osama, Sadam or Blair: doubleplusunfriend.

I for one welcome our new doubleplusfriends.

Mandriva flashes its small aggressive penguin

Colin Guthrie


Sounds like you were using Kbuntu rather than Ubuntu, which is quite widely known to be pants. If you really want a fair fight, like for like, then a Mandriva Gnome vs Ubuntu would be fairer... but then who wants to fight fair :D

Colin Guthrie
Thumb Up


OK, so I'm biased, but this is a really sweet release! I'd urge anyone who has not used Mandriva for a while, or those who are stuck in a 'buntu muddle right now to take the latest incarnation for a spin :)

Early adopters bloodied by Ubuntu's Karmic Koala

Colin Guthrie

@Tristan: Notifications

I'm not an Ubuntu user, but it was my understanding that the notification system was introduced last release? I have to agree with you overall tho'. While the graphics on notify-osd are really pretty (and macslow is one of the best graphical OS coders out there - following his blog is a treat and he's a very nice guy to talk to too), but the decision to not support the "actions" part of the notifications spec is IMO a seriously bad decision on Shuttleworth's part. Their guidelines on all the apps they now have to patch to support this (most libnotify clients incorrectly assumed that "actions" support was available to be fair) actually suggest rolling your own UI to handle the cases where you want feedback from the user. In a time when KDE is finally adopting this standard and we can hope for some kind of cross desktop consistency in this is totally bucking the trend and basically telling people to "do it your own way".... it laughs in the face of HCI guidelines :(

I wrote a longer tirade on this topic earlier in the year:


Deploying VoIP in real life

Colin Guthrie
Thumb Up

Small company experiences

As a small web development company (Tribalogic Ltd) VoIP makes sense for us. In fact I'm writing this note from the lovely island of Corsica where myself and a couple other guys from the company are currently enjoying the sunshine! We've moved the office here for a week (one of our merry band is French and has a family home out here). We've taken the phones with us and none of our clients are any the wiser. It's awesome :)

UK telly in coke blizzard shock

Colin Guthrie

I want a double blind clinical trial.

I'll bet if to told some media type straight out of uni, naive to the ways of the world but silly haircut and frankly stupid fashion sense firmly in place and gave them some placebo white powder to snort of the next 10 years before going into "rehab" you'd get a big chunk of people marching to the Bolivian anthem simply because their sheep. I'm not saying some people have problems with coke, and obviously some people have bad experiences. But then some people have bad experiences just breathing, so what does that prove. Fuck all.

All this is is rhetoric pure and simple. I'm glad she's working as a councillor to those who feel they need help, but there is far too much FUD about drug use, especially around cocaine.

/me mumbes something about the US and it's bully tactics against the WHO.....


Robert Crumb begets Book of Genesis

Colin Guthrie

What Mike Judge was really thinking.

Butthead: huh-huh-huh. Coool.

Beavis: Shuttup buttmunch, he's taking the lords name in vein.

Butthead: Oh yeah. What a dick.

Beavis: Wow! Boobs! Sweet.

Butthead: This is even better than when Mel Gibson played jesus.

Beavis: He didn't look like Braveheart in that movie....

Butthead: Freeedom!!!!!!!!

Beavis: Shuttup douchbag, I'm trying to concentrate on the boobs.

Apple breaks jailbreakers' hearts with iPhone 3GS patch

Colin Guthrie


You mentioned blackra1n, but pwnage tool has been updated also to work with 3.1.2 firmwares on Mac and Win, so looks like the current h/w batch is a free as ever for the time being.

Docs wire up world's first internet-connected pacemaker

Colin Guthrie

Can't wait for the next Jean Claude or Steven Seagull movie...

"Denial of Service: The Peacemaker" in theatres now!

Our hero must block internet access so as to assassinate and evil drug lord/human trafficker/someone who pees in the shower/kitten murderer who has a network controlled pacemaker.

eBay could ditch uncrackable Skype tech

Colin Guthrie


PLease, if you reengineer the core, at least use something *standard*. SIP seems fine to me, but the support infra structure may need to be larger and more complex. Everyhting is possible tho'. I'd love to be able to call Skype users from my SIP account.

Stallman: open-source .NET 'danger' for Debian

Colin Guthrie

What's wrong with gnote?


"Gnote is a port of Tomboy to C++.

It is the same note taking application, including most of the add-ins (more are to come). Synchronization support is being worked on. "

Millions opted into UK mobile phone directory

Colin Guthrie
Thumb Down

Seems to find me very easily...

I search for myself: firstname, last name, town/city.

Like others say it says there are multiple matches, and asks for more info, so I type in "Bullshit" into the company box and low and behold it says it found me!!!

So apparently I work for bullshit. Not wise in these troubling economic times. Anyone want to buy some bullshit? I've got loads..... come to think of it so does this new website....

Irish politico in Facebook jub-rub outrage

Colin Guthrie

I wish...

... a lot of things, but in this case, I wish she'd rubbished the "scandal" rather than saying it's "not a great snap", she should have just said something along the lines of "ha! Yeah that was a fun night! I wouldn't pose like that for my election photos tho! haha. Seriously, I'm in my 20s I go out with my mates and have fun and I don't think its in any way scandalous."

People are too quick to kowtow to the fuddy-duddy baseline where as a bit of realism in politics is long overdue!

It's the same with the dope smoking scandals really. "shock news that a politician smoked a reefer when in university" So what? So did about half the uni! (not counting the staff!) Provided they're not high as a kite when making important policy decisions, I couldn't give two figs.

Next Ubuntu alpha reveals video change

Colin Guthrie


My god, some of the comments here are so fanboi biased towards Ubuntu.

Here was me thinking the Linux community was a nice place where people worked together for a common good (spats between KDE and GNOME not withstanding :p). The whole "Ubuntu made it possible for linux to work on laptops" is just so staggeringly untrue that it beggars belief. If you want to drink their marketing kool aid that's fine, but don't spread it about for goodness sake!

Ubuntu take open standards and cripple them for their own use, they don't play nice with the wider community and all their users are blind to these approaches and sing passionate praises... hmmm, Ubuntu is the new Windows and Canonical the new MS.

Sorry, but for someone involved in the actual development of upstream projects (tho' admittedly not in a big way), Ubuntu as a contributor to the linux ecosystem still has a very long way to go. Please note that I'm not taking about Ubuntu *users* who contribute to upstream projects - which distro you use is your own choice, I'm talking about it from a corporate involvement basis here. For all his billions Shuttleworth could have made Linux better, instead he's create a distro that exists in a bubble of ignorance. Companies such as Redhat, Mandriva and Suse/Novell have done far, far more for the greater good. I really do hope this changes in the future - I do believe a billionaire can change it's spots :p