That would be a handfull.
224 posts • joined 8 Jul 2009
11-year-old graduate announces plans to achieve immortality by 'replacing body parts with mechanical parts'
Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation
Hmm. My Dell 2000 from 2013 seems to be too old to be vulnerable. F2 brings up something quite different from what the info on the Dell site says. Oh well, due to paranoia, I never have networking on while it is booting. At least, the cable isn't plugged in, and I very rarely use it with Wifi (it's a foot from the router), so that's turned off at the Ubuntu Mate level. It still has Windows 8.1 on it, which I haven't deliberately booted for a couple of years, and which I never let onto the internet. Paranoid? Me? Dang Windows rewrites the boot order stuff on every boot, whereas Linux only does it on an install, so I have to be quick with the F-key that changes boot order...
BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw
The CPU vendors really, really need to have variants of things like integral add, sub, multiply that trap on overflow/underflow. Of course they need non-trapping versions too. If a language designer wants to detect trapping, they have to do multiple instructions to do it. Typically, the overflow *is* detected by the hardware, and sets the overflow condition code bit. Even a "trap on overflow" would be sooo useful. Some have them, I believe, so good on them.
There seems to be a rush to Rust for programming. Does it have trapping arithmetic operations?
Lego's Space Shuttle Discovery: No trouble with Hubble, but the stickers will drive a grown man to insanity
Re: Lego Technic 8480
Yes, it is very nice. I haven't put mine together for some time - perhaps it is getting time to do so again. It's another of the wonderful sets with an electric motor and a transmission with a "gearshift" to control what is getting powered. Plus the lever that raises and lowers all of the landing gear together. And, it uses one of the fairly rare "micro motors" to allow opening/closing of the solar panels on the satellite, as it is attached to the Canadarm. Others may prefer the pulsing light coming from the exhausts, courtesy of some optical tubing and a powered distributor.
There *are* some available on Bricklink, if you care to spend the money:
Sitting comfortably? Then it's probably time to patch, as critical flaw uncovered in npm's netmask package
I believe the leading-zero-for-octal convention came from early DEC assemblers. Since the first C compiler was for DEC machines, and it generated assembler output, having C use the same convention was the obvious choice.
In my programming languages (weird hobby), I've used 0b => binary, 0o => octal, 0x => hexadecimal, with no leading zero defaulting to decimal. And sometimes 0t => decimal. I like things explicit.
Some early assemblers/languages also used tags at the *end* of numbers to indicate the base. So, you could have 13ah. I'm guessing that that was done rather than a leading "h" so that numbers and identifiers were easily distinguished. See early Fortran, I believe.
This post has been deleted by a moderator
Smart doorbells on business premises make your property more attractive to burglars, warns researcher
Well, the home might not contain a lot of stuff that is of normal value to burglars, but instead contain a bunch of geek gadgets. A friend of mine likes this type of thing (can't remember if he actually bought electronic locks or not), and has bought lots of tools and gizmos. I don't think his place has much in the way of normal expensive stuff like fancy stereos, jewelry, keys to fancy cars, etc. Actually I don't think it has *ANY* of that sort of thing....
And yes, I do realize he is in a small minority of buyers for this sort of thing.
Chrome 89 beta: Google presses on with 'advanced hardware interactions' that Mozilla, Apple see as harmful
Good on 'em
I for one will continue to support Mozilla and Firefox in this.
The web, as Google sees it, is intended to be unsafe (from the user's point of view) and to provide Google with the maximum access to user information and the user's hardware. That's how they make most of their money, after all.
I know El Reg had at least one article about openRAN before, but this is an entire article about it that provides no definition of what it is. Not even what the acronymic name is short for.
It took me a couple minutes on Wikipedia to learn that "RAN" is Radio Access Network.
OpenRAN — enabling open ecosystem of GPP-based RAN solutions, chaired by Andrew Dunkin (Vodafone) and Adnan Boustany (Intel).
GPP: well, 3GPP is 3rd Generation Partnership Program - relating to LTE.......
New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?
My limit (before I pay extra) is 300 MB/month. The amount consumed by the Google stuff has skyrocketed in the last few months. My total usage is now getting disturbingly close to the limit. I have disabled network access to many apps, but the biggies so far this month are Google Play services, Google and Google Play Store, in that order. Android OS is down a bit later. Hmm. Why has "Setup Wizard" used 2.26KB? My phone is 7+ years old! I likely *can't* disable access to those top 3. ... Well, it did let me restrict all 3 to WiFi only, so maybe I'm safe! But..., I'll have to see if I still get notified of incoming gmails and emails.
Re: I have been a LEGO fan since I was born
I've only been a Lego fan since 2000. Hasn't stopped me filling my living room, however.
Pascal, try looking at different sets. E.g. the long running "Modular buildings" sets. They are loaded with regular parts that are easy to re-use, but are more interesting than plain bricks. E.g. bricks with mortar patterns, different colours, different kinds of connectors and decorations.
Sure, I've accumulated some specialty pieces I don't want - some of those eventually do get used, or I can trade them with other local Lego AFOLs (Adult Fan Of Lego). E.g. white partial cylinders I've used for a group of 4 white tanker train cars.
Another group of sets worthy of collection (at least by me) is the "Winter Village" sets, which are Christmas themed. This year's is the "Elf Clubhouse". These sets also have lots of useful pieces, although they do tend to like to use the little light bricks.
Some of our local fans *prefer* the stranger pieces for their own constructions. We have several who are huge Star Wars fans gobble up many that Lego produces. One of them has been slowing increasing in size his custom spaceship - made harder by him choosing to do it in yellow!
We won't leave you hanging any longer: Tool strips freeze-inducing bugs from Java bytecode while in production
What they should now spend a bunch of effort on is putting their detection technology into as many IDE's as possible. That way, the possible problems are reported to developers, who can then implement a *proper* fix. Heck, I expect you can put it into compilers. Add it to "javac", "gcc", "lcc", etc. as a warning.
Warning: in some situations, loop will never exit.
After ten years, the Google vs Oracle API copyright mega-battle finally hit the Supreme Court – and we listened in
Re: Good analysis
Yes, good analysis, but I do wish to freak out about the possibility of Oracle winning. The reason for that is that I program by myself, with no umbrella organization over me. If Oracle wins, it may well become illegal for me to release my software! Given that I've been working on it off and on for nearly 2 decades, its a big deal for me. I do not and will never have the resources to find out if my ideas were already considered by some large corporation and then filed in a drawer.
Take things back a while - could Linux exist in a universe in which Oracle won before Linus started his project?
Could we end up in a situation where large corporations force project repositories out of GitHub/GitLab, much like is done for videos on YouTube, etc.?
Not a chance
Ok, that makes it not a chance that I will use Chrome anywhere - desktop or mobile. Especially mobile. The data limit on my mobile plan is very small (300 MB) - I don't want *any* video playing, ever, unless I'm on WiFi. And, I don't have WiFi on unless I'm safely at home and can connect to my home router.
I make an exception for El Reg's blocky bouncing vulture - that's been cached for ages.
Here comes an AI that can predict hurricane strength. Don't worry, NASA made it so it probably actually works
TCL's latest e-ink tech looks good on paper, but Chinese giant will have to back up extraordinary claims
Would love It
I have one of the original Kindle "Keyboards". Its one of the ones where Amazon provided old low-bandwidth internet access for free. (That might still be active - haven't tried for a while - I just use WiFi to get books.) The device still works as well now as it did when it was new - I've seen no fragility, all the buttons still work fine, battery charge lasts weeks, etc. I use it mostly indoors, but it was fine in direct tropic sun.
I would love a good colour E-Ink device - it would make the book cover images much nicer! Many of the newer E-Ink devices include one or more LED lights that you can turn on to illuminate the screen, so you can read in darkness.
When Irish screens are borking: Ticketing trip-up for Dublin-based Windows 10 IoT terminal, but at least it's not XP
Is it a bird? Is it a plane? No, it's a 56-year-old satellite burning up in the sky spotted by sharp school kids
Crack this mystery: Something rotated the ice shell around Jupiter's Europa millions of years ago, fracturing it
Another way for boolean parameters is to define an enumeration type for each parameter. Lots of typing once, but nice for the calls. If you define the enumeration tags nicely, then it is all perfectly clear. I didn't do that in any of my languages, however, because of scope issues with the tags, etc.
Having parameters with default values is likely OK, so long as you don't allow the function to change the defaults. If the defaults are always, e.g., 0, 0.0, false, "", then I expect readability is OK. As a bonus, you can add parameters and most calls don't require changes.
Re: phoning and testing
I wondered that myself a while after my post. My recollection is that it wasn't just making the system page itself to death - there was something special about using MVCL (can't recall if CLCL would have worked as well). Hmm. I wonder if the pages were all ready to go, so no page faults, but the instruction then somehow locks them all during execution?
phoning and testing
Back in the heyday of mainframes, the university had installed its new Amdahl box (IBM 370-like). They opened it up for stress testing. One bright soul noted that the "MVCL" instruction would take registers containing source address/length and destination address/length. So, that one instruction could access 32 Megabytes of virtual memory. And one could arrange that the memory was not yet created in the OS. Unless they did something illegal, instructions would run to completion before anything like a task switch could happen. Run a few copies of that program and the mainframe was on its knees. The offer of wide-open testing was soon withdrawn, but I think I heard that the systems folks were good sports.
Later, in a job with a computer company, several folks were working from a site in California (head office in Alberta, Canada). They would often have a phone connection to the systems at home to allow access to sources, etc. One late night that connection was forgotten. When the phone bill showed up it had just asterisks for the cost (Fortran and other languages tended to print asterisks for "number too large to fit in output field"). I believe in this case, the phone company was eventually convinced that this wasn't possible and that it must be some kind of error in their systems. All was well.
In all honesty, I have to admit that neither of these miscreants was me. Sigh.
Japan to test self-destructing satellite to shrink space junk with string and an inanimate carbon blob
Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues
Ipify.org via curl
Ah, that's the root cause. I run my toy domain over a dynamic IP address from my provider. There are scripts that determine my actual IP address by querying "ipify.org" using Linux program "curl" (fetches from a single URL). That broke because of a certifcate problem. The logged error told me how to disable the security in "curl", but since my IP address is pretty stable, I chose to sit and wait for a bit. After a couple of days I semi-automatically got an updated certificate bundle from Ubuntu and lo, the problem fixed itself.
Even though I run a couple of services here, I am constitutionally unable to be a proper sysadmin, so its mostly a lot of fingers crossed that nothing breaks! Why am I unable? Poor memory - sysadmin requires a good memory of obscure commands, and of how all sorts of stuff actually works. And yes, I do have a router acting as a firewall, thanks.
Hooray! It's IT Day! Let's hear it for the lukewarm mugs of dirty water that everyone seems to like so much
It's cheap and easy!
I was fed tea (mostly milk of course) as a young 'un, and have stuck with it. I find coffee too bitter, though I imagine I could get used to it. Tea gives me the caffeine boost that I'm now used to. All you need is a kettle (which will last for years) and a teapot (which will last for decades). Far simpler than some coffee rigs. And, I believe it is a lot cheaper than coffee.
The one downside for me is stained teeth (not nearly as bad as smokers, and I imagine coffee does it too). And perhaps a few more bathroom breaks...
Re: Firefox has sought to arrest its slide in the rankings
In the search preferences, you can't turn off the "helpful" stuff, but you can tell it to put a separate search bar up there. Then, go back to "customize" and remove it. My URL bar went back to not being the fat thing. Now, how do I get rid of the >> saying I have more bookmarks, when they are actually all shown.....
Bob, I'm quite aware of using structs to overlay hardware resources - done lots of that. But, I recall comp.arch discussions of a few (several?) years ago saying essentially that using bitfields in C structs and expecting to produce correct portable code is not going to work well. The biggest issue was endianess, I believe. C doesn't say enough about how bitfields are layed out to make them safely usable across architectures.
In my latest programming language, I've split the concepts apart - structs and "bits" types. In the latter, the endianess is, I hope, well enough defined to be usable. It's clearly usable for space-saving, but I've had no opportunity to try it on hardware interfacing.
For many years I've had the very strange hobby of creating programming languages and writing compilers for them. My first readily-available one ran on 8-bitters under CP/M. It had the ability to define and use integers with user-specified bitwidths. Thought it would be useful on the memory-constrained machines of the day. Tryed using them in one major-ish project I did. Bad idea. Never tried to use them again.
For programming FPGA's having various-sized fields is pretty basic. But why does that have to reflect itself back into something like the C programming language, which is intended for general-purpose programming? My gut tells me that they will be patching weird issues for years, and that any actual benefit will not be worth the overall cost.
Hmm. Guidance I've seen indicates that one should continue to get exercise, and going out for walks is a good thing, and to be allowed (just like going for groceries). By common sense you don't hug and kiss any friends you happen to meet. Sounds like the rules in Hong Kong are definitely different, if you are not allowed out of your space for any reason. What happens if you are an antisocial computer geek, and don't have anyone to go get groceries for you? If your income is gone (or you were relying on retirement funds which are now worth a whole lot less than they were), you may not be able to afford to pay to have all of your food delivered to your door.
Don't electronic things decay and stop working over time? The smaller the transistors, the shorter the lifetime. That's why an old electronic whatsit based on individual transistors can last for 100+ years, but very high density IC's are unlikely to last more than 20. Or has this issue been resolved?
Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage
With great power...
(By chance, just watched Into the Spiderverse last night...)
The "Unix model" includes lots of very powerful tools, such as being able to use a shell from within programs. In cases like this, the tool is *too* powerful. Using a full programmable shell for process invocations not much more complex than using vfork()/exec() is overkill, and dangerous, as others have mentioned.
It shouldn't be hard to write a *much* simpler mini-shell, which is intended for such situations. It would take time to wean programmers off of using "bash", etc. but if you give it a few "modes" for the kinds of shell-like things it will do, it shouldn't be hard to handle most cases, and would be far safer. Yes, its slightly more total code to be maintained, but worth it.
What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction
Also want more security info
Amused to see a LISP-like syntax for the WebAssembly "source". Well, it is pretty much the simplest form of "source" anyone has come up with. Better than a Forth-like syntax!
LG announces bold new plan for financial salvation: Trying to actually make phones people want to buy
(Me too! :-) )
I'm on Firefox with NoScript here, similar to many. Since I'm not web-dependent it works fine for me.
Over the holidays I was using my sister's Windows 10 computer with Chrome, and it was shocking. Since she doesn't have users set up, I was seeing ads targeted at her, and they made sense in that context. But sheesh!!!
Minor use here
I've had Brave installed (Linux) for a while, but don't use it much. I use it every now and then to work with a web-mail portal at my ISP that I need to use for an association I'm involved with. Under Firefox/NoScript it just doesn't work.
My main problem is that I've never been able to find out exactly what it does in terms of scripts, etc. It also needs fully updating annoyingly often.
I do agree with the general concept of micropayments, and so am happy to participate in the experiment.
Several years ago I bought my Samsung Gear 2 Neo for CDN $250. Smartwatch, does notifications, texts, emails from my phone. Counts steps and will do pulse-rate. Lasts 3 days on a charge. A bit bulky. Talks Bluetooth to the phone, but has no other radios. Why can't someone produce an updated, slimmed-down version of this?
I'm with the folks that say they should keep those old systems. The repairability of those old systems is almost infinitely greater than the repairability of modern stuff.
The reliability is typically much greater as well. I'm no expert, but I believe that the failure rate of integrated circuits increases with the density of the circuitry. Things like stray cosmic rays do little to an ancient chip with huge transistors, but can subtly impair the functioning of a modern high-density chip. Sure, the new ones typically have error correction, but the very fact that they need that says something. Also, the error correction is all a probability thing - you can't repair *all* errors.
I've never been involved with Meetup or WeWork...
but, maybe they should offer meet organizers the choice of how to pay for the service. Let the organizer choose how much the repliers pay to join the meet. There should be a minimum cost to the organizer before the meet can be registered. And, once the Meetup income from any cost of repliers exceeds some amount set by Meetup, Meetup no longer charges the organizer. Or, make it graduated - the organizer pays up front, and repliers pay, as chosen by the organizer, first paying down what the organizer paid, then the rest going to Meetup. Everyone should be happy with something like that. Assuming, of course, that it is implemented and described properly.
I've got one too
And I also don't care about $10. I just hope the phone runs forever. For at least the last couple of years, I haven't seen another phone that I would want to have.
I'm quite happy with a 1920x1080 screen - longer than the standard 1080p seems silly. It has good cameras. It has a replaceable battery. It has a headphone jack. It has a microSD card slot inside. And it has no notch. Heck, it even has an IR emitter for messing with TV's, etc.
"Check Point claimed the vulns affected billions of devices. While possibly true from a theoretical point of view back in March when discovered, the majority of those will have incorporated the patches, either through routine updates or updates pushed (legitimately) from mobile networks."
Do the numbers show that "the majority" of phones *get* updates?? Lots are out of the support range of the manufacturer or carrier.
Firefox armagg-add-on: Lapsed security cert kills all browser extensions, from website password managers to ad blockers
Easy work-around for many
Saw this a couple days ago on Slashdot. A work-around shown there is to go into about:config and change xpinstall.signatures.required to "false". Apparantly that doesn't work for folks with artificially restricted versions of Firefox (Windows/Mac? - I forget). It worked fine for me on Linux. When a fixed version comes through from Ubuntu, I'll flip it back (not that I'm likely to install any extensions other than "NoScript"!)
Tobacco and alcohol are taxed, and hopefully some of the money taken goes towards treatment expenses for those who are harmed by those addictive substances.
So, if games like Fortnite really are harmfully addictive, then they should be taxed, and the money earned spent on treatment of the addicted.
We don't want to be Latch key-less kids: NYC tenants sue landlords for bunging IoT 'smart' lock on their front door
Hope they win!
I hope the residents win the lawsuit(s).
Not sure what I would do if the condo board here put in an internet accessible smart lock system. Try to sell and move out, I guess.
Why can't they just put in a system that uses key fobs? The owner gets very similar info about comings and goings, but without the insecurity of the "smart" locks and the requirement for a smartphone. It might cost more - I dunno.