* Posts by -tim

773 posts • joined 10 Jul 2009

Page:

UK Home Office signs order to extradite Julian Assange to US

-tim
Facepalm

Re: Appeal

They could appeal based on the US flat out not telling the truth in a UK court. The US has stated the charges and swore those were the only charges. That leaves out the John Doe warrants against the author of the hacking tool "strobe." I know this because I've seen some of the witness statements and I know there will be additional charges once he is in the US.

Record players make comeback with Ikea, others pitching tricked-out turntables

-tim
Coat

Re: That vinyl sound

While the DDD should be technically more correct, I'll take the AAD or ADD version most of the time. In my CD collection, the AAD is left of the ADD which is left of the DDD which is left of the "remastered" versions. The ones that get the most play are the ones on the left.

Perl Steering Council lays out a backwards compatible future for Perl 7

-tim
Coat

The real Perl problem: lack of new developers

Our problem with Perl is lack of new programmers. Our business runs a bit of Perl and it is the most profitable per line of code by a huge margin but new coders haven't even looked at Perl.

As far as backward compatibility goes, recent version of Perl 5 have broken more things that any other version change I can remember and I have scripts that started out with version 3.

FreeBSD 13.1 is out for everything from PowerPC to x86-64

-tim
Boffin

Re: Question

openssl 3 is removing some of the older broken encryption by default. That means talking to ancient un-updated equipment won't work out of the box if ever. We keep a version of ssh 6.6 compiled with open ssl 1.0.1 called ssh1 for those rare cases but web things are getting harder. We have used haproxy 1.8 configured to talk to old ssl backends also linked to older openssl which lets us use modern browsers with old hardware and old hardware with new web sites. We use the odd mixes for devices that can't phone home for firmware updates because they can't do modern ssl/tls but we have to configure per host and play dns and cert games to get that to work.

openssl skipped version 2 because of the protocol 1 vs protocol 2 version issue.

Cisco warns of premature DIMM failures

-tim
Facepalm

Whos DIMMs?

Does Cisco even make DIMMs as they seem like a part that should be outsourced. If that is the case, who make them and what else are they in?

Reliable systems with large memory need to have ECC. There is no excuse not to have it in. While rare, on our systems that properly record ECC corrections, it is interesting they happen on different systems at about the same time.

Oracle offers migration path for Solaris 10 apps

-tim
Coat

11.4 on what hardware?

11.4 won't run on anything we owned so it was off to FreeBSD for us. 11.3 had finally fixed the security issues I didn't like from 10 and ZFS was a game changer. Oddly enough there were still patches to Solaris 9 hiding on the solaris 10 container stuff the last time I checked a bit over a year ago. That still runs on SPARCstation 20 from 1994. That means you could have a nearly 30 year old computer that meets security compliance regulations if you could keep your applications patched.

We deracked a V100 last week. The thing was older some of our staff. It was removed because one of its original disks was going bad and we were pulling out a bunch of far newer systems. We still have one X1 in our internal R&D DNS cluster and will remain there until it fails which might be a while since it has flash IDE disk emulator.

I've got a tadpole Sparckbook 2 from 1993 that still works except for some of the keys are a bit of a problem.

Day 7 of the great Atlassian outage: IT giant still struggling to restore access

-tim
Facepalm

Options?

It is amazing how much of Atlassian's stuff can be replaced in a single weekend by two coders with a private usenet server, git, some perl template toolkit web pages, markup to html scripts, and a html friendly newsreader.

Apple's Mac Studio exposed: A spare storage slot and built-in RAM

-tim
Facepalm

Why do people keep thinking the memory is soldered?

Because it is. It is soldered to the same substrate that the CPU is attached to and a few people have upgraded them, it just needs more specialized equipment than any low end repair shop happens to have as well as donor ram chips which can't be sourced new.

The real reason the M1 chip's memory is so fast is they use about 877 pins to transfer more data in parallel compared to the 288 pins of a DDR5 DIMM. That allows the chips to transfer the address and more data in parallel without wasting cycles.

Zero trust? Not yet a must for most IT departments

-tim
Facepalm

What exactly does Zero Trust mean?

The term is already being perverted in the industry. Places want to do Single Sign On and Zero Trust to be fully buzzword compliant.

Another meaningless term now is "Air Gapped." Apparently acceptable use somehow now means firewalled with all inbound connections disabled to the specific host rather than the "No network at all" like it used to mean. I've seen the term used to describe a host on a typical office LAN where other hosts have inbound traffic allowed.

Apple emits emergency fix for exploited-in-the-wild WebKit vulnerability

-tim
Facepalm

Only some are patched

More than 5% of the macs that hit my web sites are versions that are old enough that they will never be patched and they cluster around the last supported versions for hardware that appears to be fully functional except for their stock browser is full of holes. A team of 5 people in apple could keep these older machines running securely. Apple hardware seems to keep getting handed down to others when new machines are bought. We still see PPC based macs. Most countries have laws that require major appliances to be supported for at least a decade and it is time those laws were enforced with the vastly more expensive computers particularly with the total lack of hardship it would cause Apple.

Lost your mouse cursor? Microsoft's PowerToys 0.55 has you covered – with a massive crosshair

-tim

Re: I put it down just a second ago, where'd it get off to?!

I have two extra buttons on my trackball and I would love to have them move the cursor to a specific place. Then I wouldn't care where the cursor had been.

Now if Logitech would just allow space for a USB cable out their next model, I won't have to keep buying batteries since my trackball seems to stay where it should be.

Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user

-tim

Re: FreeBSD appears to be affected

pkexec isn't installed on most FreeBSD systems. It doesn't appear to be in the base system install and likely in polkit package.

Never mind the Panic button – there's a key to Compose yourself

-tim
Coat

Enhanced layout

The enhanced layout was proposed by Scandinavian governments to reduce the premium they paid for localized keyboards. Or at least that was the story I was told about why the VT100 and VT220 had different keyboard layouts.

Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?

-tim
Facepalm

Re: what's hard

The Apache foundation was helping the odd good project and then it adopted a Tomcat. It has now became a crazy cat lady. It needs to learn to say no more.

Nobody cares about DAB radio – so let's force it onto smart speakers, suggests UK govt review

-tim
Facepalm

Survey says BS

Can we get some real numbers of how many digital radios are actually sold to consumers who know what they are buying? Stop counting the ones that come with the TV that no one ever uses. Stop counting the new cars and resold cars because those numbers are about as useful as the number of consumers who bought car jacks last year. Find out how many consumers went out to buy a digital radio to listen to digital radio. Then tell me how many are bought. Better data would include how many knew the new radio they bought was digital and wasn't mistaken for an AM/FM one.

If your apps or gadgets break down on Sunday, this may be why: Gpsd bug to roll back clocks to 2002

-tim

Re: GNSS is not just GPS

Navstar is the US DOD's brand of GPS.

Canon makes 'all-in-one' printers that refuse to scan when out of ink, lawsuit claims

-tim
Facepalm

There had to have been a logical reason, right?

I know of an HP multi-function that is warning about a "scanner error" but the scanner isn't the flat bed scanner on the top of the device, it is the laser scanner that paints the image on the drum when it should print that isn't spinning fast enough that causes the error. At least that device has reasonable errors vs the guess the light dot pattern problems of my older HP printer.

Air gaps have been 'shattered’, says new Indian policy on power sector security

-tim
Coat

Re: Simples!

You can also cut 3 of the 4 pairs of an ethernet cable for the same effect. You will have to tell the driver that it is in a odd state with no sync but that is usually an parameter to ifconfig or its replacement. You can extend the technique to make Y cables that listen to one host and talk to two or more devices the same way as twisted pair ethernet is still technically a shared bus with typically just two ends.

Clearview CEO doubles down, claims biz has now scraped over ten billion social media selfies for surveillance

-tim
Facepalm

Copyright violation?

They don't have the right to store any photo I post online. What is the current copyright fine per violation?

Take a look, and you'll see... Windows XP? Bit of Dairy Milk, Fruit and Bork at Cadbury World

-tim
Coat

News Flash?

What are the odds that the show and tell app that should be running was written in flash? Moving on might be a whole lot more challenging than it would appear.

As far as unsupported, doesn't MS still have that pay for support thing going if you are willing to pay big? If I remember right, the cost per workstation today for that support would still be smaller than some Oracle seat licenses.

Imagine a fiber optic cable that can sense it's about to be dug up and send a warning

-tim
Coat

Re: Yes, you can influence events 10km away

I call the backhoe ISO layer 0.

-tim
Thumb Up

Up?

The area just above where the map shows "S60" is the data centre at 530 Collins St. The cluster of dots shows were the fibre goes up the building.

GitHub merges 'useless garbage' says Linus Torvalds as new NTFS support added to Linux kernel 5.15

-tim

Re: Thanks to All

As far as the confusing and obtuse parts of git, I wonder if that is related to how git has some verbs where the subjects don't quite follow normal UK/USA speech patterns. It is like a Finn or a Swede who asks "I'm a bit low on cash, can you borrow me $20?" It is hard to parse because the direction of the word "borrow" seems backwards to most people. I've heard that enough times I should figure out the proper way to ask for my money back.

After reportedly dragging its feet, BlackBerry admits, yes, QNX in cars, equipment suffers from BadAlloc bug

-tim
Facepalm

This bug is everywhere else too

QNX appear to use the same calloc as many GNU projects and the same bug has been in MS products since they learned to love C. calloc has always been odd when called with out small sizes that are nice powers of two since the function might just try to guess how things are aligned. A calloc(10,5) might assume that 10 items need to be 8 byte aligned (like large floating point numbers on a number of older architectures) and allocate 80 bytes compared to the 50 that many programmers would expect. It is another C function that was useful in its day and now shouldn't be used. Does calloc(3689348815, 5000000000) return a null on your system (assuming you can malloc 1.3g)?

China sets goal of running single-stack IPv6 network by 2030, orders upgrade blitz

-tim
Facepalm

At least they won't have to worry about international payment security

The payment security standard PCI-DSS still seems remarkable quiet on the IPv6 front to the point where 5 of the top 5 PCI external security scanners can't even scan an IPv6 server at all. The rules say to scan all protocols that are enabled and ping ::1 works on almost all modern hardware so IPv6 needs to be scanned.

Akamai Edge DNS goes down, takes a chunk of the internet with it

-tim
Facepalm

How?

DNS was one of the 1st systems to cope with large scale failure on the Internet. How do you break DNS of this size? If all else, run two different systems.

Exsparko-destructus! What happens when wand waving meets extremely poor wiring

-tim
Facepalm

There can't be anything wrong if it isn't even hooked up

I worked for a place with a Sun E10K and it of course came with redundant power supplies. The problem is no one ever plugged in one side. The one that was hooked up had a nice short curved lead near the corner of the server that went to a rather large plug. Someone managed to get their foot in that loop while walking too close to the very expensive computer and the power went out.

Refurb your enthusiasm: Apple is selling an 8-year-old desktop for over £5k

-tim
Facepalm

Still in support?

So they can support some older hardware yet leave millions of old devices unsupported or landfilled.

Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners

-tim
Facepalm

Re: File

How young is this company? Should this be filed under "Security companies that don't have a decent tool box"? It isn't that hard to grab the source from the 20 year old versions of the scanning tools and recompile it on modern systems.

Cloudflare stops offering to block LGBTQ webpages

-tim
Unhappy

Where do these filters originate?

I've use a website that can't be linked to on facebook because of something about "community standards" yet there has never been anything offensive on the domain and it has been around for more than 25 years. I'm sure facebook is using some third party service but I can't find out who it is or how to have them re-review their data.

It took 'over 80 different developers' to review and fix 'mess' made by students who sneaked bad code into Linux

-tim
Facepalm

Student loan refunds?

The US Dept of Ed has a program where a student can ask for a cancellation for student loans from Universities that don't deliver what they claimed. As this incident has made degrees issued by that department nearly useless, could all their current and many of their past student now ask for their student loans to be canceled?

Google will make you use two-step verification to login

-tim
Facepalm

Re: Another Attempt By Large Corporations To Erode Privacy

I tend to use 29 Feb with an odd year for any site that is willing to take it.

Nasdaq's 32-bit code can't handle Berkshire Hathaway's monster share price

-tim
Coat

Re: This has happened with them before

Back in the day of fractional prices the old 16 bit systems would have a scale for each stock so that BRK.B would be traded in 1/2 while IBM would have been traded in 1/8 or 1/16ths.

BRK.B did hit the 32767 1/2 wall for a while.

Terminal trickery, or how to improve a novel immeasurably

-tim
Coat

Re: A Jive translator ?

The original was about 250 lines of Lex with a small C wrapper written in 1986 and posted under the name "Adams Douglas" along with valspeak. There was a hacked version of jive called jibe that fixed up a number of words to work better with AT&Ts text to speech system.

-tim
Devil

Re: Remote? Yes. Control? No.

Sunview would allow any logged in user to manipulate window positions. The 'w' command would helpfully point out the window id on the workstation user was using to edit code. We had a program that would move the window one pixel a second. On a 1024 pixel wide screen, it didn't take long for that to be annoying particularly when it was moved mostly to the right and slightly down.

Boffins revisit the Antikythera Mechanism and assert it’s no longer Greek to them

-tim

Re: Where are the others?

Any earlier examples would have been turned into something else after they were no longer repairable. Anything broken thing made of metal would have found its way into the hands of a recycler if there was anyway to get it there. I think a survey of jewelry possibly made of gears would be an interesting thing to look at since there are mentions of other complex devices and turning a broken gear into a relatively shiny bit of ornamentation would have been an easy task.

The study of Ancient Egypt mentions devices made of wood including devices used to lift large stones yet no examples have been found but in a place where firewood was hard to get, any broken wooden device would be building material or firewood very quickly.

The world's first Apple Silicon iMac is actually a Mac Mini

-tim
Boffin

HDMI converter?

Does anyone have references for the HDMI -> iMac display adapters or any advice on what to look for? I have a few very nice iMac screens that could use a new computer attached since Apple doesn't want to pay any of their engineers to do what DosDude1 has done.

Qualys hit with ransomware: Customer invoices leaked on extortionists' Tor blog

-tim
Facepalm

Re: Man, that's a bummer

Their wonderful PCI-DSS scanning tool doesn't even know about IPv6. The requirements are clear, if a protocol was on, it must be scanned. IPv6 is on by default on all modern systems so it must be scanned even if it was turned off.

Doctor, I think I have an HDMI: Apple starts investigating M1 Mac Mini graphics issues

-tim
FAIL

Re: Not just the M1

There were problems going back to at least 10.11 when too much video ram has to be moved too much. If you use fast user switching and multiple desktops on multiple screens you will see the problem isn't new and still hasn't been fixed.

Rover, wanderer, nomad, vagabond: Oracle launches rugged edge-of-network box for hostile environments

-tim
Facepalm

Price seems low for Oracle.

Prices start at $160 a day per node so $58,400 per year for non-leap years. It looks like someone thinks the Department of Defense should buy Larry another yacht.

Ever wanted to own a piece of the internet? Now you can: $1 for a whole gTLD... or $2.8m if you want a decent one

-tim
Joke

Re: +$24K per year

The infrastructure to run some of these TLDs could consist of a dial up line and couple of Raspberry Pis and they wouldn't even need to be the newish ones.

We'd rather go down in Down Under, says Google: Search biz threatens to quit Australia if forced to pay for news

-tim
Boffin

Re: "stop indexing news sites"

Robots.txt is a bit primitive but it needs far more metadata like:

Summary: 140 words

Crawler: Googlebot

Contract: 279ac2b68259630132ad9f133b92f475 /

Contract: 587597866e25dd2cbe40e4159d1f6845 /hot-news/*

Crawler: *

License_provider: theregister.com

Rate: USD .0002 /

Rate: USD .03 /hot-news/*

Nothing new since the microwave: Let's get those home tech inventors cooking

-tim
Flame

So many options

I have a $50 single induction hot plate. It starts off at 2000 watts which is enough to damage pans in about 15 seconds. I use it at the 200C setting 99% of the time and that would have made a much more reasonable default. It is odd that a $50 device can maintain a temperature yet the $2,000 built in types don't have that feature. The cheap one also keeps track of how many kWh I use when cooking which might be handy for using the thing in a caravan of off grid solar.

Why don't modern stoves have a "hold this temperature" setting? Are temp sensors on the glass too hard? I guess they aren't since my $50 device has it. They could also use IR detectors in the vent hood to read the temp of the soup.

Where is the magnetic stirrer? Chemistry labs have had nice hot plates that allow a magnetic bar to be placed in the food which allows it to be stirred. They also seem to be able to maintain very accurate temperatures.

I'm would like knobs with proper detents that work in deg C which is what is needed in cooking, not useless "gas numbers" which is how much energy you are pumping into a dish. Knobs also work for people who can't see that well. Every try to use a modern induction stove when blind? The best tech for blind people due to burn risk isn't usable because of touch on glass controls.

I want a microwave that doubles as a stove vent hood. The better ones will move more than enough air for a gas cook top and that amount of air keeps the microwaved food from getting soggy due to humidity. Too bad they aren't legal in Australia due to someone leaving out "or per manufacturers recommendations" in a standard when they copied it from overseas.

What does my neighbour's Tesla have in common with a stairlift?

-tim
Coat

Re: Summon the lawyers!

With a small bit of effort a bit of nylon brick layers string will cut though wire insulation and the wires inside. The stuff also cuts plastic conduit and pipe.

Oh, no one knows what goes on behind locked doors... so don't leave your UPS in there

-tim

Re: ...and unlocked doors

They haven't been cut from 2"x4" in a very long time as they don't want to waste that much timber. Modern large scale sawmills now can cut then so smooth that the finishing step cuts nearly nothing off the boards.

Nokstalgia: HMD Global introduces yet another homage to the past – a 4G rework of the Nokia 6300

-tim
Coat

Re: Still using my 6300

My old 6300 is my bedside alarm clock. It is the second best alarm clock I've ever used due to its features like pressing the 4 does a 4 minute snooze, yet non-numeric use the default value which can be set arbitrarily. Too bad I can't put a sim in it to reset its time anymore.

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

-tim
Devil

For more fun look at how the apps talk to each other

You can install one of the application firewalls where you can see just how all the applications are chatting with each other for a real shock. The mail app will talk to the map and vice versa. Many other apps are talking to apps that makes no sense at all. A friends Google branded phone was sending more than 8,000 messages a second between a multitude of apps.

Magic! If you have an entry-level iPad, the Combo Touch could make it your workhorse

-tim
Boffin

Re: the inclusion of backlighting, which is a must-have for late-night work.

Long ago I saw a backlit keyboard hooked to a Apple 1. The owner had created a typing training program that would light up the key you needed to press.

The status of each light could be read so it could be used to extended memory beyond the base 4k.

Uncle Sam's legal eagles hope to get their claws on $1bn in Bitcoin 'stolen by hacker' from dark-web souk Silk Road

-tim
Facepalm

Proceeds of crime?

These coins are forever contaminated by proceeds of crime laws. Accepting or spending it is likely a crime and sending it over telecommunications infrastructure is "wire fraud" in the USA. Even if the US Feds launder it, it may not be clean at the state level not to mention the international implications.

So what happens to contaminated bit coins? They can't be removed and it may be illegal to use them or any of their digital descendants forever.

Apple emits iOS, iPadOS, watchOS, macOS patches to fix three hijack-my-device flaws exploited in the wild

-tim
Facepalm

Aged computers?

How many hundreds of millions of machines should be getting this patch but aren't because they are no longer in support? This shouldn't be much more than 100 byte patch.

The local criminal incompetency statutes don't have a statute of limitations and don't mention "out of support" at all. If you sold the hardware, you have a legal requirement to fix design deficiencies indefinitely or replace or refund the equipment.

When your engineering can harm third parties, there is no hiding behind corporate connivence.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022