* Posts by -tim

746 posts • joined 10 Jul 2009

Page:

Refurb your enthusiasm: Apple is selling an 8-year-old desktop for over £5k

-tim
Facepalm

Still in support?

So they can support some older hardware yet leave millions of old devices unsupported or landfilled.

Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners

-tim
Facepalm

Re: File

How young is this company? Should this be filed under "Security companies that don't have a decent tool box"? It isn't that hard to grab the source from the 20 year old versions of the scanning tools and recompile it on modern systems.

Cloudflare stops offering to block LGBTQ webpages

-tim
Unhappy

Where do these filters originate?

I've use a website that can't be linked to on facebook because of something about "community standards" yet there has never been anything offensive on the domain and it has been around for more than 25 years. I'm sure facebook is using some third party service but I can't find out who it is or how to have them re-review their data.

It took 'over 80 different developers' to review and fix 'mess' made by students who sneaked bad code into Linux

-tim
Facepalm

Student loan refunds?

The US Dept of Ed has a program where a student can ask for a cancellation for student loans from Universities that don't deliver what they claimed. As this incident has made degrees issued by that department nearly useless, could all their current and many of their past student now ask for their student loans to be canceled?

Google will make you use two-step verification to login

-tim
Facepalm

Re: Another Attempt By Large Corporations To Erode Privacy

I tend to use 29 Feb with an odd year for any site that is willing to take it.

Nasdaq's 32-bit code can't handle Berkshire Hathaway's monster share price

-tim
Coat

Re: This has happened with them before

Back in the day of fractional prices the old 16 bit systems would have a scale for each stock so that BRK.B would be traded in 1/2 while IBM would have been traded in 1/8 or 1/16ths.

BRK.B did hit the 32767 1/2 wall for a while.

Terminal trickery, or how to improve a novel immeasurably

-tim
Coat

Re: A Jive translator ?

The original was about 250 lines of Lex with a small C wrapper written in 1986 and posted under the name "Adams Douglas" along with valspeak. There was a hacked version of jive called jibe that fixed up a number of words to work better with AT&Ts text to speech system.

-tim
Devil

Re: Remote? Yes. Control? No.

Sunview would allow any logged in user to manipulate window positions. The 'w' command would helpfully point out the window id on the workstation user was using to edit code. We had a program that would move the window one pixel a second. On a 1024 pixel wide screen, it didn't take long for that to be annoying particularly when it was moved mostly to the right and slightly down.

Boffins revisit the Antikythera Mechanism and assert it’s no longer Greek to them

-tim

Re: Where are the others?

Any earlier examples would have been turned into something else after they were no longer repairable. Anything broken thing made of metal would have found its way into the hands of a recycler if there was anyway to get it there. I think a survey of jewelry possibly made of gears would be an interesting thing to look at since there are mentions of other complex devices and turning a broken gear into a relatively shiny bit of ornamentation would have been an easy task.

The study of Ancient Egypt mentions devices made of wood including devices used to lift large stones yet no examples have been found but in a place where firewood was hard to get, any broken wooden device would be building material or firewood very quickly.

The world's first Apple Silicon iMac is actually a Mac Mini

-tim
Boffin

HDMI converter?

Does anyone have references for the HDMI -> iMac display adapters or any advice on what to look for? I have a few very nice iMac screens that could use a new computer attached since Apple doesn't want to pay any of their engineers to do what DosDude1 has done.

Qualys hit with ransomware: Customer invoices leaked on extortionists' Tor blog

-tim
Facepalm

Re: Man, that's a bummer

Their wonderful PCI-DSS scanning tool doesn't even know about IPv6. The requirements are clear, if a protocol was on, it must be scanned. IPv6 is on by default on all modern systems so it must be scanned even if it was turned off.

Doctor, I think I have an HDMI: Apple starts investigating M1 Mac Mini graphics issues

-tim
FAIL

Re: Not just the M1

There were problems going back to at least 10.11 when too much video ram has to be moved too much. If you use fast user switching and multiple desktops on multiple screens you will see the problem isn't new and still hasn't been fixed.

Rover, wanderer, nomad, vagabond: Oracle launches rugged edge-of-network box for hostile environments

-tim
Facepalm

Price seems low for Oracle.

Prices start at $160 a day per node so $58,400 per year for non-leap years. It looks like someone thinks the Department of Defense should buy Larry another yacht.

Ever wanted to own a piece of the internet? Now you can: $1 for a whole gTLD... or $2.8m if you want a decent one

-tim
Joke

Re: +$24K per year

The infrastructure to run some of these TLDs could consist of a dial up line and couple of Raspberry Pis and they wouldn't even need to be the newish ones.

We'd rather go down in Down Under, says Google: Search biz threatens to quit Australia if forced to pay for news

-tim
Boffin

Re: "stop indexing news sites"

Robots.txt is a bit primitive but it needs far more metadata like:

Summary: 140 words

Crawler: Googlebot

Contract: 279ac2b68259630132ad9f133b92f475 /

Contract: 587597866e25dd2cbe40e4159d1f6845 /hot-news/*

Crawler: *

License_provider: theregister.com

Rate: USD .0002 /

Rate: USD .03 /hot-news/*

Nothing new since the microwave: Let's get those home tech inventors cooking

-tim
Flame

So many options

I have a $50 single induction hot plate. It starts off at 2000 watts which is enough to damage pans in about 15 seconds. I use it at the 200C setting 99% of the time and that would have made a much more reasonable default. It is odd that a $50 device can maintain a temperature yet the $2,000 built in types don't have that feature. The cheap one also keeps track of how many kWh I use when cooking which might be handy for using the thing in a caravan of off grid solar.

Why don't modern stoves have a "hold this temperature" setting? Are temp sensors on the glass too hard? I guess they aren't since my $50 device has it. They could also use IR detectors in the vent hood to read the temp of the soup.

Where is the magnetic stirrer? Chemistry labs have had nice hot plates that allow a magnetic bar to be placed in the food which allows it to be stirred. They also seem to be able to maintain very accurate temperatures.

I'm would like knobs with proper detents that work in deg C which is what is needed in cooking, not useless "gas numbers" which is how much energy you are pumping into a dish. Knobs also work for people who can't see that well. Every try to use a modern induction stove when blind? The best tech for blind people due to burn risk isn't usable because of touch on glass controls.

I want a microwave that doubles as a stove vent hood. The better ones will move more than enough air for a gas cook top and that amount of air keeps the microwaved food from getting soggy due to humidity. Too bad they aren't legal in Australia due to someone leaving out "or per manufacturers recommendations" in a standard when they copied it from overseas.

What does my neighbour's Tesla have in common with a stairlift?

-tim
Coat

Re: Summon the lawyers!

With a small bit of effort a bit of nylon brick layers string will cut though wire insulation and the wires inside. The stuff also cuts plastic conduit and pipe.

Oh, no one knows what goes on behind locked doors... so don't leave your UPS in there

-tim

Re: ...and unlocked doors

They haven't been cut from 2"x4" in a very long time as they don't want to waste that much timber. Modern large scale sawmills now can cut then so smooth that the finishing step cuts nearly nothing off the boards.

Nokstalgia: HMD Global introduces yet another homage to the past – a 4G rework of the Nokia 6300

-tim
Coat

Re: Still using my 6300

My old 6300 is my bedside alarm clock. It is the second best alarm clock I've ever used due to its features like pressing the 4 does a 4 minute snooze, yet non-numeric use the default value which can be set arbitrarily. Too bad I can't put a sim in it to reset its time anymore.

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

-tim
Devil

For more fun look at how the apps talk to each other

You can install one of the application firewalls where you can see just how all the applications are chatting with each other for a real shock. The mail app will talk to the map and vice versa. Many other apps are talking to apps that makes no sense at all. A friends Google branded phone was sending more than 8,000 messages a second between a multitude of apps.

Magic! If you have an entry-level iPad, the Combo Touch could make it your workhorse

-tim
Boffin

Re: the inclusion of backlighting, which is a must-have for late-night work.

Long ago I saw a backlit keyboard hooked to a Apple 1. The owner had created a typing training program that would light up the key you needed to press.

The status of each light could be read so it could be used to extended memory beyond the base 4k.

Uncle Sam's legal eagles hope to get their claws on $1bn in Bitcoin 'stolen by hacker' from dark-web souk Silk Road

-tim
Facepalm

Proceeds of crime?

These coins are forever contaminated by proceeds of crime laws. Accepting or spending it is likely a crime and sending it over telecommunications infrastructure is "wire fraud" in the USA. Even if the US Feds launder it, it may not be clean at the state level not to mention the international implications.

So what happens to contaminated bit coins? They can't be removed and it may be illegal to use them or any of their digital descendants forever.

Apple emits iOS, iPadOS, watchOS, macOS patches to fix three hijack-my-device flaws exploited in the wild

-tim
Facepalm

Aged computers?

How many hundreds of millions of machines should be getting this patch but aren't because they are no longer in support? This shouldn't be much more than 100 byte patch.

The local criminal incompetency statutes don't have a statute of limitations and don't mention "out of support" at all. If you sold the hardware, you have a legal requirement to fix design deficiencies indefinitely or replace or refund the equipment.

When your engineering can harm third parties, there is no hiding behind corporate connivence.

We did NAT see that coming: How malicious JavaScript can open holes in your firewall for miscreants to slip through

-tim
Facepalm

Stateful firewall? Where?

The most commonly used firewall configurations used by many Linux based firewall have been optimized to the point where they aren't proper stateful firewalls anymore. The port filtering stuff doesn't keep state at all as it only trusts the packets to say they aren't established (RFC 3514 style) and rely on the NAT engine to keep track of the rest of the state info. One those routers, that means anything not using NAT, isn't stateful at all and anything that opens up external access on demand like UPnP effectively breaks the stateful nature of a firewall. The same is true for many business grade firewalls. An easy way to verify this is to check how much memory is used per data stream and if it is too low, it can't be stateful.

Cisco penta-gone from Pentagon as Aruba rolls in a new net

-tim
Facepalm

4 sides and a spare

The Pentagon is an odd place. I went on a tour with a very paranoid friend that I told the expansion joints in the halls were metal plates so they could lock down an area in a second which resulted in him jumping over them for the rest of the tour to much amusement of the tour guide once I explained the odd behavior.

I knew someone who worked with wiring in that building and when visiting his office, he pointed me to a poster of the different areas of the building and how things were labeled for Army, Navy, AF and required standards for working on each area. The poster included a label for Soviet wiring.

The space above the drop ceiling on the ground floor is about 6ft (2m) yet is completely full of wires in places and that was long before they considered ethernet let alone switches and wifi.

Far in the future I expect archaeologist will dig it up and describe it as the highest holy temple to military bureaucracy.

Google screwed rivals to protect monopoly, says Uncle Sam in antitrust lawsuit: We go inside the Sherman parked on a Silicon Valley lawn

-tim

Google have agreements like the one they forced on RIM which means they could no longer update the version of virtualized Android that ran on their QNX OS and forced all their new phones to be 100% Android thus completely killing a competitor. I would buy a new QNX phone today if there was one but Google's anti competitive actions mean there will never be another.

Atlassian pulls the plug on server licences, drags customers to the cloud

-tim
Facepalm

Re: All aboard the Gitlab train

It isn't illegal to buy insurance for that kind of problem. Locally I know it is illegal for the insurance company to pay out which makes the premiums a bit of a waste of money.

Atlassian sprays more machine learning over its cloudy BitBucket, Jira, Confluence wares

-tim
Facepalm

I'm guessing they can't even find the old bugs because they are using their own system. I know I can't using their systems. After we moved everything to them, we are looking for alternates.

Google won’t let Australia have shiny new toys unless it picks apart pay-for-news plan

-tim
Boffin

If only there was a way

Perhaps someone needs to come up with a robots.txt format to describe the payment and republishing terms of stuff on a site...

Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard

-tim
Facepalm

The real compliance rate is much closer to 0.00%

Compliance requires network scans for all open and previously used protocols. Modern machines all have IPv6 enabled by default so the scans must test for IPv6 yet no scanning vendor I know of does that properly. If the system was ever hooked to a Novel lan or old IBM mainframe, you need to test that as well just to verify that old stuff is all off or come up with a compensating control saying you are very sure the system can't be hacked by something like a Banyan VINES Christmas tree packet.

President Trump to slap fresh restrictions on H-1B work visas, refuses to hear public comment on changes

-tim
Facepalm

Another abused system

I live in Australia and I have been contacted a number of times for jobs in the USA. Once they find out I don't need a visa to work in the USA they aren't interested in me anymore. I've heard the same for a number of ex-pats. The strangest request needed someone that was a citizen for a security clearance but they were trying to find a way to fill the job with an H-1B.

NHS COVID-19 launch: Risk-scoring algorithm criticised, the downloads, plus public told to 'upgrade their phones'

-tim
Facepalm

More e-waste?

The hardware to support this has been around on better phones since before 2013 and android 4.4. The reasons not to support older phones aren't technical. For the tracing app used in Australia, there are more than a million phones in use that have the proper hardware but just don't work.

Server buyers ask Lenovo for made-in-Mexico models instead of Chinese kit

-tim

I'm finding that it takes more research to avoid made in China but it can be done. Most of my new servers have motherboards, power supplies and drives that aren't made in China but the Ryzen CPUs are. My home solar system has some of the roof mounts that are made in China but the rest is made in Australia, Canada, Malaysia or Finland. The new floor I had installed was made in Germany. New kitchen tap was made in New Zealand but used Chinese made cartridges which failed and were replaced by Spanish ones. New tyres were made in the UK. I haven't bought an electronic device over $120 that was made in China in more than a year. China is involved in a trade war and I'm not going to play that game and I don't have to if I read labels.

Chromium devs want the browser to talk to devices, computers directly via TCP, UDP. Obviously, nothing can go wrong

-tim
Facepalm

Is "No" ok with you?

I don't want to firewall every host on the network in their own little bubble but it looks like that time is here.

I like the idea of the dialog box. Can they added that to "This web page wants to load external Javascript. Please enter all the remote sites that it is allowed to talk to". I would be ok with that. Add the same thing for cookies.

Can I get some service here? The new 27-inch iMac forgoes replaceable storage for soldered innards

-tim
Facepalm

Again?

This is hurting their iPhone sales. We do not allow work computers to leave the office with their storage incase it has something sensitive on it and that means no soldered in storage. Since we told people we don't support the soldered in storage macs, they tend to pick a Windows or Linux system. When it is time to upgrade their phones, they tend not to pick Apple products. When asked, our IT staff all use the phase "We can't recommend Apple products" with an ever increasing list of technical reason why.

Network sniffers find COVID-19 did not break the internet – though it was behind a massive jump in outages

-tim
Flame

5G protester outages?

How many recent outages have been caused by 5G sabotage? Some idiot trying to burn down a tower ended up damaging the fiber going to work causing nearly a whole day outage due to the fire being started in a pit.

I've started collecting magnetrons out of dead microwaves. I'm not sure if I should mail them to the idiots I find or just put them up on sane neighbors roofs.

Should I have used the warning icon rather than the fire icon since that will be inside the box with "warning microwave generating magnetron!"

University of Cambridge to decommission its homegrown email service Hermes in favour of Microsoft Exchange Online

-tim
Facepalm

So another one falls

I hope the researchers don't mind Microsoft going through their research and making useful suggestions to other researcher via "AI". In the publish first of perish culture of universities, I figure this would have been shot down.

I have stopped interviewing recent students from universities with large corporate style administration since it is a waste of my time. I have suggested to some of the recent graduates of what used to be outstanding schools to ask for a refund for their tuition.

Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS

-tim
Facepalm

Re: Business as Usual

Their dashboard has plenty of useless data. So the site downloaded 90 gb of data? Over what time frame as it isn't mentioned except in conflicting forum posts. Throw in a white text on black design mixed with black text on white for a nearly unreadable system and version specific chrome requirements make their web interface look amateurish. Their support forums tend to have their search engine optimization around the wrong way so looking for a problem will result in the 5 year old solution, not the current one. If they put google parseable dates in their metadata would fix that problem. One USG has dropped out 4 times in the last month requiring power resets. That was after replacing a unit that died more than a dozen times over the last few months and it usually happens in the wee hours of the morning. Being a "cloud" device, there is no viability into it and a serious lack of logs that can be pulled off it after a reboot. Someone needs to tell them about a watchdog feature. Their radios do tend to work well but the USG seems like a joke of a product and I'll be looking for a replacement if they can't find and fix the problem real soon as it isn't up to the task.

AMD pushes 64-core 4.2GHz Ryzen Threadripper Pro workstation processors

-tim

Re: ECC

The Ryzen Matisse and later support ECC. I don't have terabytes of RAM but I've had different systems report 3 uncorrectable ECC errors this year with one doing a system panic. All new systems will be getting ECC from now on out.

Australians can demand visitors to their homes run contact-tracing app

-tim
Facepalm

Who can run the app?

I have a grand total of zero devices that can run the app. I have a number of devices that have the required bluetooth capability but they aren't supported.

It looks like you want a storage appliance for your data centre. Maybe you'd prefer a smart card reader?

-tim
Pint

Re: Recruitment Searches

The local labor government in Victoria has a ad up at the train stations with the typical "we are sorry for the delays" while patting themselves on the back for spending our money. There are 4 people in the picture of "rail construction" and 3 of them are doing things that should get them kicked off a worksite. The other one is just standing around looking like a supervisor.

Keen to go _ExtInt? LLVM Clang compiler adds support for custom width integers

-tim

This is amazingly useful when it is needed

I think it should have Endianness included in there as well and I'm not sure it should be limited to integers as it could be fixed point. The implementation of pointers will get weird as a now a pointer to the 5th element of a 5 bit array will be larger than a pointer to 64 bit int in classical architectures as it needs to include a real memory base pointer and an offset as well as a size. It would also be useful to be able to tell the compiler what the base char, int and long sizes are. An option to set int=31 and crash on overflow conversions would be very useful for testing most C code.

Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO

-tim

Who checked the code?

PCI-DSS auditors need to do their job and request proper documentation that every bit of Javascript on a payment page is properly audited. The stilly mouse tracking thing goes nuts with my trackball which appears to confuse their code. The stripe code seems to have been written by someone who uses tabs and not windows because all the stacked windows will be sending data at the same time.

Police drone fliers' wings clipped to prevent them bumping into real aircraft

-tim
Boffin

Re: Mixed measurements

In metric parts of the world, the Feet in aviation aren't a real vertical distance to the ground but an approximate distance based on air pressure which drives the altimeter which is adjusted to a nearby location and adjusted periodically during a flight. Above a point of about 10,000 feet, the altimeter will be adjusted to 29.92 inHg or 1013 mb. This result is in a low or high pressure system, the 500 ft separation of planes is slightly different than 500 ft, but they don't hit each other because they are all using the same reference. A pressure altimeter when calibrated is more accurate than a GPS altitude.

Feet aren't used for horizontal distances in metric countries. Places like Australia which mostly copied the US FAA's rule book down to the section numbers, rounded all the nice round feet to nice round meters (1000 ft became 300 meters, not 305m) but sometimes they rounded up, sometimes down.

ICANN suffers split-personality disorder as deadline for .org sale decision draws close

-tim
Facepalm

Pick one

Take the money and get rich until TIO takes over all of it (and not just .org). Or reject it and stay poorer but in control.

Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts yelling 'Security! We have a problem...'

-tim
Boffin

Separate but still connected?

Late 1990s Saabs had 3 CAN buses. One for the ABS, one for the Engine/Transmission systems and a third for everything else. The speed of the car is determined by using the ABS sensors so as long as one wheel is rotating, it have a very good idea of of the speed and it took me about an hour on an icy parking lot to trick it. The thing is the radio needs to know how fast the car is going so it can make slight adjustments to the volume depending speed so I wonder just how isolated the busses are.

A friend made the comment that a rental BMW wasn't true to its heritage when its traction control system complained after it was briefly airborne. That message was of course displayed on the integrated console.

BOFH: Will the last one out switch off the printer?

-tim
Pint

Re: Why suffer

I want to know how he is keeping the board room booze resupplied during this troubling time.

ZX Spectrum prototype ROM is now available for download courtesy of boffins at the UK's Centre for Computing History

-tim
Boffin

Keyboard?

Was the prototype keyboard better or worse to use than the production model?

Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots

-tim
Flame

Out of the frying pan into the fire?

VxWorks doesn't like hard resets.

I hope there is a nice easy clean reset option.

2020 MacBook Air teardown shows in graphic detail how butterfly keyboards were snipped for scissor switch

-tim
Black Helicopters

Re: I like my Microsoft keyboard...

Keyboards with AES aren't much more secure. The timing of the packets can be used to deduce the key sequences with no need to decrypt them.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021