* Posts by -tim

707 posts • joined 10 Jul 2009

Page:

Australians can demand visitors to their homes run contact-tracing app

-tim
Facepalm

Who can run the app?

I have a grand total of zero devices that can run the app. I have a number of devices that have the required bluetooth capability but they aren't supported.

It looks like you want a storage appliance for your data centre. Maybe you'd prefer a smart card reader?

-tim
Pint

Re: Recruitment Searches

The local labor government in Victoria has a ad up at the train stations with the typical "we are sorry for the delays" while patting themselves on the back for spending our money. There are 4 people in the picture of "rail construction" and 3 of them are doing things that should get them kicked off a worksite. The other one is just standing around looking like a supervisor.

Keen to go _ExtInt? LLVM Clang compiler adds support for custom width integers

-tim

This is amazingly useful when it is needed

I think it should have Endianness included in there as well and I'm not sure it should be limited to integers as it could be fixed point. The implementation of pointers will get weird as a now a pointer to the 5th element of a 5 bit array will be larger than a pointer to 64 bit int in classical architectures as it needs to include a real memory base pointer and an offset as well as a size. It would also be useful to be able to tell the compiler what the base char, int and long sizes are. An option to set int=31 and crash on overflow conversions would be very useful for testing most C code.

Stripe is absolutely logging your mouse movements on websites' payment pages – for your own good, says CEO

-tim

Who checked the code?

PCI-DSS auditors need to do their job and request proper documentation that every bit of Javascript on a payment page is properly audited. The stilly mouse tracking thing goes nuts with my trackball which appears to confuse their code. The stripe code seems to have been written by someone who uses tabs and not windows because all the stacked windows will be sending data at the same time.

Police drone fliers' wings clipped to prevent them bumping into real aircraft

-tim
Boffin

Re: Mixed measurements

In metric parts of the world, the Feet in aviation aren't a real vertical distance to the ground but an approximate distance based on air pressure which drives the altimeter which is adjusted to a nearby location and adjusted periodically during a flight. Above a point of about 10,000 feet, the altimeter will be adjusted to 29.92 inHg or 1013 mb. This result is in a low or high pressure system, the 500 ft separation of planes is slightly different than 500 ft, but they don't hit each other because they are all using the same reference. A pressure altimeter when calibrated is more accurate than a GPS altitude.

Feet aren't used for horizontal distances in metric countries. Places like Australia which mostly copied the US FAA's rule book down to the section numbers, rounded all the nice round feet to nice round meters (1000 ft became 300 meters, not 305m) but sometimes they rounded up, sometimes down.

ICANN suffers split-personality disorder as deadline for .org sale decision draws close

-tim
Facepalm

Pick one

Take the money and get rich until TIO takes over all of it (and not just .org). Or reject it and stay poorer but in control.

Consumer reviewer Which? finds CAN bus ports on Ford and VW, starts yelling 'Security! We have a problem...'

-tim
Boffin

Separate but still connected?

Late 1990s Saabs had 3 CAN buses. One for the ABS, one for the Engine/Transmission systems and a third for everything else. The speed of the car is determined by using the ABS sensors so as long as one wheel is rotating, it have a very good idea of of the speed and it took me about an hour on an icy parking lot to trick it. The thing is the radio needs to know how fast the car is going so it can make slight adjustments to the volume depending speed so I wonder just how isolated the busses are.

A friend made the comment that a rental BMW wasn't true to its heritage when its traction control system complained after it was briefly airborne. That message was of course displayed on the integrated console.

BOFH: Will the last one out switch off the printer?

-tim
Pint

Re: Why suffer

I want to know how he is keeping the board room booze resupplied during this troubling time.

ZX Spectrum prototype ROM is now available for download courtesy of boffins at the UK's Centre for Computing History

-tim
Boffin

Keyboard?

Was the prototype keyboard better or worse to use than the production model?

Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots

-tim
Flame

Out of the frying pan into the fire?

VxWorks doesn't like hard resets.

I hope there is a nice easy clean reset option.

2020 MacBook Air teardown shows in graphic detail how butterfly keyboards were snipped for scissor switch

-tim
Black Helicopters

Re: I like my Microsoft keyboard...

Keyboards with AES aren't much more secure. The timing of the packets can be used to deduce the key sequences with no need to decrypt them.

It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

-tim
Facepalm

Re: Sigh. Not again...

The browsers love to download bad fonts because someone from the colored pencil office thinks it is cool. Then you have the extremes like Atlassian who have their own bad font and force it on everyone who uses their platform with no option to use better fonts. The person who made that decision needs to be hit with a copy of the METAFONTbook.

Freed from the office, home workers roam sunlit uplands of IPv6... 2 metres apart

-tim
Facepalm

Re: Perhaps (probably?) mobile users

Everything seems to come with IPv6 enabled by default these days (as it should) but security compliance is way behind. Not one of the 3 PCI-DSS scanners I have to deal with can cope with IPv6. If you scan doesn't include a report on IPv6, it is NOT complaint even if you thought you turned it off.

HP Ink: No way, Xerox. We're not accepting your takeover. Well, we'd never say never. Maybe even maybe? Hello, you still there? Please?

-tim
Pint

Re: Sorry for the ink sales drop

I picked up a monochrome laser that claims to be a Fuji Xerox which seems to have been made in the very same factory in Viet Nam where the nearly identical but slightly more expensive Brother printers are made.

Call us immediately if your child uses Kali Linux, squawks West Mids Police

-tim

Kids these days...

I overheard some girls on a train talking about how they install virtual machines on their school provided laptop so they can have games and how there is a hack that makes the school image look like it has all the memory it should have. They also discussed how they had used social engineering to get most teachers to drop the anti-plagiarism software by jacking up the false positive rates. I expect the kids weren't over 12 based on the expensive school they attend.

Who needs the A-Team or MacGyver when there's a techie with an SCSI cable?

-tim
Coat

SCSI Hacks?

A friend had an Amiga with two SCSI cards. There was a program on the Amiga that looked like a block device to a PC that thought it was the "master" on the chain. The result is he could rapidly backup and reboot the PC much the way the virtualization allows today as well as doing RAID0 style merging of small Inexpensive (aka rejected from other projects) disks. When he ended up with a Sparcstation, it too went on the SCSI chain and it allowed him to work on the same files with the PC or Sun without all those expensive network cards as long as he remembered to only have one system active at a time.

Need 32-bit Linux to run past 2038? When version 5.6 of the kernel pops, you're in for a treat

-tim

Re: WS2003 redux

time_t didn't need to be an int which is why it was its very own type. A 32 bit singed was used in the AT&T and BSD Unix and that managed to find its way into places where a time_t was cast to an int for portability . A time_t would be 36 bits on 9 bit machines.

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage

-tim

Re: When will we get rid of this malady?

The worst part of that execle system call is had they left out the 1st 2 parameters, not combined the command and it's argument in a string, the code would have been smaller and correct.

-tim
Facepalm

How?

If a system program needs to run another program, it should not use a shell as an intermediary.

I've been working with email systems for decades and it is amazing that the same bugs have shown up in so many different programs. My advice to anyone writing a email client is to go get a list of the top 5 major exploits of all the top email programs and make sure your code doesn't do any of them.

ICANN finally reveals who’s behind purchase of .org: It’s ███████ and ██████ – you don't need to know any more

-tim
Facepalm

Time to register a new domain?

Should I register 'ICANN go to jail.org' because I'm guessing someone could use it in the near future.

No horrific butterfly keys on this keyboard, just you and your big, dumb fingers

-tim
Pint

Can musical instruments be far behind?

I bet they could do great things if they could get the camera to work out air guitar!

Beware the three-finger-salute, or 'How I Got The Keys To The Kingdom'

-tim
Boffin

Re: ...why Microsoft taught people to hit Ctl-Alt-Del...

Ctrl-Alt-Del could be intercepted on x86 computers of that era. The 1st IBM PCs (5150, the ones with cassette ports) were the ones where it couldn't be intercepted as it sent a hard interrupt but that was removed by the days of the XT which implemented the reboot code in BIOS. Since an PC couldn't use that key combination, no early DOS programs supported its use and it was nearly unused by the time Microsoft needed a "force a login window" key. It had been used by a few games to adjust how they worked in "turbo" mode.

'Supporting Internet Explorer is hell': Web developers identify top needs – new survey

-tim
Facepalm

Style vs Content

I don't care about design, I care about content.

So many CSS "experts" don't seem to understand they need to define things relative to character sizes and not pixels. If I zoom in to read something, everything needs to zoom in which seems to be something the chrome broke a long time ago and has just made worse with the newer versions. I use Safari because I can right click on all images and open them in a new window where I can zoom them enough to see. Lately Chome has decided I don't need that option on all images.

There is other idiocy as well like why does Atlassian have its own font and why can't they make it so it isn't fuzzy? Why can't my bank make a PDF that doesn't need the latest version of Acrobat to display? Oh they put style over contend and don't put their magic font in the file.

Google tightens the screw on 'less secure apps', will block most access from June 2020

-tim
Facepalm

Another way to suck data

Has anyone else noticed how much more data goes to google's servers once you log into one service that uses a google login?

It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font

-tim
Facepalm

Re: Out o'curiosity ...

When your font description language requires a Turing complete system to run, someone is going to play with it. Put that in the trusted part of the OS and bad things will happen.

I've thought it was odd that there hasn't been a widespread abuse of this so far. You can get most browsers to load your own fount that happens to have an O that is drawn over and over and over again in an infinite loop.

Worldwide, perpetual, irrevocable and royalty-free: Amazon's Alexa NHS contract released

-tim
Facepalm

Big Data?

Big Data by definition is the ability to de-anonymise data like this.

You take medicine A and B live in an post code area with a known pollution level. The Venn Diagram intersection of that consists of just you. Repeat for all the rest of the data and other factors. It gets even easier once you can start removing people from the data set since the birthday paradox can be used in reverse. A few trillion iterations through a large data set can keep a modern PC from sleeping for hours at a time.

Internet Society CEO: Most people don't care about the .org sell-off – and nothing short of a court order will stop it

-tim
Devil

Re: Spare a thought for the struggling Private Equity companies.....

I think they did figure out how to buy souls. Nearly every retirement fund in the world is now competing with these poor struggling Private Equity firms and many of the retirement funds are constrained in just what they can buy with their money. Two decades ago one of the larger US funds had about a billion a week (and 4 times that once a month) that was to be invested in "high tech" but there just wasn't enough shares to go around so the stock price of the tech companies went to insane levels and everyone was happy to watch the pyramid scheme until the bubble burst. A few friends noticed that at the end of their weekly investment cycle the retirement funds would buy things that weren't such a good deal but we couldn't predict which well enough to make use of it.

When the retirement funds have to start pullout cash over the next decade, I expect the Private Equity firms will be there with deals implying that the retirees have already sold their souls.

-tim
Facepalm

ROI?

A revision from my last attempt at this...

So a billion dollars for about 10 million DNS records. The operation of that database should cost about $600,000 a year (figure $.06 cost per record which is high). Put another way, about $100 for every .org domain now needs to go to pay back the investment which is about $333 per non-squater. Figure in inflation and the price of the .org domains are going to go way up.

Internet Society's Vint 'father of the 'net' Cerf dodges dot-org sell-off during public Q&A

-tim
Facepalm

ROI?

So a billion dollars for about 20 million DNS records. The operation of that database should cost about $1.2 million a year (figure $.06 cost per record which is high). Put another way, about $50 for every .org domain now needs to go to pay back the investment.

Interpol: Strong encryption helps online predators. Build backdoors

-tim
Facepalm

Infiltration?

How can you tell if your countries top law enforcement agency has been infiltrated by criminals? They want to ban encryption or allow back doors for their own evil reasons.

Oracle and Google will fight in court over Java AGAIN and this time it's going to the Supremes

-tim
Boffin

Re: SCO no!

About half of the companies that invented odd screw heads are still around. The thread standards usually came from trade groups which are also still around but became notational standards due to military pressure.

Like a BAT outta hell, Brave browser hits 1.0 with crypto-coin rewards for your fave websites

-tim
Facepalm

Who is the product again?

I see they are like most sites that have mobile phone apps and insist I go to the App store or Google play and won't provide an link to the image. Sorry, but that makes me the product. Add a link to the other device images please.

One man's mistake, missing backups and complete reboot: The tale of Europe's Galileo satellites going dark

-tim
Boffin

The lovely problem of a complex problem

One of the great issues of any GPS system is you don't know exactly where anything is at any given time. You know were it was and you can predict where it is going to be but its only a very good guess. The satellites are being tracked but there is a delay between signal tracking them and getting the info into a computer half a continent away. The weather is going to delay signals in odd ways that usually allows compensation using different frequencies but only some times. The clocks are ticking away with some very high degree of accuracy yet subject to all the oddness that relativity in a gravity well has to offer. The ground stations are busy floating on land that is cruising in different directions at a few cm a year which was considered slow and stable until better GPS systems showed drift rate can vary over the months yet maintain a rock solid annual average. Yet in all that chaos, my phone still can display a map of where it is down to a few meters. I guess this problem demonstrated just how related the chaos of all guesses can be.

Socket to the energy bill: 5-bed home with stupid number of power outlets leaves us asking... why?

-tim
Flame

Re: Seems fine to me

They used lead tubes for gas lights around here. The tube is about 1/4" or 6mm and quite heavy and surprisingly flexible. A foot long section dropped on my arm from about 6 inches would wrap around.

Google claims web search will be 10% better for English speakers – with the help of AI

-tim
Facepalm

A change in direction?

So will it get back to at least the level it was 5 years ago?

We, Wall, we, Wall, Raku: Perl creator blesses new name for version 6 of text-wrangling lingo

-tim
Boffin

It's about time

The perl 6 issue has caused much confusion and is limiting future adoption of perl.

Out of all the languages we use, perl 5 is the clear winner in dollars profit per line of code, lines of code needing changes per year and feature set per line of code. Some of the other languages have maintenance costs that are more than 4 times maintenance cost of the perl code base.

Raku has some very interesting concepts and I recommend watching one of Damian Conway's talks about its advanced features.

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

-tim
Boffin

Not all special characters worked 40 years ago

The tty drivers for the serial port would default to @ and # as line delete and backspace so [email protected] was an empty password and 123#456 was the same as just 456.

BOFH: We must... have... beer! Only... cure... for... electromagnetic fields

-tim
Facepalm

Re: Were you bugging the office I worked in 20 years ago?

"Everybody else is allowed to add single digits provided they don't do it too often and have a full set of fingers."

When I first saw Randall Munroe's "Million, Billion, Trillion" on xkcd it started me thinking about how true his hypothesis was so I've been running tests on the theory. I'm assuming the subjects are all consenting adults but I'm not going to ask them if I can play with their brains as it would bias the experiment. It turns out that most people don't understand large numbers at all and this is especially true if they happen to be a politician or board member and there seems to be an inverse relationship between understanding large numbers and how successful they are in their field of endeavor which doesn't do much to give me hope for humanity or reasonable future tax bills.

Hey, it's Google's birthday! Remember when they were the good guys?

-tim
Facepalm

Re: All Great Fortunes......

Never forget that the chief business of an advertising company is to sell ads, not to sell the clients product. The better paid the ad agency, the more distant their explanation can be to why the revenues don't match the expenditures on ads.

The Central Telegraph Office was serving spam 67 years before vikings sang about it on telly

-tim
Boffin

Re: Telegrams. In 1987 ?

Telegraphs are still used control some equipment inside expensive containment areas like matter colliders and reactor containment vessels.

The guy who created the system needed to talk to devices using one wire (as each additional wire could cost upwards of a million dollars to install), and was a amateur radio operator who knew Morse code. His idea was to use Morse code to talk to the equipment inside much like a serial port was used at the time. His boss insisted that he apply for a patent on the concept and after the patent office had correctly rejected most of the claims as being obvious, all he was left with was a patent for the telegraph just like the system used 100 years before.

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network

-tim
Boffin

Re: @carl0s

SSH can be configured to use both a key and a server based password. If your key has a password, then you might have to enter the keys password, the system password and a one time password. System passwords are an additional obstacle to a hackers when users end up putting their private key on too many systems or are otherwise negligent in protecting their keys.

Like a grotty data addict desperately jonesing for its next fix, Google just can't stop misbehaving

-tim
Coat

Searching but not finding, not understanding anyway, we're lost in this masquerade

In todays prices it would take less than $10,000 in modern hardware to do as much processing as Google was doing at the time they took over as a better search engine than Altavista.

I do miss the "near" and quoted string of words feature of Altavista. I also miss the decent part number lookup that Google used to be very good at.

GIMP open source image editor forked to fix 'problematic' name

-tim
Devil

Satan vs Santa?

The late 80s security tool Security Administrator Tool for Analyzing Networks (SATAN) came with a program called Repent that renamed it to Security Analysis Network Tool for Administrators (SANTA).

It's official: Deploying Facebook's 'Like' button on your website makes you a joint data slurper

-tim

Re: Excessive scripting

If a web page takes credit card numbers, all the javascript on the page must be audited to meet PCI-DSS requirements. It is amazing how many site owners don't seem to understand their liability.

Experts: No need to worry about Europe's navigation sats going dark for days. Also: What the hell is going on with those satellites?!

-tim
Boffin

Dodgy ephemeris?

It looks like the sats might be sending bad ephemeris. GPS systems send a pulse out like "at the sound of the tone it will be "xx:xx:xx.0000000000". They also send out rough position info on all the other sats which allows a receiver to get a rough position. Once it has a rough position, then it uses speed of light to set its clock better and use that to gauge the difference between each sat and itself. It then will use the ephemeris data to get a precise idea of where the sat is and how fast its moving. That data includes atmosphere model hints as well as calculations for orbital wobble. For those who want to play at home, they are something like 12th order 3d polar coordinate polynomials. They include factors that change the wobble because of things like the Moons gravity as well as factors for Saturn and Jupiter. If there is a problem with the wobble model or the atmosphere model, these sorts of problems will show up.

You can't say Go without Google – specifically, our little logo, Chocolate Factory insists

-tim
Coat

Re: Go away

Add real currency to the fork and you might just have a real winner.

Mines the one with the pockets full of the .00999999999 cents left over from floating point rounding

I don't know but it's been said, Amphenol plugs are made with lead

-tim
Alert

Re: "The router went dark"

You know that is ISO layer Zero. Just like the number of bits that pass after the event.

This major internet routing blunder took A WEEK to fix. Why so long? It was IPv6 – and no one really noticed

-tim
Facepalm

Noticed, reported up stream, fixed days later

We noticed. We lit up a new IPv6 link and our provider is still using 1999 BGP concepts on filters so we had to debug links without being able to see what filters they had, what routes they were accepting, a silly process that won't allow us to talk to the NOC combined with a "order" system that not only is clueless about IPv6 but crashes when it finds IPv6 addressees where it expects IPv4 ones.

RFC 7454 would imply more ISPs need to look into the "GE" and "LE" values on their BGP filter lists.

In our cases, the unused parts of our /32 were all going to Hurricane Electric San Jose. Makes be wonder if the routers are a fan of Dionne Warwick.

RIP Dyn Dynamic DNS :'( Oracle to end Dyn-asty by axing freshly gobbled services, shoving customers into its cloud

-tim
Facepalm

Re: Time to find another solution

It can be tricky finding a service that all the stupid IoT devices can talk to. Most of them don't let you configure an arbitrary providers but have to select one of limited few out of a drop down box.

Now Intel taken to US Supreme Court over retirement fund gripes: Ex-staffer demands right to sue over risks, losses

-tim
Boffin

The "high tech, high growth" fund wasn't?

When I worked for a stock market data processing company, we noticed that the total amount of periodic buys that fit a specific pattern matched some of the retirement funds exactly. i.e. we knew what the fund bought before anyone except their management team. They had a fixed formula of taking their nearly billion dollars of new funds each week and investing it in what made the most sense according to their rules and then spreading out what ever was left using some other system that might have involved a dart board or dice. We could watch the option buys where others had spotted this and were gambling on the major buys but we didn't see much evidence of the secondary buys but knowing them would have been very profitable. If a small group saw this in the data more than two decades ago, who is playing the system now? Oddly enough, IBM seemed to be the catchall stock when there wasn't anything making news.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020