El reg penguin wrangler
You'll become the driver behind the automated trolling...
Or at least, that's how I read it - I knew bombastic_bob was a Special Projects Bureau job to keep the comments lively and us viewing more ads..
Posts by Tom 38
3928 posts • joined 21 Jul 2009
Page:
Your industry needs you: Database engineers, sysadmins and developer vacancies revealed
Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers
It's National Cream Tea Day and this time we end the age-old debate once and for all: How do you eat yours?
Saturday 27th June 2020 15:29 GMT 
Re: Hmmm
Clotted cream isn't actually that difficult to make it just takes time - cook double/heavy cream for 12 hours at 70C for 12 hours, let it cool to room temperature, chill for 8+ hours in the fridge, and then separate the thick clotted cream on the top from the thin liquid (whey?) left behind. Whip it all together to blend in the crust, add some of that liquid if its too thick, homemade clotted cream.
Only problem is that's 3 days until you can have your scones, buying a tub of Rodda's is far easier :)
Smartwatches win the consumer tech sector for Q1 2020 as locked-down folk take up fight against corona-carbs
DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities
Monday 15th June 2020 16:19 GMT
Re: Age old problem.
You'd think there'd be some kind of automated dependency/security tool by now that realises that a dependency is out of date, updates it and rebuilds everything that was reliant on it (or contains an unannounced copy of it, which is far more likely!). But no.
You mean like dependabot or renovate? Combined with trivy for SAST scanning? Running on a schedule so you're aware of new vulnerabilities in existing code? No?
Docker doesn't hide things behind complexity/obscurity, its simply a tool for packaging an application as an immutable container. Once you've got this container, you can apply things like trivy to it very simply. It actually makes all this stuff a lot easier.
ZFS co-creator boots 'slave' out of OpenZFS codebase, says 'casual use' of term is 'unnecessary reference to a painful experience'
Monday 15th June 2020 11:30 GMT
Re: My first thought:
These terms don't come from the ZFS project, but from the Solr project. They have master/slave replication, but they also have a node which checks things - its called an Overseer node., which is a bit close to the bone. Changing these terms to "primary", "replica" and "monitor" doesn't change the understanding of what these roles are, but does remove racially charged terms.
Ironically, in Solr the master does far more work than the slave nodes, as it does all the document ingestion, indexing and searching, whilst the slave just copies the index from the master and does searching.
'One rule for me, another for them' is all well and good until it sinks the entire company's ability to receive emails
Microsoft unshackles WSL2 Linux kernel from Windows 10 image for future fettling via Windows Update
Logitech G915 TKL: Numpad-free mechanical keyboard clicks all the right boxes
Huawei launches UK charm offensive: We've provided 2G, 3G and 4G for 20 years, and you're worried about 5G?
Monday 8th June 2020 21:39 GMT
Re: The bigger issue is rising Chinese power
In 1898 Britain signed a treaty for a 99 year lease from China on Hong Kong
We leased New Kowloon and the New Territories, which were bits of the mainland with a good water supply. Hong Kong was never part of the lease, until negotiations in 1984 led to the UK exchanging HK island for the "rights" being "enjoyed" by HK citizens right now. It would have been very difficult to keep HK without the NT...
Hoverbikes, Hyperloops and sub-orbital hijinks: Yes, the '3rd, 4th and 5th Dimensions of Travel' are coming soon
Wednesday 3rd June 2020 14:13 GMT
Re: Meanwhile, back at the ranch...
The world record was 82mph from 1854 until the 1930s, when the Flying Scotsman and the exquisitely beautiful Mallard got it up to mid 120s mph.
Talk about a control plane... US Air Force says upcoming B-21 stealth bomber will use Kubernetes
Bite me? It's 'byte', and that acronym is Binary Interface Transfer Code Handler
Monday 1st June 2020 11:59 GMT
Re: Colour me square
As an 18 yr old, I had a summer job as an accounts clerk. One bit of it was boring as fuck, so I wrote something in Lotus 1-2-3 that did it all for me, just had to fill in the rows in the sheet each day; when the head accountant saw it, she went white as a sheet and told me to redo it all again, this time using the calculator.... (and no, not some fancy accounts calculator with a printer outputting an audit log, just a regular desk calculator)
80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds
Monday 1st June 2020 11:41 GMT
80 characters is roughly what a brain can read and comprehend both the start and end of the line. If you're blessed with really big monitors, 80 characters means you can have several files open side by side without wrapping - as a developer, nothing I write is in isolation, the more context I can have visible on screen at one time is beneficial.
One thing I've noticed on projects with no line length limits is more complex code - longer lines allow more levels of indentation before a developer is prompted "hey, this is a bit too long now, maybe refactor?".
A lot of my development is in Python, and there is a good trend to use psf/black to format your code automatically. It removes almost every single tedious discussion about code style, and everything looks the same. It has chosen a default max line length of 88; its not clear whether this was accidental or deliberate, but 88 is a white supremacist "hidden number", so I either change it to 80 or 90, depending on whether people argue for longer lines or not :)
I notice Linus is not also suggesting a change in git commit message format from 50 chars for title, 72 for comments, both of which are derived from 80 character terminals.
For the price tag, this iPad Pro keyboard better damn well be Magic: It isn't... but it's not completely useless either
Hooray! It's IT Day! Let's hear it for the lukewarm mugs of dirty water that everyone seems to like so much
Thursday 21st May 2020 15:46 GMT
Coffee is too bitter, and cannot be consumed in the quantities required for refreshment. I like a coffee occasionally, a shot of espresso or even a lungo in the morning. But to sip that swill that is filter coffee all day long like the Americans? No thanks. Similarly, I'm fat enough without adding the filth that is a Starbucks venti latte. I've always found it strange that Starbucks, a coffee company, have so many drinks that are designed to hide the flavour of the coffee.
For me, tea is a total cure-all. Hangover, queasy stomach? Nice cup of tea will make you feel better. Dehydrated? Nice big cup of tea. Cold? Big cup of tea. If you have too many coffees, you can get the jitters and not sleep all night. Too many teas, you're just flushing the loo slightly more frequently. I start each day with 3 or 4 20oz cups of tea (SportsDirect mug size, although mine is a Chewbacca mug).
DirectX comes to Linux (via WSL2): Microsoft unveils tricks needed to flash a GPU at a penguin
Thursday 21st May 2020 09:09 GMT
This means that the guest needs to be able to "speak" DX12, which is why we pulled DX12 into Linux.
Nah, still don't buy it. For AI, you need CUDA. MS didn't need to expose DX12 API to Linux in order to do that, they just needed to insert a shim between Windows GPU driver and WSL that exposes CUDA. There's no need to expose DX12 to Linux.
MS's demo used a modified tensorflow that used DX12 API to access the GPU. Tensorflow shouldn't be doing that, it should just talk CUDA. This is Extend - "oh just use our API".
Microsoft announces official Windows package manager. 'Not a package manager' users snap back
Easyjet hacked: 9 million people's data accessed plus 2,200 folks' credit card details grabbed
OnePlus to disable camera colour feature with pervy tendencies in latest flagship smartphone
TLS termination, Teams toys – and holy 5G, Batman, Microsoft buys UK network software biz Metaswitch
Beer gut-ted: As many as '70 million pints' spoiled during coronavirus pandemic must be destroyed in Britain
Sunday 17th May 2020 23:45 GMT
Re: Pasteur is turning over in his grave
We get filtered pasteurised milk these days, lasts for at least 7 days after you open it, and still tastes great - I can't tell the difference from regular pasteurised milk. We actually get the Tesco version, but they don't spend money on marketing pages, unlike Arla.
Press F2 to pay respects. New Xiaomi Poco Pro has 5G, top-drawer Snapdragon chippery, 64MP camera
Tuesday 12th May 2020 17:30 GMT
120Hz refresh rates
Is it really "all that"? The vast majority of the time you'd presumably want it off (to save battery life), does it really make that much difference in games? I don't use a 120Hz monitor for gaming on my PC, and I don't see many TVs with this as a selling point (I know there *are* some, and they're often said to be the "best for gaming").
Is it just a thing to differentiate offerings, or actually useful.
There's a world out there with a hexagon vortex over its pole packed with hydrocarbon ice crystals. That planet is Saturn
Apple owes us big time for bungled display-killing cable design in MacBook Pro kit, lawsuit claims
Friday 8th May 2020 18:21 GMT
Re: Vain bully
Presumably an SSD? There are a number of gotchas with SSDs that can lead to precipitous performance degradation (particularly write speed) due to the SSD running out of space, it might have to load blocks - remember that SSDs use 256kb blocks internally, exposed as 4kb pages - and combine multiple pages into unused parts of currently used blocks. The degradation is called SSD write amplification, and is affected by many factors.
Your hard drive doesn't even have to be "full", it could just be thinking it is running out of space; its not necessarily having 80%+ space used as visible to your OS, if you write and delete a lot of files, then you might start running out of pristine blocks for the SSD to work with, which really can lead to disastrous performance.
The firmware on the device itself can also play a part; there was an infamous firmware from (I think) OCZ, it used a fast algorithm for garbage collection when there were >50% blocks unallocated, but as soon as it went below that it absolutely killed the performance. This gave it great performance when new, but crappy performance in actual usage.
If your drive was quite full of your data (>80%), then getting a newer, larger drive probably was the right answer. Installing a large OS update, which typically deletes a lot of files and writes new ones, could easily have pushed this drive into a state where the performance was just terrible, and either a new drive, or deleting a lot of data, wiping the drive, and restoring the needed data from backup are the options. The genius probably followed the script and upsold you rather than doing the maintenance.
Whether its right or wrong that drives that say "500GB" shouldn't be filled with more than 400GB is a completely different matter - and in fact, some of the "better" brands these days are better simply because they over-provision their drives with more blocks than the others, eg they sell a 100GB drive that actually has 128GB of storage on it. Some drives allow you to configure the amount of over-provisioning to allow for this, eg enterprise drives typically use 28% over-provisioning, where as consumer devices typically do either 0% or 7%.
Now we know what the P really stands for in PwC: X-rated ads plastered over derelict corner of accountants' website
Wednesday 6th May 2020 19:26 GMT
Re: I don’t understand...
LE operates on the concept that if you can control what appears on https://foo.bar.com/, you can have a cert for foo.bar.com. Only if you want a wildcard cert do you have to be able to add a DNS record.
Wednesday 6th May 2020 14:42 GMT
Re: I don’t understand...
1: PwC create an azure site foobar.azurewebsites.net
2: PwC setup that site in their DNS: foobar.pwc.com. CNAME foobar.azurewebsites.net.
3: PwC let the azure site lapse, but leave the DNS entry
4: foobar.pwc.com now resolves to something that doesn't exist
5: Attacker scans pwc's DNS zone for azure domains that no longer resolve
6: Attacker registers foobar.azurewebsites.net for themselves and adds miscreant code - session jacking, etc
7: Because they control the website, they can register letsencrypt certs
8: Use high value, trusted domain as link farm
As I outlined in a post below, this is entirely avoidable by MS, and not the first time this has happened. Even some MS sites got jacked (iirc some windows.com subdomains).
(edit: https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover/ )
(and https://www.theregister.co.uk/2019/01/23/office_365_network_hole/ )
It's like they don't know what they're doing...
Wednesday 6th May 2020 14:32 GMT
Re: I don’t understand...
@HawkEye Pierce: you're wrong. PwC's DNS didn't point at the IP address of an azure machine, it pointed at an alias. IE, it was a CNAME rather than an A record.
a forgotten Azure subdomain that someone swooped in and re-registered for themselves.
Azure allow you to request any name under azurewebsites.net as long as it isn't already taken. If you want to hijack a domain, and they use azure, you simply look for DNS names that are aliases for azurewebsites.net names that no longer themselves exist. You then register that name with azure, and domain is then captured.
It's such an obvious and stupid security hole, and this isn't the first time that it has happened. Microsoft themselves have had websites captured in the same way. It's absolutely idiotic that MS haven't fixed it, by including something client specific in new domain names (either a name or a uuid), and refusing to generate new unadorned domain names under azurewebsites.net.
Tom Cruise to increase in stature thanks to ISS jaunt? Now that's a mission impossible
Eclipse boss claims Visual Studio Code is an open-source poseur – though he would say that, wouldn't he?
Wednesday 6th May 2020 13:49 GMT
Re: Nicely balanced article
I think IDEs appeal to different styles of users. Personally, when I work on code, I'm editing code in an editor, I'm running commands from the command line, and I want/need to understand how things operate. If I want to debug things, I will know how to invoke tests with a debugger, how to set a breakpoint and how to operate the debugger. If I want to run just these subset of tests, and to re-run failed tests when the code/test code changes, or run all tests but in 6 parallel workers, I know what I need to type on the command line.
The thing I don't want to do is move my fingers from the home keys to my mouse.
Now, I know I'm not a typical developer. They don't want to know how to operate a debugger from the command line, and they want to click the green play button to build their code.
So, I'm glad that there are options for those developers, but don't discount little old vim. I get all the code completion that you get in IDEs. I get help docs on those functions. I can jump up and down the code to method definitions. I get syntax highlighting. I get more complete refactoring tools than in vscode. I get linting and hotfixes. I get deeper git integration than in most editors. Depending on what you want, vim is as full an integrated development environment as any GUI.
NUC NUC. Who's there? It's Intel, with a pint-sized 8-core Xeon workstation
Microsoft puts dual-screen devices and Windows 10X in the too-hard basket
Xiaomi emits phone browser updates after almighty row over web activity harvested even in incognito mode
You can get a mechanical keyboard for £45. But should you? We pulled an Aukey KM-G6 out of the bargain bin
Thursday 30th April 2020 09:57 GMT
I've got an Outemu Brown based keyboard, a Drevo Tyrfing v2 tenkeyless keyboard. It was a discount from Amazon, very happy with it. Its a bit basic, but the action is pretty nice, keycaps are all replaceable and cherry compatible, switches are replaceable and it came with both a keycap and switch puller, and some replacement switches. Brown switches so I don't get murdered by my beloved during lockdown. NKRO, and you can configure how annoying the LEDs are, all the way to off. I currently have them lit blue, but going a random colour when pressed, which is quite nice.
Its not as good as the model M that it replaced, but its significantly cheaper than a Unicomp.
Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard
Where were you in drought season? Interstellar comet 2I/Borisov dumped 230 million litres of water as it whizzed through Solar System
From attacked engineers to a crypto-loving preacher with a questionable CV: Yep, it's still very much 5G silly season
Tuesday 28th April 2020 09:30 GMT
Re: Fall of empires (and civilization too?)
I think the bigger problem, assuming he does actually lose, is that he's still president for ~3 months(?) Think what damage an angry narcissistic toddler could do in three months with that power.
After that point though, he's not president according to the constitution, and I think the secret service and the military will not take orders from someone who is not president. If militias did take to the streets, I think they'd quickly find that AR-15s are good for shooting up schools of unarmed kids, not so good against the US military.
We're in a timeline where Dettol maker has to beg folks not to inject cleaning fluid into their veins. Thanks, Trump
Saturday 25th April 2020 11:52 GMT
To be frank, Boris Johnson is a twat, but he is no moron. He is extremely erudite, a competent debater, well read and informed, and very very sharp. He uses those skills to be a twat, but he does have them. To be a senior politician in most countries in the developed world, you must have these skills - if you do not, you would not reach the senior levels.
This "Boris the Buffoon" persona is an attempt to disarm his opponents, to make them underestimate him.
