* Posts by Tom 38

3928 posts • joined 21 Jul 2009

Your industry needs you: Database engineers, sysadmins and developer vacancies revealed

Tom 38 Silver badge

El reg penguin wrangler

You'll become the driver behind the automated trolling...

Or at least, that's how I read it - I knew bombastic_bob was a Special Projects Bureau job to keep the comments lively and us viewing more ads..

Hundreds of forgotten corners of mega-corp websites fall into the hands of spammers and malware slingers

Tom 38 Silver badge

This is an Azure problem

They could prevent this in so many ways, but they continually allow it to happen to their clients - it would be trivial to fix by maintaining a either a blocklist of previously issued names and/or adding a random/client derived prefix in to these hostnames.

It's National Cream Tea Day and this time we end the age-old debate once and for all: How do you eat yours?

Tom 38 Silver badge

Re: Hmmm

Clotted cream isn't actually that difficult to make it just takes time - cook double/heavy cream for 12 hours at 70C for 12 hours, let it cool to room temperature, chill for 8+ hours in the fridge, and then separate the thick clotted cream on the top from the thin liquid (whey?) left behind. Whip it all together to blend in the crust, add some of that liquid if its too thick, homemade clotted cream.

Only problem is that's 3 days until you can have your scones, buying a tub of Rodda's is far easier :)

Tom 38 Silver badge

If you don't have cream why bother making scones?

Tom 38 Silver badge

Re: There is a third option:

There's one kind of jam that goes great with meats, and that is caramelised onion jam.

Smartwatches win the consumer tech sector for Q1 2020 as locked-down folk take up fight against corona-carbs

Tom 38 Silver badge

My personal opinion: too expensive, not enough functionality. I re-took up running again during lockdown, and I don't want to run with my phone, so that rules out any device without actual GPS sensors. Think I'm going to stick to my £7 Casio F-91W

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities

Tom 38 Silver badge

Re: Age old problem.

You'd think there'd be some kind of automated dependency/security tool by now that realises that a dependency is out of date, updates it and rebuilds everything that was reliant on it (or contains an unannounced copy of it, which is far more likely!). But no.

You mean like dependabot or renovate? Combined with trivy for SAST scanning? Running on a schedule so you're aware of new vulnerabilities in existing code? No?

Docker doesn't hide things behind complexity/obscurity, its simply a tool for packaging an application as an immutable container. Once you've got this container, you can apply things like trivy to it very simply. It actually makes all this stuff a lot easier.

ZFS co-creator boots 'slave' out of OpenZFS codebase, says 'casual use' of term is 'unnecessary reference to a painful experience'

Tom 38 Silver badge

Re: My first thought:

These terms don't come from the ZFS project, but from the Solr project. They have master/slave replication, but they also have a node which checks things - its called an Overseer node., which is a bit close to the bone. Changing these terms to "primary", "replica" and "monitor" doesn't change the understanding of what these roles are, but does remove racially charged terms.

Ironically, in Solr the master does far more work than the slave nodes, as it does all the document ingestion, indexing and searching, whilst the slave just copies the index from the master and does searching.

'One rule for me, another for them' is all well and good until it sinks the entire company's ability to receive emails

Tom 38 Silver badge

At 10 Mb and costing £1,000, we thought we would never ever fill it.

That's just 28 x 360kb floppies, it's hardly inconceivable..

Microsoft unshackles WSL2 Linux kernel from Windows 10 image for future fettling via Windows Update

Tom 38 Silver badge

Re: It's not an OS

It's not an OS, it's just an optimized game playing environment that lets you email occasionally.

Even if it was just that, that is an Operating System. What runs on an Xbox is an OS. Tedious fanboyism is tedious.

Logitech G915 TKL: Numpad-free mechanical keyboard clicks all the right boxes

Tom 38 Silver badge

Re: Backlighting

My cheap TKL mechanical keyboard (Drevo Tyrfing v2 with Outemu switches, £40) has RGB LED backlights, and there is a magic key combo to press to cycle through the different options for that, one of which is just white backlights (and one is just "off").

Huawei launches UK charm offensive: We've provided 2G, 3G and 4G for 20 years, and you're worried about 5G?

Tom 38 Silver badge

Re: The bigger issue is rising Chinese power

In 1898 Britain signed a treaty for a 99 year lease from China on Hong Kong

We leased New Kowloon and the New Territories, which were bits of the mainland with a good water supply. Hong Kong was never part of the lease, until negotiations in 1984 led to the UK exchanging HK island for the "rights" being "enjoyed" by HK citizens right now. It would have been very difficult to keep HK without the NT...

Hoverbikes, Hyperloops and sub-orbital hijinks: Yes, the '3rd, 4th and 5th Dimensions of Travel' are coming soon

Tom 38 Silver badge

Re: Meanwhile, back at the ranch...

The world record was 82mph from 1854 until the 1930s, when the Flying Scotsman and the exquisitely beautiful Mallard got it up to mid 120s mph.

Talk about a control plane... US Air Force says upcoming B-21 stealth bomber will use Kubernetes

Tom 38 Silver badge

Re: I wonder

If you're doing things in k8s and writing logs to PVs (disk) in your pods, you've not quite got to grips with k8s yet.

Bite me? It's 'byte', and that acronym is Binary Interface Transfer Code Handler

Tom 38 Silver badge

Re: Colour me square

As an 18 yr old, I had a summer job as an accounts clerk. One bit of it was boring as fuck, so I wrote something in Lotus 1-2-3 that did it all for me, just had to fill in the rows in the sheet each day; when the head accountant saw it, she went white as a sheet and told me to redo it all again, this time using the calculator.... (and no, not some fancy accounts calculator with a printer outputting an audit log, just a regular desk calculator)

Tom 38 Silver badge

dessous and dessus.

One means below, one means above. Difference in pronunciation is basically the length of the final "oo" sound. Jesus wept :/

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds

Tom 38 Silver badge

80 characters is roughly what a brain can read and comprehend both the start and end of the line. If you're blessed with really big monitors, 80 characters means you can have several files open side by side without wrapping - as a developer, nothing I write is in isolation, the more context I can have visible on screen at one time is beneficial.

One thing I've noticed on projects with no line length limits is more complex code - longer lines allow more levels of indentation before a developer is prompted "hey, this is a bit too long now, maybe refactor?".

A lot of my development is in Python, and there is a good trend to use psf/black to format your code automatically. It removes almost every single tedious discussion about code style, and everything looks the same. It has chosen a default max line length of 88; its not clear whether this was accidental or deliberate, but 88 is a white supremacist "hidden number", so I either change it to 80 or 90, depending on whether people argue for longer lines or not :)

I notice Linus is not also suggesting a change in git commit message format from 50 chars for title, 72 for comments, both of which are derived from 80 character terminals.

For the price tag, this iPad Pro keyboard better damn well be Magic: It isn't... but it's not completely useless either

Tom 38 Silver badge

Re: A pokey terraced house in Middlesborough for a month

Now I want parmo :/

Hooray! It's IT Day! Let's hear it for the lukewarm mugs of dirty water that everyone seems to like so much

Tom 38 Silver badge

At our rugby club there were giant tea urns after the game, but they didn't have tea in them.

Tom 38 Silver badge

Coffee is too bitter, and cannot be consumed in the quantities required for refreshment. I like a coffee occasionally, a shot of espresso or even a lungo in the morning. But to sip that swill that is filter coffee all day long like the Americans? No thanks. Similarly, I'm fat enough without adding the filth that is a Starbucks venti latte. I've always found it strange that Starbucks, a coffee company, have so many drinks that are designed to hide the flavour of the coffee.

For me, tea is a total cure-all. Hangover, queasy stomach? Nice cup of tea will make you feel better. Dehydrated? Nice big cup of tea. Cold? Big cup of tea. If you have too many coffees, you can get the jitters and not sleep all night. Too many teas, you're just flushing the loo slightly more frequently. I start each day with 3 or 4 20oz cups of tea (SportsDirect mug size, although mine is a Chewbacca mug).

DirectX comes to Linux (via WSL2): Microsoft unveils tricks needed to flash a GPU at a penguin

Tom 38 Silver badge

This means that the guest needs to be able to "speak" DX12, which is why we pulled DX12 into Linux.

Nah, still don't buy it. For AI, you need CUDA. MS didn't need to expose DX12 API to Linux in order to do that, they just needed to insert a shim between Windows GPU driver and WSL that exposes CUDA. There's no need to expose DX12 to Linux.

MS's demo used a modified tensorflow that used DX12 API to access the GPU. Tensorflow shouldn't be doing that, it should just talk CUDA. This is Extend - "oh just use our API".

Tom 38 Silver badge

Why the fuck would you do this? So you want to expose the native GPU to linux from WSL? Absolutely fine. We need CUDA and we need OpenGL. Are there thousands of linux apps begging for DirectX support? No there are not. Why would you add this layer? (apart from the obvious: its "Extend" time)

Microsoft announces official Windows package manager. 'Not a package manager' users snap back

Tom 38 Silver badge

WinGet is a response to requests for "the ability to script what is required to setup a developer machines"

So, Ansible, but Invented Here.

Easyjet hacked: 9 million people's data accessed plus 2,200 folks' credit card details grabbed

Tom 38 Silver badge
Headmaster

Re: Highly sophisticated

... The incompetent local IT manager who was the 1st line manager before somehow getting the 2nd line managers roll ...

Was it cheese and ham? Any mayo or salad?

Tom 38 Silver badge

Other reports are saying they became aware of this in January

Its now May. What gives?

OnePlus to disable camera colour feature with pervy tendencies in latest flagship smartphone

Tom 38 Silver badge

Re: Just to stir thingas up a bit ...

X-Men: Dark Phoenix was heavily over-exposed, would the DVD of that work?

TLS termination, Teams toys – and holy 5G, Batman, Microsoft buys UK network software biz Metaswitch

Tom 38 Silver badge

SLAs

99.5% 1 day 20 hrs downtime a year

99.9% 8.5 hrs downtime a year

99.995% 26 minutes downtime a year

Important numbers to remember when your boss says "99.5% uptime sounds good enough".

Beer gut-ted: As many as '70 million pints' spoiled during coronavirus pandemic must be destroyed in Britain

Tom 38 Silver badge

Re: Neil Gaiman moved from New Zealand to Skye

I think that all the vitriol poured out on Neil Gaiman was a bit harsh - its his primary home, where he is registered to vote and pay taxes, and he just returned from the safest place in the world corona-wise.

Tom 38 Silver badge

Re: Pasteur is turning over in his grave

We get filtered pasteurised milk these days, lasts for at least 7 days after you open it, and still tastes great - I can't tell the difference from regular pasteurised milk. We actually get the Tesco version, but they don't spend money on marketing pages, unlike Arla.

Tom 38 Silver badge

Re: Unpasteurised milk

My parents live in the French Alps, in a region famed for its cheeses. In the town, there is a 24hr automated unpasteurised milk dispenser run by the local Reblochon co-operative. Costs about €0.50 for 2 litres.

Tom 38 Silver badge

Re: Milk consumption?

There's a solution for milk overproduction, I think they call it cheese.

Press F2 to pay respects. New Xiaomi Poco Pro has 5G, top-drawer Snapdragon chippery, 64MP camera

Tom 38 Silver badge

120Hz refresh rates

Is it really "all that"? The vast majority of the time you'd presumably want it off (to save battery life), does it really make that much difference in games? I don't use a 120Hz monitor for gaming on my PC, and I don't see many TVs with this as a selling point (I know there *are* some, and they're often said to be the "best for gaming").

Is it just a thing to differentiate offerings, or actually useful.

There's a world out there with a hexagon vortex over its pole packed with hydrocarbon ice crystals. That planet is Saturn

Tom 38 Silver badge

The giant hexagon-shaped storm raging atop Saturn’s North Pole is made out of frozen hydrocarbon

So this finally explains Trump's Space Force. Time for "Operation Enduring Saturnian Freedom"?

Apple owes us big time for bungled display-killing cable design in MacBook Pro kit, lawsuit claims

Tom 38 Silver badge

Re: Vain bully

Presumably an SSD? There are a number of gotchas with SSDs that can lead to precipitous performance degradation (particularly write speed) due to the SSD running out of space, it might have to load blocks - remember that SSDs use 256kb blocks internally, exposed as 4kb pages - and combine multiple pages into unused parts of currently used blocks. The degradation is called SSD write amplification, and is affected by many factors.

Your hard drive doesn't even have to be "full", it could just be thinking it is running out of space; its not necessarily having 80%+ space used as visible to your OS, if you write and delete a lot of files, then you might start running out of pristine blocks for the SSD to work with, which really can lead to disastrous performance.

The firmware on the device itself can also play a part; there was an infamous firmware from (I think) OCZ, it used a fast algorithm for garbage collection when there were >50% blocks unallocated, but as soon as it went below that it absolutely killed the performance. This gave it great performance when new, but crappy performance in actual usage.

If your drive was quite full of your data (>80%), then getting a newer, larger drive probably was the right answer. Installing a large OS update, which typically deletes a lot of files and writes new ones, could easily have pushed this drive into a state where the performance was just terrible, and either a new drive, or deleting a lot of data, wiping the drive, and restoring the needed data from backup are the options. The genius probably followed the script and upsold you rather than doing the maintenance.

Whether its right or wrong that drives that say "500GB" shouldn't be filled with more than 400GB is a completely different matter - and in fact, some of the "better" brands these days are better simply because they over-provision their drives with more blocks than the others, eg they sell a 100GB drive that actually has 128GB of storage on it. Some drives allow you to configure the amount of over-provisioning to allow for this, eg enterprise drives typically use 28% over-provisioning, where as consumer devices typically do either 0% or 7%.

Now we know what the P really stands for in PwC: X-rated ads plastered over derelict corner of accountants' website

Tom 38 Silver badge

Re: I don’t understand...

LE operates on the concept that if you can control what appears on https://foo.bar.com/, you can have a cert for foo.bar.com. Only if you want a wildcard cert do you have to be able to add a DNS record.

Tom 38 Silver badge

Re: I don’t understand...

1: PwC create an azure site foobar.azurewebsites.net

2: PwC setup that site in their DNS: foobar.pwc.com. CNAME foobar.azurewebsites.net.

3: PwC let the azure site lapse, but leave the DNS entry

4: foobar.pwc.com now resolves to something that doesn't exist

5: Attacker scans pwc's DNS zone for azure domains that no longer resolve

6: Attacker registers foobar.azurewebsites.net for themselves and adds miscreant code - session jacking, etc

7: Because they control the website, they can register letsencrypt certs

8: Use high value, trusted domain as link farm

As I outlined in a post below, this is entirely avoidable by MS, and not the first time this has happened. Even some MS sites got jacked (iirc some windows.com subdomains).

(edit: https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover/ )

(and https://www.theregister.co.uk/2019/01/23/office_365_network_hole/ )

It's like they don't know what they're doing...

Tom 38 Silver badge

Re: I don’t understand...

Is it a security hole? You betcha, you can capture domain cookies, which could lead to privilege escalation on other pwc websites.

Tom 38 Silver badge

Re: I don’t understand...

@HawkEye Pierce: you're wrong. PwC's DNS didn't point at the IP address of an azure machine, it pointed at an alias. IE, it was a CNAME rather than an A record.

a forgotten Azure subdomain that someone swooped in and re-registered for themselves.

Azure allow you to request any name under azurewebsites.net as long as it isn't already taken. If you want to hijack a domain, and they use azure, you simply look for DNS names that are aliases for azurewebsites.net names that no longer themselves exist. You then register that name with azure, and domain is then captured.

It's such an obvious and stupid security hole, and this isn't the first time that it has happened. Microsoft themselves have had websites captured in the same way. It's absolutely idiotic that MS haven't fixed it, by including something client specific in new domain names (either a name or a uuid), and refusing to generate new unadorned domain names under azurewebsites.net.

Tom Cruise to increase in stature thanks to ISS jaunt? Now that's a mission impossible

Tom 38 Silver badge

Wouldn't it be better to send someone popular?

Eclipse boss claims Visual Studio Code is an open-source poseur – though he would say that, wouldn't he?

Tom 38 Silver badge
Joke

Re: Eclipse

your Notes environment has gone to the dogs

As a Notes 4 survivor, I thought this was the default state?

Tom 38 Silver badge

Re: Nicely balanced article

I think IDEs appeal to different styles of users. Personally, when I work on code, I'm editing code in an editor, I'm running commands from the command line, and I want/need to understand how things operate. If I want to debug things, I will know how to invoke tests with a debugger, how to set a breakpoint and how to operate the debugger. If I want to run just these subset of tests, and to re-run failed tests when the code/test code changes, or run all tests but in 6 parallel workers, I know what I need to type on the command line.

The thing I don't want to do is move my fingers from the home keys to my mouse.

Now, I know I'm not a typical developer. They don't want to know how to operate a debugger from the command line, and they want to click the green play button to build their code.

So, I'm glad that there are options for those developers, but don't discount little old vim. I get all the code completion that you get in IDEs. I get help docs on those functions. I can jump up and down the code to method definitions. I get syntax highlighting. I get more complete refactoring tools than in vscode. I get linting and hotfixes. I get deeper git integration than in most editors. Depending on what you want, vim is as full an integrated development environment as any GUI.

NUC NUC. Who's there? It's Intel, with a pint-sized 8-core Xeon workstation

Tom 38 Silver badge

I run my Kodi frontend on Amazon FireTV 4k stick. Talks to tvheadend running on a linux machine in a closet, with fileshares over NFS for "other content". Works pretty good.

Microsoft puts dual-screen devices and Windows 10X in the too-hard basket

Tom 38 Silver badge

Bluetooth

Can't believe Bluetooth has got to version 5.2 and no-one's thought to make it a profile that works on a headset without making the audio sound like arse.

Xiaomi emits phone browser updates after almighty row over web activity harvested even in incognito mode

Tom 38 Silver badge

Re: Which peice of shit software developer...

"Private browsing" isn't remotely private, its just a throwaway session, cache and cookie jar.

You can get a mechanical keyboard for £45. But should you? We pulled an Aukey KM-G6 out of the bargain bin

Tom 38 Silver badge

I've got an Outemu Brown based keyboard, a Drevo Tyrfing v2 tenkeyless keyboard. It was a discount from Amazon, very happy with it. Its a bit basic, but the action is pretty nice, keycaps are all replaceable and cherry compatible, switches are replaceable and it came with both a keycap and switch puller, and some replacement switches. Brown switches so I don't get murdered by my beloved during lockdown. NKRO, and you can configure how annoying the LEDs are, all the way to off. I currently have them lit blue, but going a random colour when pressed, which is quite nice.

Its not as good as the model M that it replaced, but its significantly cheaper than a Unicomp.

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard

Tom 38 Silver badge

Re: Massive invasion of privacy

It doesn't seem to matter who you vote for. These monsters are the 49 Labour, 26 Liberal Democrat, 8 Green and 1 Independent councillors of Sheffield City Council.

Where were you in drought season? Interstellar comet 2I/Borisov dumped 230 million litres of water as it whizzed through Solar System

Tom 38 Silver badge

0.1 Bathtubs/second

But is that African or European?

From attacked engineers to a crypto-loving preacher with a questionable CV: Yep, it's still very much 5G silly season

Tom 38 Silver badge

Re: 5C 5G Coincidence?

Not only that, but there are 5 letters in Gates! Open your eyes people!

Tom 38 Silver badge

Re: Fall of empires (and civilization too?)

I think the bigger problem, assuming he does actually lose, is that he's still president for ~3 months(?) Think what damage an angry narcissistic toddler could do in three months with that power.

After that point though, he's not president according to the constitution, and I think the secret service and the military will not take orders from someone who is not president. If militias did take to the streets, I think they'd quickly find that AR-15s are good for shooting up schools of unarmed kids, not so good against the US military.

We're in a timeline where Dettol maker has to beg folks not to inject cleaning fluid into their veins. Thanks, Trump

Tom 38 Silver badge

To be frank, Boris Johnson is a twat, but he is no moron. He is extremely erudite, a competent debater, well read and informed, and very very sharp. He uses those skills to be a twat, but he does have them. To be a senior politician in most countries in the developed world, you must have these skills - if you do not, you would not reach the senior levels.

This "Boris the Buffoon" persona is an attempt to disarm his opponents, to make them underestimate him.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020