Posts by John Klos 65 publicly visible posts • joined 31 Oct 2009
There's a nice Calvin and Hobbes (not original) cartoon making the rounds that says:
"DEI initiatives were not put in place to ensure lower-qualified minorities could get hired instead of more highly qualified whote people. It was put in place to ensure lower-qualified white people were not hired instead of more highly-qualified minorities."
Completely reasonable and fair.
When people nowadays talk about how certain things won't or can't be successful unless they please some corporate entity, a wonderful example to consider is TCP/IP. Imagine if instead of TCP/IP, we had standardized on what corporations had to offer.
Imagine if Novell tried to make Netware work planet-wide. What would that look like? Who would pay for it? How many people would have full time jobs doing nothing but babysitting it? How much would humankind suffer as a result?
Then I remind people that if corporations had their way, we'd be locked in to their services and would need to pay them for those services in perpetuity. It's neither fun to imagine, nor is it practical. Look at how many services Google stopped supporting because of "profit", even when tons of people still wanted to use them. Profit is a very wasteful determinant for whether something is worth running.
It's also a good reminder that we need to be vigilant about companies that are trying to lock us in now. Cloudflare, for instance, wants to recentralize the Internet around them, a for-profit corporation in the Untied States, so we'll be "protected" from the very scammers and DDoS actors that they protect.
Let's learn from the successes of the past and not get tied in to proprietary things and corporate lock-in!
There are two common ways to deal with the lack of floating point hardware. One is to compile the OS and software with software floating point routines. The other is to use traps which are called when floating point instructions are run which emulate the floating point instructions as though you have a real FPU.
The first is faster and more efficient for systems without FPUs, but even if those routines automatically use floating point hardware if it exists, the routines create a lot of overhead.
The second is usually the default, but the instruction emulation traps have a lot of overhead - for every single floating point instruction, you need to do a context switch, which is expensive.
Since a vast majority of the computers used in the world have floating point hardware, the second is usually the default. There was even a recent discussion about this for NetBSD running m68k.
There's a third way, which is to patch binaries as they're loaded and/or run to do an exception when a floating point instruction is run, but then also replace that instruction with a call to a software floating point routine. This is what can be done on AmigaOS with instructions that aren't available on the m68060 and are emulated. It might be worth considering something like that for NetBSD, although modifying running code in a protected memory OS is hardly trivial.
Microsoft is SO GOOD at reinventing a thing, poorly, with long term security issues. I don't know that professional programmers with that goal could make those kinds of problems on purpose.
It's good to see that they're capable, finally, of admitting when something is shitty. For how many decades did people have to endure macro viruses in documents JUST IN CASE someone might use macros and wouldn't want others to have to answer a prompt or something.
I have a stock Amiga 3000: 25 MHz m68030 & m68882, 16 megs of memory, built in ECS and SCSI, plus a Zorro ethernet card. I love that I can still run a modern OS on it, with working TLS, and I can browse web sites, even this one, at least as well as some Internet appliances. I can work on common document types, ssh, write shell scripts, print (!), find modern programs and play games, all on hardware that is functionally the same as what someone could buy in 1990.
Another Amiga I have is an Amiga 4000 with a 66 MHz m68060 and a fast SSD on UW-SCSI. It's so responsive that the only contemporary machines that feel so quick are Arm-based Macs.
This kind of OS, this kind of culture, this kind of ecosystem has a reason to exist. Many people haven't had a chance to play with these machines, so I really think more people would get it if they had a chance to sit down and do real things.
So updates for m68k AmigaOS in 2025? It doesn't surprise me, because it's so damned good. It does make me happy, though :)
We, at least readers of El Reg, aren't going to be fooled in to thinking that Cloudflare is this wonderfully clever company that can do all the things they're doing yet are somehow clueless and inept when it comes to this issue. They know exactly what they're doing.
They keep going down the same path with no signs of changing course. For instance, they don't want people to report abuse, so they stopped processing abuse complaints sent to abuse at cloudflare.com and send an auto-reply that says to use their web interface. Their abuse reporting web page has gotten worse and worse, and will likely continue to degrade. Do they really not have the technical acumen to fix things? Really?
For instance, the fields on the abuse reporting page only allow a certain number of characters. If you paste too many, you're stopped from adding more, but you can't submit the form and you're not told why. You have to know to remove a 100 characters or so from the abuse evidence field, as if that's supposed to be obvious. We wouldn't want to overload their poor servers!
They've added a CAPTCHA to the abuse site. Apparently poor Cloudflare's web server that handles abuse complaints is just too fragile to work without it? Or do they simply not want to hear from people they decide are undesirables?
They added a time limit which is greater than the amount of time a reasonable human can copy and paste a second abuse report. There's no reason in the world to do this aside from wanting to make reporting abuse as arduous as possible.
Their abuse staff are either playing stupid or are actually incompetent. Some phishing sites show an error when you use certain browsers, but not others. But try to tell Cloudflare this in response to their "we see no evidence", and they just keep replying with the same form response.
Are they REALLY this incompetent? Or are they evil, and want to recentralize the Internet around them, and want to protect the scammers they host? You decide.
I simply don't believe you and think you've believed the marketing hype from Cloudflare. Let's look at what you wrote:
"stopping the multitude of DDOS bot attacks"
Bots are ubiquitous on the Internet. Stopping bots, though, isn't something that should be an afterthought - that is, you shouldn't need Cloudflare to do it, even though it's nice to have fewer bots actually connecting to your servers. A server that can't stand up to bots on the Internet does not deserve to be on the Internet.
Does "DDoS" actually mean what you think it means? That's where the disconnect is. You're almost certainly not getting a proper DDoS attack. You're just getting "attacked" by lots of bots. That's not the same as a DDoS attack. Please look it up if you're still unsure.
Please don't be an apologist for Cloudflare on a technical site by implying that your site wouldn't be online if you didn't use Cloudflare. It's disingenuous.
With their comically bad approach to security - security through stupidity, I call it - I'm surprised that anyone still buys SonicWall.
From EOL'ing devices that are literally identical hardware to new devices, to charging for security updates even when still in warranty, to having tech support that tells us nonsense such as how we can't have arbitrarily long TCP connection timeouts because all TCP connections must expire quickly (let's assume we're not talking about past 2038 and just talking about connections that could live multiple days or weeks), about how ALL computers connected directly to the Internet will be compromised without firewalls, about how forging RST between machines communicating across local subnets is a FEATURE, is good and "improves security", about how VPNs are "complex" and SonicWall-to-SonicWall connections that don't work consistently is a "normal and expected" problem...
I have quotes saved from SonicWall support about all these things. They must be really good at marketing.
The good thing is that this didn't affect people. First, a brand new capacitor is likely to form at least OK, if not well, from a reversed polarity, as opposed to a properly used capacitor that's then introduced to the opposite polarity. Second, this just acts to clean the voltage from the power supply, so it's strictly not needed. Third, Macs of that age don't need negative voltage for anything important, so long as the expansion card doesn't need it. Sound works, as does RS-422 and LocalTalk, although it's possible there are machines / devices to which serial can be connected that wouldn't be happy with the lack of proper negative voltage.
I have quite a few 68030 and 68040 Macs that I've built in to various cases, and none need negative voltage, although it's really not hard to add in most instances.
The people who claim the sky is falling are usually the ones who erroneously claim that the intention of IPv6 is to replace IPv4. No reasonable person ever said that IPv4 needs to be or will be replaced. IPv4 isn't going to be turned off. Rather, IPv6 is obviously needed for, for instance, cellular carriers that might have tens of millions of customers and perhaps hundreds of thousands of IPv4 addresses.
The idea of IPv6 is that it makes connectivity better. Connecting to the Internet via NAT means extra work and complexity, because each NAT session has to be tracked for its entire lifetime. When you have NAT routers, whether home devices or fancy, expensive CG-NAT devices, that have too many sessions active at one time, the oldest NAT sessions (usually) get dropped before the session has come to its natural end. We can see this with, for example, AT&T fiber routers that have a NAT & firewall state table that's 8192 entries large. This is in 2024! This is how many NAT states you can get even if you get 10 gigabit service and have a hundred devices behind it. It's ridiculous.
Fancy, high end, ISP scale CG-NAT has limitations, too. Sure, devices have enough memory to keep track of millions of NAT state entries, but you can only have 2^16 (65536) possible active NAT sessions per IP address. Large CG-NAT deployments also have artificially low state timeouts, as anyone who uses Starlink can tell you.
The point is that if IPv6 were ubiquitously available, your cell phone would connect via IPv6, and everything would be golden. Older devices and connections to legacy sites / services that aren't yet on IPv6 would still work, and we would simply be using NAT only when necessary, and certainly not for a majority of traffic.
That's it. The sky isn't falling. Nobody is taking IPv4 away. Thank you for coming to my TED talk.
You're not wrong, but that's not the point I was making.
gcc 10 can compile gcc 11, gcc 12, gcc 13. It's quite normal to have a toolchain in use from several years ago that's still relevant and useful now.
rust from a year ago can't compile Firefox. rust from a year ago can't be used to bootstrap rust from now. So if you have a modern system that was 100% up to date a year ago, you have to - no exaggeration - compile newer but not new rust, which then you use to compile even newer rust, which you can then use to compile Firefox.
Sure, everyone downloads binaries, but that's not the point.
It's not sustainable to imagine finding a specific version of rust from a specific part of a specific year if you want to compile a certain version of a package like Firefox. It reminds me too much of how every IT person used to have an old laptop around to run a specific version of Java, along with some older Internet Explorer, because Java breaks too many things, and our "write once, run anywhere" promise was more like, "if you want to configure your fibre channel switch, you'll never try to use a JRE newer than X".
Are they implying that the people who packaged the OS are at fault, since tmpfiles.d shouldn't have entries for things that aren't, you know, temporary files, like one's home? Or are they reminding us that life is fleeting and that nothing is really ever permanent?
By their logic, it wouldn't be unexpected if running "rm" with no options removes everything in the current directory... Not sure I like that thinking.
Microsoft can't stop a network of spammers / scammers from sending phishing spam from Outlook.com claiming it's from MAILER-DAEMON. Does anyone seriously think they have the wherewithal to identify malware when they're deathly afraid to do the slightest thing that might affect the status quo?
One thing SonicWall is known for (besides horrible devices, insane defaults and employees that don't know anything about networking) is that EVERYTHING costs money. If you're not paying for constant support for your devices, you don't get updates. Even if you do pay, you don't always get updates if your equipment is "too old", even when the hardware is literally the exact same guts as the "new" device - you're told you must buy the new device.
SonicWall is a bad, scammy company. Anyone who runs in to issues with their SonicWall devices should be encouraged to get better devices.
Damn, this is telling. Consider the fact that the costs would obviously be much, much less than what any other non-Microsoft owned company would pay.
It makes me think of when Google cloud "showed off" their cloud's prowess by calculating 100 trillion digits of π using their "high performance" cloud offerings. They, conveniently, never mentioned price once. I roughly calculated that I could buy all the hardware I'd need (high end Epyc hardware, 1/2 petabyte of storage), pay for an expensive hotel for three months, run the calculations, pay myself handsomely, then keep the hardware when I'm done, and it'd still have been significantly cheaper than if a customer had to pay Google for what they ran.
If Linkedin can't use Azure at steeply discounted / possibly free pricing, then what does that say to anyone else considering using Azure?
They want to recentralize the Internet around them.
They want to host and say they don't host, so they don't have to handle abuse, by redefining the word, "host".
They want to host known spammers and scammers because "free speech".
They want people all over the world to send their DNS queries to them via DoH.
They want to marginalize most of the non-western world by having CAPTCHAs on every web site.
And so on.
They try to distract from their nefarious activities using tons of seemingly positive things, like cheerful participation on Hacker News and by offering free services (which do little more than begin the process of addiction and dependency).
I'm glad they're this dumb that they have outage after outage that show how the Internet is worse for using Cloudflare, because if they worked perfectly, many people would never know.
WTAF? The driver takes off, finds a cat in the back, and just ejects it in some random spot? That driver should be criminally charged.
The fact that we humans treat animals as property and not as things that have a right to exist and not suffer says something about our value system, and it's not good at all.
Notice the phrasing: "SIGINT enabled CPU". This doesn't necessarily mean that Cavium directly participated. It could just as easily be explained by Cavium implementing something incorrectly, or implementing the wrong thing (Dual_EC_DRBG), and the NSA had confirmed that anything using those built-in CPU features is exploitable by them.
I created a new email account when I stayed at an MGM-owned hotel. I started getting spam at that email address, including some that had personal information that only could've come from MGM's room booking servers. I tried contacting them about it. Did they care? No. Did they send inane copied-and-pasted paragraphs of irrelevant distractions such as suggesting things that show their ignorance and such as how to remove malware? Yes.
Did I report them to my state's Attorney General's office for not disclosing a breach? You bet I did.
They want to help people move from an old, solid and established language to a something that'll likely get stuck on specific version of a JVM that can't be updated any more five years from now and will require a dedicated machine for fear of toppling the whole fragile edifice... so they can get more hands on the code.
That seems like lighting the house on fire to get rid of the rodents.
I can't imagine a meeting where people who work at a motherboard company discuss doing something this dumb, then decide it's a good idea and plan to do it, then a team of programmers get tasked to write the code, all the while not a single person points out how ridiculously insecure this whole thing will be.
Are people really that dumb? Spiteful? Evil? I really don't know any more!
For ages they've benefitted by people not making any sort of distinction, and therefore assuming Intel. For instance, since the late '80s, any book or course teaching assembly language never specified the architecture, because OF COURSE it was x86.
An example is that "x64" isn't a real thing - the "x" is supposed to mean it's a placeholder, and there are no 80164 / 80264 / 80364 / 80464, et cetera, processors. But if Microsoft / Intel can make most people who see "64 bit" in relation to a processor assume it's referring to amd64 / x86_64, then that'll make them happy.
Intel knows ARM is a serious, real threat, so if they can co-opt the word "processor", they will. They want people to be confused when they hear "ARM processor".
The "campaign to have the company deny service to the forum" certainly wasn't why Cloudflare stopped hosting Kiwi Farms, or at least not directly. They stopped because of how many people in tech decided that Cloudflare's inaction was unacceptable and decided it wasn't a good look to be a Cloudflare customer. The campaign helped make more people aware, though.
The number of people and companies switching to other services probably scared the poop out of CEO Matthew Prince and and VP Alissa Starzak. That's the reason why Cloudflare dropped Kiwi Farms.
Now Cloudflare acts like they're the victims, using words like "censorship" to get people riled up. Really, they should stop pretending that free speech includes illegal stuff, and that "illegal" is only defined as that activity which is so bad that a jury must be convened and an indictment filed. Anything less than that, according to Cloudflare, should be not only allowed, but protected (and made in to profit, of course).
Web developers and end users typically don't know much about security. They add plugins without having any way to know how to compare long term maintenance with short term convenience.
As a systems administrator who hosts quite a number of Wordpress instances, I have to say it's a HUGE problem that plugins can't easily be disabled from the perspective of the server without taking the chance of breaking the whole site. This is rather stupid and makes any long-term Wordpress site on the Internet very problematic.
What really needs to happen is that sites need to be able to run even if a plugin is removed / disabled / deleted, and systems administrators need to be able to do this when bad plugins are being exploited. This is because we can't expect web developers and end users to know to log in and disable them themselves.
Because this isn't the case, I've somewhat often had to disable (chmod 0) plugin files that cause a site to stop working, then let the client figure it out. Emailing them to tell them to fix it ASAP doesn't work (although I do this all the time, anyway), because security is an abstract thing they don't understand until it's already too late. So I email them, then break their web sites, then let them scramble to fix it.
It's really, really stupid, and in my mind it's yet another example of how Wordpress wants to coerce everyone to move to wordpress.com because almost all other installations will either break or become insecure if unmaintained.
OVH is a veritable cesspool. They calculatingly intermix legitimate clients with spammers, scanners and spammers, and they ignore abuse complaints. They know exactly what they're doing.
Paulin wants "open" because he doesn't want Google and Amazon to have a monopoly on hosting scammers.
To paraphrase Jim Samuels (fortune), Intel is like the guy at the party who gives cocaine to everybody and still nobody likes him.
They have their one hit wonder, the x86, and they've shown time and time again that even after throwing money at everything, they're really not innovators. They're scared now because their cash cow has become sickly because of neglect, so we see stuff like this.
It wasn't very long ago that Samsung inadvertently bricked huge numbers of Blu-Ray players due to the most basic of bugs in an XML parser:
https://www.theregister.com/2020/07/18/samsung_bluray_mass_dieoff_explained/
Samsung's ineptitude is why I tell people who buy Samsung TVs to simply use them as displays. Get a Roku or Apple TV, and don't connect the Samsung at all. Problem solved!
I've been telling people about this for years - once our address books are out in the open, then we're going to start seeing robocalls with spoofed caller ID which uses the numbers of people we know and expect to hear from.
The shitstorm has already begun.
Updated IPMI and BIOS on a Supermicro system. IPMI took more than 45 minutes. BIOS had to be updated twice because system wasn't in "manufacturing mode". All BIOS settings had to be manually reset.
Supermicro didn't announce updates, nor did they say whether these updates correct the known Intel ME problems, but considering that there are many BIOS updates for many models of Supermicro motherboards, all dated sometime in October, I wouldn't be surprised if they do a "fix first, announce later" kind of thing.
This was a test to see how long updates for other Supermicro systems will take, and the results are pitiful.
Let's hope this was the official fix and I don't have to spend another hour or two to upgrade later.
"See, we don't understand portability, so we're just going to go with what it says on the side of the box. And because we've been buying Windows and Linux kit, the sides of the boxes say Windows and Linux," Ron van Kemenade said. "They don't say Mainframe."
He followed up by saying mainframes aren't in the mainstream, even though "main" is right in the name. "They're not keeping up with buzzwords. When was the last time you read a tweet or a Facebook post about mainframes? We need computers that are buzzword compliant. We need computers that are part of the zeitgeist, not relics of another time. Plus, these old mainframes have had so few problems, we just know that something is going to go wrong in a big way soon. It has to. That's how computers work."
Because .xyz domains are cheap / almost free / free, tons of spammers have set up thousands of domains expressly for spamming. All the mail servers I administer don't and won't accept email from any email server which uses .xyz, .science or .top TLDs in their hostnames because of this.
When a company is in a mad rush to get as much money as possible like this, bad things happen. I doubt .xyz will ever be considered a legitimate and respected TLD.
...and is happy to install crappy Java, it seems.
The review mentions an Android app but doesn't say clearly whether there is or isn't an iOS app. Also, aren't we (meaning systems administrators) abundantly aware of the insecurities of Java?
While it's been ages since I've bought Dell hardware, I would like to know if new systems are configurable using NON-Windows, NON-proprietary Java.
Just using BSD's command line factor, within a second (on a VAX, nonetheless) one already gets two factors:
factor 143319364394905942617148968085785991039146683740268996579566827015580969124702493833109074343879894586653465192222251909074832038151585448034731101690454685781999248641772509287801359980318348021809541131200479989220793925941518568143721972993251823166164933334796625008174851430377966394594186901123322297453
143319364394905942617148968085785991039146683740268996579566827015580969124702493833109074343879894586653465192222251909074832038151585448034731101690454685781999248641772509287801359980318348021809541131200479989220793925941518568143721972993251823166164933334796625008174851430377966394594186901123322297453: 271 13597
Nobody should ever take something like this on faith, unless the source is well known and in direct contact via secure communications. Even if you don't know how to set up the software to factor larger numbers, some sanity checking really isn't hard. It took me longer to copy and paste than the actual test took.
The quality of Digital hardware is best. I have several VAXstations running 24/7 which have had no problems aside from the occasional dead battery backed clock.
Sun hardware, though, has been disappointing. Older SPARCstations have died over time, an Ultra 5 had to give its life to make parts for an Ultra 10... The hardware was good, but not great.
SGI falls in the same category. The old Indy systems look nice, but they've become flakier and flakier and probably need to have their capacitors replaced.
Old m68k Macs are good, but definitely need recapping. Second generation (PCI) PowerPC Macs are excellent - I have one that has been running non-stop as a full time server for more than a decade.
Amigas are also pretty hardy, also needing little more than replacement capacitors or a better power supply. My personal Amiga 1200 which is running as a server (http://lilith.ziaspace.com/) celebrated its 20th birthday last year :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
