* Posts by TonyHoyle

354 publicly visible posts • joined 22 Mar 2010


Three signs that Wayland is becoming the favored way to get a GUI on Linux


Windows isn't a good example as it's implementation is stupid.. there are about 3 of them that yield different results, and they have to be be implemented by the apps.. a proper dpi scaler would be done at the OS layer not forcing apps to implement it.

The result is that some apps do it right, some half do it, and some not at all. If you're developing and you pull in a library it may or may not be hidpi compatible and even if it is it might use a different method so not be in sync with your app, leading to bug reports and annoyances for users.

A better example is mobile where the UI system was written to scale from the ground up and you largely don't have to think about it.

Core-JS chief complains open source is broken, no one will pay for it


Re: Read this yesterday

To a manager free = worthless. I had to learn that the hard way when I was younger. Used to do free work for charities.. Literally had one suddenly blank me and say they were going to 'hire a professional'. Like lady, this is my day job, you should have been paying about £1k a day for that work.

These days I've no problem submitting bug fixes for OSS projects but beyond that, cash or GTFO.

I really do sympathise with the guy, but he needs to walk away and start making some real money.. he doesn't owe those companies anything. So it'll break? That's on them.

Smart ovens do really dumb stuff to check for Wi-Fi


Re: "Smart TVs" just as bad

I installed an IOT alarm add-on board.. basically just an.overpriced esp32 board with some voltage conversion.. I'd naively thought it would be more than that.

When I looked at DNS logging some time later it was responsible for over 70% of the DNS queries for the entire house. There were bursts of it asking for the same website address multiple times per second.

Of course the onboard software was completely proprietary and couldn't easily be updated, so that ended up.in waste.


If it's like our air fryer it's to remind you to unplug it. It does the same thing.. beeps about once every 5 minutes until switched off, whether there's food in it or not.

Crazy decision by the manufacturer as it has a perfectly serviceable off button and has WiFi connectivity that is supposed to let you switch it on remotely - which is obviously impossible as it's kept unplugged..

A brand new Linux DRM display driver – for a 1992 computer


Re: Good.

These days there are ROM and SD card loaders for almost everything, or you can drop a gotek in for floppy emulation. The files were so small by comparison to today's storage you can easily have an SD with everything ever released.


Re: Good.

The ST was made to a budget and it's sound and graphics were on a par with previous 8 bit machines (the ST had a high resolution monochrome option but that locked out all the other modes and the monitor was expensive).

What it had going for it was the 68000 and GEM (which for the time was pretty cutting edge). And it was cheap - hence it was an ST not an Amiga under the tree that year

The STE and later Falcon fixed a lot of the issues by adding more colours, a blitter and better sound.. but it was too late, because by the time they appeared they were competing directly with the now lower priced Amiga.

Good news: Japanese boffins 3D print what looks like marbled Wagyu beef. Bad news: It's tiny and inedible


Re: Science Ahoy

Indeed there doesn't seem to be much progress except in price.. when I first heard of it it was $1m an ounce.. now it's somewhat cheaper.. but they still haven't made anything close to a single edible joint of meat.

We're a million miles away from a commercial process that can produce thousands of tonnes of the stuff for very little money with a low carbon footprint (which is surely the point).

ZX Spectrum reboot promising – steady now – 28MHz of sizzling Speccy speed now boasts improved Wi-Fi


Re: i've chipped in

It's not emulation.. it's a real spectrum designed by Rick Dickinson, the designer of the original Spectrum.

You can plug spectrum hardware in there, like an interface 1, and it'll work.

If an FPGA is defined as emulation, then the original spectrum was one too as it had a ULA at its heart (and the +2, +3 various different gate arrays). The only difference is the modern chips are programmable.

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal


Re: And what about the people ...

The government is setting up a separate system for those without smartphones - NHS 119 - although how calling a number is going to manage contact tracing I've no idea.. but I guess calling it if you have symptoms allows them to track the spread.

5G signals won't make men infertile, sighs UK ad watchdog as it bans bonkers scary poster


I used to volunteer for a festival. The noise complaints would start coming in during the build week, before there was anything on site capable of making said noise.

The D in Systemd is for Directories: Poettering says his creation will phone /home in future


Re: I must be an edge case

An amusing thought is if they require login to decrypt the user directory then systemd user services are fubar.. and they're even semi useful for some things. So lennart is breaking his own stuff.


Re: SSH NOT a problem

Stick it in LDAP and have SSSD pick it up. It's as secure as your LDAP/Kerberos installation.

As long as there's fibre somewhere along the line, High Court judge reckons it's fine to flog it as 'fibre' broadband


56k Dialup can now be sold as fibre broadband, So can my mobile phone contract.

It's hard to get any kind of connectivity without fibre being involved somewhere.

Prince Harry takes a stand against poverty, injustice, inequality? Er, no, Fortnite


Re: Thanks Harry

Funny thing about that is scaled up it's basically how the EU presidency works..

We were in line to be the 'executive officer of the week' but decided to brexit instead :p

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate


Re: Oops

I tend to find companies with that mindset are complete shitshows.. they waste more money trying to be cheap than they ever save.

Then they go bust when all their cheap stuff breaks, and they're surprised.

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits


So either:

The third party suppliers, large enough to supply a company the size of O2 with significant infrastructure, doesn't roll out new updates to a test network first and doesn't have a rollback procedure in the case of emergency, in which case O2 picked an incompetent supplier.

Or O2 doesn't have the above (and they should, even if the supplier already does it.. you never trust new builds until you've validated them internally), and they're incompetent.

Well, this makes scents: Kotlin code quality smells better than Java


It's a better programming language overall. Developed by Jetbrains who know what programmers want out of a language (they also developed the IDE for it). It supports multiple programming styles & the community has built up around it like that.. for example if you're into functional programming, go for it, if you prefer OO, that's fine too.

OTOH it provides you with more than enough tools to shoot yourself in the foot with both barrels, reload then fire again. Which I predict plenty of people will do once it gets more popular.

ICANN't get no respect: Europe throws Whois privacy plan in the trash


Re: Local Expertise

Nominet simply don't list the address any more, just a statement that the address that they have on file is accurate.

This is all that's needed. GDPR allows sharing data for legal purposes so there's no loss to law enforcement, just spammers/domain harvesters.

Interestingly the RIPE database still contains this information, the argument I think being that the contacts for network blocks tend to be engineers in charge of them not individuals (plus they've implemented a right to have the data removed).

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient


It's clear from the information shown so far that these IOT locks aren't compatible at all with multipoint lock systems. Which means to install one you'd basically have to replace the door - to get worse security.


Re: Lock makers that you can trust?

This lock isn't compatible with modern doors like that - only old style wooden doors.

Not that this is likely to be a problem because google don't sell it in the UK or even appear to have any plans to (something that the register completely forgot to mention for some reason).

23,000 HTTPS certs will be axed in next 24 hours after private keys leak



Trustico execute commands typed into a URL as root.

The incompetence knows no bounds.

With any luck their currently down site will stay down permanently.

Nest's slick IoT burglar alarm catches crooks... while it eyes your wallet


Re: Nest's smartphone app really is the best

You'd be surprised - the alarm I ripped out when it broke is still a current model, was 3 years old when I disposed of it.

Not an IC on it.. all transistor based, so it was about 5 times the size it should be about 12" by 8".. I doubt the design has changed since the 1980s.

Replaced with an ESP8266 that does the same job in a 1.5 inch square piece of silicon (and gives me wireless status as well plus remote arming if I'm in wifi range).


Wait.. no connection to a siren? WTF is the point in an alarm you can only hear from *inside* the house?

I presume it has battery backup just not mentioned. It's trivial to add and would be bloody stupid without it..

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years


Re: here's a vendor which is not vulnerable to either attack

It does that by not supporting speculative branching at all.

So it's merely too crap to run spectre..

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign


Re: List of CPUs affected?

Presently it's assumed to be all intel CPUs, with newer ones (<2 years) having extra instructions that drop the hit on benchmarks to 'only' 30%.

Windows 7 is on extended support, so should get a patch, but that's up to microsoft.

Next-gen telco protocol Diameter has last-gen security – researchers


Re: Diameter

Technically it wasn't designed 'these days'. Diameter (RFC3588) dates from 2003. Which probably makes it dangerously modern by telco standards..

The UK's super duper 1,000mph car is being tested in Cornwall


Strap a couple of SRBs to the corolla and point it directly upwards. It'll easily get to 1000mph then shortly do the same journey in reverse.

Knock, knock? Oh, no one there? No problem, Amazon will let itself in via your IoT smart lock


Re: What could possibly go wrong?

The much simpler solution of a box with a lock for which the amazon bloke has the key (or combination) doesn't seem to have been considered.

But that wouldn't net amazon 250 quid plus 20 quid a month subscription fees.

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto


Yes you can theoretically mitigate it on the AP - it effectively turns into a DoS on the client, which is in many cases preferable to leaking information.

Aruba are the first I've heard to actually implement this if so (Unifi only fixed client mode).


Unless your ubiquiti hardware is a client you did nothing.

This is a client side vulnerability not AP side, and there's little that can be done on the AP to detect it (and unifi have said they currently aren't tackling that.

Too many people are installing AP updates and thing they've fixed it. Nope. You need to update every wireless client.

Equifax mega-leak: Security wonks smack firm over breach notification plan


Well considering one was the CFO and one was the 'president of U.S. information solutions' the idea that neither of them knew of a significant data breach days after it happened is farcical.

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone


Re: Can't even be arsed to use an Equifax cert?

Also they failed to defensively register






As a result they've all been registered by a mixture of people having fun and miscreants stealing data.

Firmware update blunder bricks hundreds of home 'smart' locks


They're probably hardened against that, being $800 locks.

It's like being able to open padlocks with bits of beercan or pick locks in about 10 seconds flat (I've seen an electric lockpick in action.. 10 seconds is an outlier - it's probably quicker than using the key..). A *lot* of locks are just security theatre, but most burglars don't know that, and of those that do, they'll go after the easy ones rather than the hard ones, so all you have to do is make sure you don't get your lock from the bargain bin like your neighbour did and you're probably safe


I lost count of the number of companies that would publish an email support address that would just autorespond with a phone number. I don't get the mentality.. To badly misquote yoda.. have an email or don't, there is no middle ground.


Given the price I'm at a loss why it didn't have backup firmware and switch to that when the update failed. The kind of thing that has been standard in consumer upgradable devices for years.

But that would have cost them 10p, and required them to give a shit.

Blighty bloke: PC World lost my Mac Mini – and trolled my blog!


I'm not sure their reservation system actually does anything.

For various reasons I needed an extra hard drive caddy.. could have got it next day from amazon but this couldn't wait, so I did a 'reserve' on the PC World website and set off up there... so arrived maybe half an hour later. It's a £10 fairly common item.. should be easy, right?

They had the reservation on their system, sure, but it took the staff completely by surprise that anyone would actually want to pick one up - it took multiple staff hunting around the back of the store.. I was stood at the till for another half an hour before they turned up with the caddy. I would have walked out, but needed the damned thing.

In my head a reservation would mean that a little thing would pop up and a minion would go to the right place in the stock room (catalogued.. if your'e searching for stock you're doing it wrong) and put it behind the till.. 2-3 minutes tops. That's clearly not what happens..

US ATM fraud surges despite EMV


Re: Speed

It also says a lot about how much verification was going on with the magstripes ie. none.

The longest I've had to wait was 30 seconds which is generally small shops with handheld cheap readers. In larger stores it's so fast I've got the notification the money has gone from my account before the receipt printer has finished printing.. it's sub-second.


Heck, modern cards here don't even *have* a functional magstripe any more. Clone the magstripe on my card and you got some random data, congratulations.

The US is oddly behind on something so simple.

Global IPv4 address drought: Seriously, we're done now. We're done


Re: IPv6 is fundamentally broken

That would be ipv6 then.

Although cripping the network using NAT would be just cutting your hand off to spite your face, given that address randomisation means you're not trackable anyway.


Re: IPv6 usage soaring?

1 in 6 is a bit low considering how many users are on large ISPs which have enabled ipv6 like Sky and BT.

A home user that does nothing special will be running it without knowing or caring.

Smart Meter rollout delayed again. Cost us £11bn, eh?


Re: Free?

The electricity companies are refusing to install smart meters in houses with solar PV stating that smart meters can't work with them, so whatever the standards might say the companies that have to actually implement this stuff say they don't work.


Re: What's the advantage to the consumer?

I did wonder how people were quoting those repayment times.. I reliably calculate 20 years.. I did pay quite a bit more than they cost now, but I have the higher FIT to make up for it.

In practice the effect on energy consumption is minimal. They work during the day when I'm at work and the house is just drawing baseline, and don't work in the evenings when I'm at home and everything is on. Hence in practice they might have saved maybe £5 a month, except in winter when they rarely even generate baseline.

FIT is around £300-£500 a year. £8k initial cost. 20 years is about right. Not that I mind - those are the same calcs that I was seeing online when I initially bought them - wanted them because they're cool tech not because they save money.

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor


Re: VPN?

It's not harder at all - You'd block the /64, since the bottom 64 bits refer to a local network and can change fairly easily (/48 possibly if you want to block an entire site owner).


Re: This is the last backdoor

It's an interesting problem. Triggering a warrant canary - even by inaction - could be considered informing the public, so in that case can the law compel someone to lie?

You could even contrive a warrant canary such that the only way to fake it would be to break the law. Can the law compel someone to break the law?


Re: stumbling blocks

The definition is so loose that running an open wifi point could make you one. A&A used to (possibly still do) have a check box you could set saying 'I am a CSP'.

vSphere has been moved onto VMware's slow development train


Definately not out of the door.. I can't see anything but a press release hawking features.

Mozilla wants woeful WoSign certs off the list


Re: What about the other browsers?

They probably will, if these allegations are proven.


Re: Get in first

And the startcom certs, since they're essentially the same company.

That's likely to have a bigger impact.

Action Fraud warns of fraudulent anti-fraud warnings posing as Action Fraud


The problem is bank's ludicrously bad 'fraud detection' requires you to answer the phone otherwise they block all your cards because you apparently buying the same things you do every month is somehow suspicious.

You get a call from mumbai from someone with an accent so thick you can barely work out who they're from, demanding private information for 'security' and if you fail to answer correctly good luck spending any money for a whille.

It's a real concern. Banks should be hauled over the coals for it, as it not only encourages - even requires - behaviour that makes you vulnerable to fraud, they don't offer any alternatives - A simple text saying 'call the number on the back of your card' would suffice, but nope..

Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops


Why would it become a route for any network traffic? The OS shouldn't be changing its default route on a whim because something answered ping faster (maybe windows does, but I'm sure even MS aren't that stupid, surely?).