* Posts by Spamfast

340 publicly visible posts • joined 23 Jun 2010


Regulator says stranger entered hospital, treated a patient, took a document ... then vanished


Re: Fine but not fine....

I totally agree about the pointlessness of one government body fining another.

That's why it needs the management to be personally liable for their decisions. If they're found to have acted in a knowingly reckless way (think 'depraved indifference'), then their assets and liberty should be at risk.

I appreciate that the details are a bugger and it'd be feathering the lawyers' nests again but for the life of me I can't think of anything else that would work, both in the public sector and the private.


Every healthcare organisation should look at this case as a lesson learned ...

Yes. And the lesson is that there is no personal comeback on those in charge of physical and IT security so carry on as you were administrators.

NASA reschedules Boeing's first crewed Starliner flight for mid-April 2024


Cutting corners?

Such basic errors as using flammable tape and designing a parachute coupling that breaks under representative load fill me with confidence.

I appreciate that hindsight is always 20-20 but I do have to wonder what other bad choices are waiting to surface in Boing's (let's hope that at worst it goes 'boing') design. Has anyone checked the computer-assisted flight controls yet?

Something goes wrong at SpaceX they say "oh dear, but we can learn from that." The parachutes fail to open and Boeing says "It's fine. Nothing to see here. Move along."

I might get into a Crew Dragon. I certainly wouldn't get into a Starliner.

Millions of people's data stolen because web devs forget to check access perms


Re: Web devs forget to check access perms :o


Sadly the commonest pattern is for the server-side app code to have a configuration file with a single set of credentials (usually plaintext username/password) that grants it blanket read/write/create-table etc. access to the whole database or often the whole database server. These credentials are used piecemeal by database accesses sprinkled all through the business logic and UI code of the application.

I don't often do this kind of development (I prefer real-time embedded) but my solution where there is not already a robust layered security system in place is always to write a separate daemon between the app-server code and the databases. The daemon does the credential validation and issues the session user-ID token to the app and then requires that token as well as the query which it can then check before allowing the query to run.

The daemon can concentrate on the rules for what user-ID has what level of access to what rows in the database and can have a fully-automated test suite. The app meanwhile can concentrate on the user interface and its functionality.

To infinity and beyond, with a swarm of tiny computers costing under $1K each


Von Neumann Effect

Don't forget to equip them with the ability to self-replicate.

Berserker Base here we come. (Or Mantrid Drones if you prefer.)

Google's next big idea for browser security looks like another freedom grab to some

Thumb Up

Re: ODFO, alphagoo.

That's how the Internet works.

Hallelujah. That's how any comms channel should work.

Anything coming from a source or through a comms channel that isn't completely under your control needs to be treated as potentially hostile and validated and sanitised to death. You can never assume otherwise or you end up with the Morris Worm, SQL injection, JSON-as-JavaScript injection, buffer overflow exploitation (worm again) or whatever.

As a bonus, your systems will be more reliable and robust.

If you can't design your end to detect when the other is 'cheating' then you've done it wrong.

Oracle's revised Java licensing terms 2-5x more expensive for most orgs


Re: with 49,500 employees, all of whom are applicable

Why then do Java-based back-ends for continuous integration, bug tracking, collaboration etc. always seem to require five times the resources than ones using PHP, Perl, Python or Ruby for the same type of service?

Maybe Java programmers just aren't very good?


Re: with 49,500 employees, all of whom are applicable

Or just decontaminating completely as we have done.


It baffles me why anyone uses Java in new projects and why existing ones aren't switching to Python, Ruby or JavaScript/ECMAscript or, well, practically anything else.

I've got nothing against the language syntax itself - in fact it's quite nice. But the compute requirements for things like Jenkins or JBoss or whatever are bananas.

ChatGPT study suggests its LLMs are getting dumber at some tasks


Re: Stochastic parrots

Thanks for the reference.

I love that the originator's surname is 'Bender'. "Kiss my shiny metal ass" comes to mind.

Post-Brexit tariffs on cross EU-UK electrical vehicle imports still going ahead


Re: Fuck business

Ah, but look what we've gained. Instead of faceless EU bureaucrats telling us what to do we've got Rishi Sunak, Jacob Rees-Mogg and quite possibly Boris Johnson again looking after our interests. What could possibly go wrong?

Twitter rate-limits itself into a weekend of chaos


Tech vendors have been hiking prices by up to 24% amid inflation



There's a word for this - gouging.

At the sniff of publicly reported increased upstream costs, the first reaction of many a big business is to pass the costs on but with a fat bit of padding.

Supermarket chains, energy suppliers, vehicle fuel station franchises - I'd be surprised if they haven't been lured into doing this.

And of course it feeds back.

And yet there's bugger all reporting of how the wholesale commodity prices for gas, oil and the rest have actually dropped significantly throughout late 2022 and this year.

UK smart meter rollout years late and less than two thirds complete



We're now into gen2 'smart' meters (aka SMETS2) yet they stil only save money for the power companies by allowing them to fire all the meter readers. So we've ripped out and binned millions of perfectly function gas & electricity meters, some of them twice, with no appreciable benefit to customers other than a dinky little display box.

We'll be doing it again when an over the wire protocol for smart appliances is agreed so that the meters can ask fridges, aircon, etc. to modulate their energy use to avoid having to switch in less-green baseload supplies.

And all the time the government & industry have been lying when they said that the consumer won't be paying for all this. Of course we're paying for it in increased standing charges, more residual power usage by the meter itself and the wireless infrastructure.

File Explorer gets facelift in latest Windows 11 build


Re: Would anyone like any toast?

I'm sure that the toaster would remind you itself if someone thought to put some AI in it. What could possibly go wrong?

"Talky's the name, and toasting's the game! Anybody want some toast?"

Cunningly camouflaged cable routed around WAN-sized hole in project budget

Thumb Down

Re: 'A reader we’ll Regomize as "Leif"'

Except that the Scandinavian name 'Leif' is pronounced like the English word 'life' not like 'leaf'.

My step-son is called Leif and hated it when he and his mother moved to England and even his school teachers wouldn't bother getting it right even after repeated correction.

Her name, by the way is 'Dagmar' which is okay because she's half German and that's how it's pronounced there with a hard G. However if she'd preferred the Danish pronunciation - which is closer to 'Dowmar' (my apologies to Danish-speakers for the over-simplification) - she'd have had a lot of repeating herself to do!

Ford in reverse gear over AM radio removal after Congress threatens action


Re: The only question remaining is ...

WTF don't cell phones have an AM receiver[0] built in?

AM is no longer used in many parts of the world. Even FM has been shut down in some countries such as Norway in favour of DAB+.

I'd like to see mobiles (aka cell phones or Handys) have SDRs capable of AM, FM & DAB+ and the rest. Mine - a few years old - still has an FM radio but that might be useless if the UK government takes the backhanders from certain parties and follows Norway.


Rivian, meanwhile, told us it "offers free access to AM and FM radio services in all Rivian consumer vehicles that come standard in each vehicle. AM radio service from local and national stations is provided via digital radio platforms (thus ensuring enhanced audio quality.)"

I think they've rather missed the point there. It's not the content that needs to be available, it's the technology. In the event of a problem, AM transmitters may well still be broadcasting when wireless Internet ones have been taken down.

Microsoft and Helion's fusion deal has an alternative energy


Re: Build SMRs instead

It's been calculated that current SMR designs produce considerably more nuclear waste per watt generated than conventional ones. As with those the public will end up having to pay for the clean-up when the company making the reactors dissolves itself over the costs after taking the government subsidies & customers' money and giving it to the upper management and shareholders.

No historical, current or proposed uranium or plutonium fission reactor has ever made or will make a profit once state subsidy, decommissioning and long term waste storage are factored in to the costs. Building new ones will not help the current climate problem because they won't come online in time and by the time they do, they'll be providing some of the most expensive power on the grid.

Nuclear fusion and nuclear fission, perhaps using thorium reactions, may be worth pursuing but it's just a distraction to suggest they can help with the pickle into which we've currently gotten ourselves.

If we are going to state-subsidise the energy industry, we should be removing all the breaks the fossil fuel companies are still getting, take that and all public money currently being spent on new fission build and fusion research and invest that in both the installation of existing renewable capture and storage facilities and research into improving them. This would be faster gain and much lower risk.

Asahi Linux developer warns the one true way is Wayland


Re: Nope

VNC, which requires each desktop you want to run to be manually set up in a config file and tied to a specific port.

Actually, on Linux you can run a TigerVNC daemon listening on a single port on a remote machine that uses PAM authentication over TLS and creates a new virtual framebuffer for each connecting client in which you can run up a desktop environment.

The only problem being that many Linux distros now only allow a given UID to run a single GUI session at a time because all the software bus configuration gets wildly confused otherwise.

But that's a flaw in the desktop implementation not in VNC.

Hubble spots stellar midwife unit pumping out baby planets

Thumb Up

Mavel Tov!

Damn, I missed the party on Friday.

Oh well, we can always wet the babies' heads - there must be an ethanol gas cloud somewhere in the neighbourhood.


Re: Confused

still feeling sympathy for poor depreciated Pluto

Not this again?!

Get over it.


Hubble spots stellar midwife unit pumping out baby planets

What midwife unit?

I see the mother. She seems to be doing well without help. It's clearly a home birth situation.

Don't medicalize childbirth for heaven's sake!

Tsk. Typical male reporting.

A right Royal pain in the Dallas: City IT systems crippled by ransomware

Thumb Up

Re: Somebody was behind on their patches and updates

Having briefly worked in gov IT. I will never make that mistake again. Well, unless I'm starving and facing eviction, of course..

There are soup kitchens and flop houses, you know? ;-)

Elizabeth Holmes is not going to prison – for the moment


Under federal truth-in-sentencing laws he must serve at least 85% of it, which would be nearly 11 years.

Except that it'll get watered down by Flywheel, Shyster, and Flywheel. And/or they'll get transfered to a minimum sec 'oh I can't go out at night' facility.

IT Angle

If you can't do the time, don't do the crime.

Alternatively, use the money you bilked from a bunch of gullible idiots to pay for a solid legal team.

Let's see how long her partner in crime actually spends in jail on that 12 year, 11 month sentence.

Rich white collar criminals seldom pay even when caught.

Apache Superset: A story of insecure default keys, thousands of vulnerable systems, few paying attention


How difficult is it for the installer to generate a random key on installation? How many networking kit breaches are caused by hard coded backdoor telnet (!) or ssh logins? The company officers need to personally liable for this nonsense.

Balloon-borne telescope returns first photos in search for dark matter


Re: Helium is cheaper than rocket fuel

Helium is a natural product of radioactivity, alpha-particles are essentially Helium nuclei, so the Earth emanates Helium all the time, all we have to do is collect it. I expect there will be enough for several years to come.

Not at the rate we're squandering it. The helium produced by surface background radiation goes into the atmosphere from where it would be fiendishly expensive to harvest and also from where it diffuses into space. We get our helium from fossil sources, which are replenished very slowly by the Earth's internal radioactivity.

You could equally argue that we'll never run out of oil & natural gas because there will be some more along in a few hundred million years.

If you don't get open source's trademark culture, expect bad language


I have vague memories of MIcrosoft setting rules for something like this. IIRC you could call your product Optimiser for Windows, but not Windows Optimiser - or was it the other way round?

Optimizer for transparent wall sections?

Florida folks dragged out of bed by false emergency texts


Re: Big Brother has another way to cock things up.

It's not an app, genius. It's a cell alert that's part of the infrastructure. That a phone might have an app that specifically handles it is completely separate from the alert itself.

Phone masts can transmit all sorts of things but without software in the receiving device they do nothing.

When I bought my phone, it did not have a settings page for emergency alerts.

Now it does.

Therefore at some point an update installed a piece of software (an app) to respond to the alerts.

It even appears in the list of 'apps' if I enable 'show system apps' and allows me to see - but not to change - its permissions. Take a looks - on Samsung phones it's called 'Emergency alerts'.

You do know your phone has to run a piece of software to make calls, don't you? Or to send text messages?


Big Brother has another way to cock things up.

I am really annoyed about this system.

Basically it's an app that was installed by stealth on all our phones at the order of our governments.

Apparently the UK one prevents any use of the phone until the alert has been acknowledged so it must have fairly high privileges. I am not able to uninstall it, disable it or change its access settings. I can only disable notifications but there's nothing stopping it from re-enabling them.

I was relieved when the buggy, insecure Covid apps were opt-in. Why the hell isn't this one too? I'm being spied on by Google & Samsung already but at least they're relatively competent. The UK government and its contractors have a well documented history of gross negligence with anything IT related.

Linux 6.3 debuts after 'nice, controlled release cycle'


Re: Giving it a try

Ccache might help but if just building the kernel takes two hours then you need to invest in new hardware.

I Yocto-build an entire openembedded deployable in about twenty minutes, using locally cached git repos for the various userland porcelain, on a 12-core 24-thread Ryzen, 64GiB RAM & a 2T SSD.

YMMV of course.

UK government scraps smart motorway plans, cites high costs and low public confidence


Well, I am so not a fan of Mr Sunak, a corrupt self-serving politico. But shutting down the idea of a) making motorways more dangerous and b) expanding our addiction to CO₂ gets my approval. The UK government (of whichever stripe) talks about the climate but still spends way more of our money on fossil fuel guzzling projects than ones that will mitigate the problem, generate jobs & revenue and make our environments better places in which to live.

By order of Canonical: Official Ubuntu flavors must stop including Flatpak by default


Re: Snap/flatpack needs to go away

Snap/flatpack needs to go away


It's drifting towards MS .Net (which release?) and Metro (ditto) and containers. Let's add another layer of abstraction - what's the downside? Everything becomes an entire environment to support what it needs with all the storage, memory & CPU overheads that implies. Never mind that they're all using the same libraries - they have to have to work to that specific version so have to have their own copy. How many loop mounts do you want?

Microsoft had 'DLL hell' and bodged around it. Linux doesn't have that problem - if a library has a breaking change it is bumped and both can co-exist.

Stick with apt or yum or ./configure && make && sudo make install. Otherwise I don't want your product.

No more free love: Netflix expands account sharing restrictions


€‎3.99 in Portugal and €‎5.99 in Spain

Hey, Reg, get with it. In general in Europe the currency symbol goes after the amount, not before.

3.99€‎ in Portugal and 5.99€‎ in Spain

New York gets right-to-repair law – after some industry-friendly repairs to the rules


Re: Perspective

My new Samsung 75" TV's screen failed after just over a year, but luckily still in warranty.

In the UK at least, the Sales Of Goods act states that items must be 'fit for purpose'. I've had full refunds on electronic goods that went south several years after purchase without requiring a warranty from the manufacturer. If I buy a TV I have a right to expect it to keep working for five years or more and will take it back to the retailer and if necessary threaten them with Small Claims Court action if they try to give me the run around. I've never actually had to start proceedings. It seems standing at the customer service desk with a copy of the relevant legislation and a stubborn attitude is enough to make them give me my money back.

YMMV of course.

BBC is still struggling with the digital switch, says watchdog


Where are my waders?

I'm as guilty as the next person but broadcast TV - digital or analogue - is an order of magnitude more environmentally friendly than all of us streaming from servers at our own whim.

Fuck the planet so I can watch Game Of Thrones is not a great solution.

Orion snaps 'selfie' with the Moon as it prepares for distant retrograde orbit


Re: that selfie...

Like the supposed pictures of the lunar module taking off from the surface of the moon.

I hope you're joking.

Otherwise, have you not heard of tripod-mounted video cameras with a radio transmitter?


I'm insulted.

there are no animals on the moon (except the odd rogue Clanger),

Dear Sir,

I'm insulted. We Clangers do not live on your moon. We have our own planet.

How would you like it if we told the Iron Chicken that humans live on Venus?

Yours faithfully,

Major Clanger


What's wrong with this statement?

to propel Orion at 8.9 feet per second

First, 8.9 ft/s relative to what?

Second, (as commented elsewhere) stop using daft non-SI units for engineering reports. Only the Usains and a few others are still using obsolete units and there are only 280 million of them, call it 500 million tops including the rest. There are now 8 billion of us on the planet.

US Supreme Court asked if cops can plant spy cams around homes

Black Helicopters

Re: Just one question

to who do they serve the warrant

First off, it's "to whom".

Second they don't serve the warrant. They go to a judge and convince him/her that they have probable cause and so obtain permission - aka a warrant - to proceed with the surveillance. It doesn't have to be served on anyone. In days of yore this was the process by which the cops obtained the right to tap someone's phone. It would be pretty useless if the surveilled had to be informed beforehand.

Not that I condone state surveillance - almost all of it is egregious and illegal.

Microsoft leaves the Office, rebrands everything as 365


Re: Survey missing option

And LibreOffice doesn't crawl its way into every nook and cranny of the registry.

The registry, by the way, which is one of the most collosal cock-ups of computing in modern times. An undocumented, fragile, non-normal-form, quadratic access database of items many of which can crash the OS if corrupted or left in the wrong state by a crappy uninstaller.

NASA sets November date for next SLS Moon rocket delay, er, launch


I'm not a fan of Elon Musk as a person - basicly he's a creepy uncle/Bond villain - but I admire SpaceX and to some extent Tesla, minus the faux 'autopilot' crap.

Provided RUDs don't kill people - as they did twice with the US Shuttle programme if you remember - then they're par for the course. You collect the data and correct the problems.

I like the idea of multiple suppliers - redundancy is good for scheduling & price haggling - but the ratio of money given to SpaceX compared to NASA's old buddies for SLS is indiciative of the pork barrel/political contribution mentality that still rules US space funding.

Scientists, why not simply invent a working fusion plant using $50m from Uncle Sam


Nuclear fusion is impossible because electron removal is unthinkable. We are dealing with a scam.

I look up in the mornings and see evidence that nuclear fusion is entirely possible.

I also look up at night and see even more of the reactors.

(Unless you think they all run on coal?)

What we've not been able to achieve is sustainable confinement, temperature & pressure even using deuterium/tritium rather that proton/proton fusion. However, recent use of deep learning algorithms to point to the plasma control is interesting.

But we've been here before of course.

Is it time to retire C and C++ for Rust in new programs?


Re: One thing that make me wary of rust

When I'm on a new (usually bare-metal embedded) platform using C/C++ the first things to get integrated into the build tree are boost, pcre and a decent JSON library such as RapidJSON. That usually covers 75% of my requirements apart from protocol stacks. (Think lwIP/mbedTLS, Lely CANopen etc.)

For embedded Linux once I've got buildroot or yocto to behave the options are much broader of course.


It's just another high level language. Big whoop. If I have to, I'll use it. Who cares?

Those screws on the Apple Watch Ultra are a red herring


Re: Muppets

I'm guessing that they've never taken anything apart with 100m rating before. Do they think it's Steve Jobs' tears that make it water proof?

That's 10 atmospheres.

I have a thirty year old Tissot watch that is 100m ratred and yet my horologist can remove & replace the backplate to change the battery while maintaining its integrity.


In the UK we've recently had a tariff applied to single-use supermarket carrier bags. Retailers have to accept dead batteries for recyling. In Germany & Denmark pretty much all glass & plastic bottles & aluminium cans are required to be sold with a deposit that can be reclaimed from any store.

Maybe we need a deposit on non-repairablable tech - send it back and get your 10% refund?

Our software is perfect. If something has gone wrong, it must be YOUR fault


Re: Testers

Reminds me of Greenhills' embedded C/C++ toolchain.

I've only ever had to use it at two places. We'd find compiler bugs and report them for which we were barely even given an acknowledgement after they'd finally agreed that it wasn't that we were 'using the programming language wrong'. If we needed to have them fixed in a timely manner, we were required to pay gouging amounts for a patch.

Greenhills gets used a lot for safety critical because they claim certification to various standards but you have to pay them again to get proof of that.

I've pointed out to management that as gcc is so widely used and open source that is easy to use those facts and a good test suite (which you need anyway regardless of toolchain) to demonstrate its fitness for SC software to the satisfaction of almost all regulatory standards. Even when I show them that I've been able to do that for other clients they still insist on using Greenhills while simultaneously complaining about the engineering budget.


Re: A familiar experience

Thankfully for me in the EU, they have been exclusively inflicting these random builds on the Indian market, which they appear to have unilaterally adopted as their unwilling alpha testers.

Alpha test doesn't just mean earlier than beta. Alpha testing is done by people who have been involved in the development. Beta testing is done by people who haven't i.e. the great unwashed public these days it seems. So the poor sods in India are still beta testers.

Enough with the notifications! Focus Assist will shut them u… 'But I'm too important!'

Thumb Up

It started with the HTML BLINK thing

Oh, the rot started much earlier.

Teletext had blinking text character codes way before HTML.

DEC VT escape codes earlier still. Not sure whether IBM block-mode terminals did so before or after that.

But we're talking 1970 or possibly earlier either way.