* Posts by petef

172 posts • joined 13 Sep 2010


Alert: 15-year-old Python tarfile flaw lurks in 'over 350,000' code projects


It is not always that obvious. I had a real instance of that happening some years ago (the resulting system restore involved fifteen 5¼" floppies). A colleague had asked me to release my storage on their machine. I deleted my home directory but then modified my home to be / so that I could still log in. I informed the machine owner that I had cleared my disk usage. Unfortunately they then opted to remove my user account. Part of that procedure was to remove the user's home directory. Tears ensued.

I raised an issue with Sun who at that stage had become the owner of Interactive UNIX. They declined to put protections in place. I wonder what became of them?

Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers


It's a good thing then that I migrated my repos away from Bitbucket when they sunsetted Mercurial.

Meta proposes doing away with leap seconds


Re: The leap second has been around for fifty years

And before that the rubber second was like smearing, though over the full year.


Re: Fuchsache!

There is only about six months warning of a leap second coming up.

Tuxedo Pulse G2: Linux in your lap


I agree that PCS offer a good route to Linux. Skipping Windows saves of the order of £100. But there is a difference between supplying a PC with LInux that is certified to have working drivers and a barebone delivery that is the end user's responsibility to manage.

Not all PCS machines are Clevo. I've been happy with that but my more recent Akstron purchase has had recurring problems.



Dell are a rather bigger name who ship Linux boxes and also "no OS" (FreeDOS which can be overwritten).

The new generation of CentOS replacements – plus the daddy of them all: RHEL 8.6



IMHO the biggest sin by CentOS was reneging of the end of life for CentOS 8, cutting short support by 8 years.

Researchers find 134 flaws in the way Word, PDFs, handle scripts


Compounded by JavaScript being enabled by default. One of the first things that I do with a new install of Acrobat Reader is to turn off that preference.

John Deere tractors 'bricked' after Russia steals machinery from Ukraine


You've got my brand new combine harvester,

You can't have the key.

Why the Linux desktop is the best desktop


Re: One reason to stay with Windows - Outlook

I've had no problems with WhatsApp on Linux. It is one of the message integrations in Opera though I'm sure that there will be other implementations.

Outlook works fine in the browser, Teams less so the last few times I tried. Those, of course, are just for work.

Microsoft brings Cloud PCs and local desktops together in Windows 365


Non-semantic versioning

M$ skipped Windows 9, now it's 12 to 364.

Epson payments snafu leaves subscribers unable to print


Computer says no

The problem may not be due to Epson (discuss) but surely they could keep the accounts active pending the bank snafu being sorted out.

New York Times outlays seven-figure sum for 1,900 lines of JavaScript – yes, we mean Wordle


Re: Does not have to be a time sink

I think of my program as a helper rather than a solver. For my word list I started with /usr/share/dict/american-english. There are some diacritics in there that need to be stripped. Be aware that there are 266 words in the 2315 canned wordle answers missing from that dict. I took pains to avoid looking at those, just counting them. A bigger dict derived from SCOWL was only missing one of the wordle answers.

Never mind the Panic button – there's a key to Compose yourself


Re: Special Characters and Windows 11

WinKey + V is for the clipboard history. WinKey + . (or ; period or semicolon) pops up a panel to select symbols, emoji and so forth.

What a Mesh: Microsoft puts Office in the Loop, adds mixed reality tech to Teams


Teams is popular

I fear you are conflating many people having to use it with it being popular.

How not to train your Dragon: What happens when you teach an AI game sex-abuse stories then blame players


Post Office

This has shades of the sub-postmaster "fraud" debacle. How can a computer possibly get things wrong?


AI 101

"the quality of the data used to train the model is important"

Er no, it is essential.

Google to auto-enroll 150m users, 2m YouTubers with two-factor authentication



This is likely to be 1½FA in practice. If your phone is compromised, e.g. stolen, then it will likely be able to disclose emails, texts, etc. So these "extra" factors are nothing of the sort.

Sir Tim Berners-Lee and the BBC stage a very British coup to rescue our data from Facebook and friends


As long as you have your tin foil hat on.


Works both ways

This idea would get more traction if Facebook and co. see the benefits too rather than relying on regulation being forced upon them. Users marking up their own preferences should be more valuable than what algorithms alone can glean.

I cannot be alone in being hit with "targeted" messages in the vein of "you have just bought a washing machine, here are other washing machines that may interest you". Those are irritating and it would be commercially useful to improve.

Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters


Re: four months since Apple comms last provided proof of life

Or sending the enquiry from thE regIster?

I would drive 100 miles and I would drive 100 more just to be the man that drove 200 miles to... hit the enter key


I was called upon to make a 6,000 mile round trip from Scotland to the Sinai. Once there I swiftly resolved the problem by reseating the cards in the minicomputer. In addition I had just made it home from my previous assignment at 9 am and was in my first taxi at 11 am.

It's time to delete that hunter2 password from your Microsoft account, says IT giant


Good while Authenticator works

This afternoon my broadband dropped out twice for a few minutes at a time. Openreach are rewiring the cabinet round the corner from me. On both occasions I could not reconnect to my company VPN because Authenticator failed to respond. I reset the phone which seemed to jolt it back into life.

So the data centre's 'getting a little hot' – at 57°C, that's quite the understatement


Reverse situation

I used to provide field service for systems in the deserts of the Middle East. There was one fault that was annoyingly intermittent. My approach was to turn off the AC and bake until the fault persisted. I was then able to diagnose it and so effect a repair.

Google Groups kills RSS support without notice


Google News

Despite using RSS for many years I will not miss Google Groups. I rarely use that directly but it remains the prime source of spam into mailing lists that I read using RSS via gmane.

I do however have a couple of RSS feeds from Google News searches. I wonder how long those will survive?

Google says Pixel 6, 6 Pro coming this year with custom AI acceleration


Re: ?

It's just the new Clippy. With added AI.

On this most auspicious of days, we ask: How many sysadmins does it take to change a lightbulb?


Re: Facilities are to blame

I had noticed a problem with our "help" desk and also knew how to fix it. When I called them to report that they would not talk to me without taking my cost centre. It stayed broken.

Windows 11 comes bearing THAAS, Trojan Horse as a service


Re: "and in a few short years we were liberated."

I've been using Teams native on Linux (Tumbleweed) for a while now since the web app decided that it would pwn my display. While it is woeful it seems no worse than the Windows version.

Linux Foundation celebrates 30 years of Torvalds' kernel with a dry T-shirt contest


Re: designing a T-shirt to celebrate 30 years of the software

Inscape should be able to import all three of those formats.

The phantom of the Opera is here... unveil R5 (just don't let the boss see)


You say Oslo-based but the ownership is Chinese since 2016.

First Forth, C and Python, now comp.lang.tcl latest Usenet programming forum nuked by Google Groups


Eternal September

The signal to noise of Google originated USENET content has been really low for years. So I am not sorry to lose their traffic.

Google to revive RSS support in Chrome for Android


Show me the money

I am a long time consumer of RSS (and indeed NNTP). The abandonment of Google Reader was a shock but I found that Feedly filled the gap.

RSS/Atom is a great way to disseminate content. It is poor at tracking personal user data and delivering ads. I genuinely wonder why Google choose to reinvest in it now.

Big red buttons and very bad language: A primer for life in the IT world



I still have my portable microfiche reader. You just peer through a lens and hold it up to the light.

Half of Q1's malware traffic observed by Sophos was TLS encrypted, hiding inside legit requests to legit services


In my experience most features that enhance security are adopted more quickly by the bad guys.

Opera loses Touch with iOS app: Browser maker locks and loads the rebrandogun


Out of Touch

I used Touch for many months on Android. Flow was neat but limited to a pair of devices. And now it is available in the main Opera for Android.

The killer for me with Touch was the lack of password saving.

What could possibly go wrong? Sublet your home broadband to strangers who totally won't commit crimes


What a difference an a makes

Pawn vs pwn.

GitLab scans its customers' source code, finds it's as fragile as you'd expect



I do hope that they were only scanning public repos and not private.

What a Hancock-up: Excel spreadsheet blunder blamed after England under-reports 16,000 COVID-19 cases


But they would use a spreadsheet to do that task.

It's Google's hardware launch day, and what do we get? A few Pixel phones, Nest kit, and another Chromecast


Hold For Me?

I wonder how well Hold For Me performs. I have had too much experience recently of contacting utilities, etc on behalf of an elderly relative. The general pattern is to play muzak for a bit and then tell you how important your call is to them. I had my hopes raised the first few times, I don't think a bot would fare much better. The worst was AA insurance who I gave up on after 45 minutes on hold. Their repeated message was "we are here for you 24/7", patently not. They eventually responded to my earlier email after two days. I say the worst but I am into my third month of waiting for BT to switch to the Basic account we are entitled to.

UK mobile network EE plumps for Nokia to provide that all-important 5G RAN equipment


Made in ...

So is Nokia gear all manufactured in Finland? Just asking.

NHS COVID-19 launch: Risk-scoring algorithm criticised, the downloads, plus public told to 'upgrade their phones'



Leaving aside support for Android 5 and earlier, Android 6 to 9 are vulnerable to click-free exploitation by BlueFrag if you turn on Bluetooth as required by the app. Android 10 can only be DOSed.

Security patches may be available, a security update of March 2020 addresses the issue. Unfortunately my Moto G5s is two years old and security updates stopped at August 2019. Customer support told me that no more security updates will be released. YMMV.

I have no other need to enable Bluetooth so I am left with a dilemma. Risk infection of my phone or myself and others. Proof of concept code for BlueFrag is publicly available so even skiddies can write exploits.

The app will not allow me to scan a QR code if Bluetooth is disabled, dumb logic.

Second lockdown? Perfect time to unveil Teams Breakout rooms and another ginormitor – the 85-inch Surface Hub 2S


Clippy 2.0

"hopefully not obscuring that critical bit of information with a giant head"

Now here is an original idea. The presenter could be represented by an avatar that hides little. How about a talking paperclip?

Funny, that: Handy script for wiping directories is capable of wreaking havoc beyond a miscreant's wildest dreams


Unix too

In the early days of Unix on PCs (Interactive Unix, pre Linux) my team had 386 workstations. My colleague asked me to remove my user account from their machine to free up space I did that but left just a login with a home directory of root. That should have been that but the owner then decided to completely remove my account, blithely answering yes to questions such as remove home directory. The re-install involved a box of floppies.

British Army does not Excel at spreadsheets: Soldiers' newly announced promotions are revoked after sorting snafu


Excel users == skiddies?

HUGO have given up the fight on naive use of Excel. There are many pitfalls for average users.


Toshiba formally and finally exits laptop business


Re: Not to put TOO fine a point on this comment, but...

Yes but as the saying goes it is not Toshiba's fault but it is its problem.

I could eke out more life by installing SSD. I did that with my old MacBook Pro as Apple were ahead of Microsoft on heavy disk I/O. But the keyboard is flaky and the battery needs replacing again.

On my personal laptop I happily run Arch Linux + LXQt on what is now venerable hardware.


As it happens I ordered a replacement for a 7 year old Satellite yesterday. It still just about runs but Windows 10 makes heavy demands. The 2004 update took 10 hours.

I got 99 problems, and all of them are your fault


I thought this would be a story of dual 5¼" floppies. Occasionally I had to retrieve one inserted between the two drives.

Wrap it before you tap it? No, say Linux developers: 'GPL condom' for Nvidia driver is laughed out of the kernel




Google+ replacement ‘Currents’ to end beta and debut in G Suite on July 6th


So should we refer to the July launch as current Currents?



Biting the hand that feeds IT © 1998–2022