* Posts by Skoorb

285 publicly visible posts • joined 25 Jan 2011


Oracle's compliance cops now include Java in license audits


It's a real shame Oracle are doing this, but I do agree with the approach of some companies mentioned in the article. Go get OpenJDK (essentially the same code, just compiled by someone else), or OpenJ9 (open source clean room implementation from IBM) both of which are free of restrictive licencing. Both are TCK certified, which is important to evidence compatibility with Oracle Java (https://en.wikipedia.org/wiki/Technology_Compatibility_Kit#TCK_for_the_Java_platform)

OpenJDK: https://adoptium.net/

OpenJ9: https://www.eclipse.org/openj9/

Or one of the many other builds: https://en.wikipedia.org/wiki/OpenJDK#OpenJDK_builds

You can also more easily download just the runtime, and not the whole development kit from these places as well if you don't need the whole shebang.

Brave takes the spring out of creepy bounce tracking


Re: "Say a website embeds a third-party script from info.tracker"

Hard blocking all connection attempts or cookie setting doesn't always work. As you get redirected (bounced) to the tracker site, which then redirects back to the site you are trying to access, a hard block just means that you get a browser failure message when it can't load the tracker site, and you never get the site you wanted.

Likewise, hard blocking cookies from the bounce tracker site can lead to you being constantly bounced between the site you want and the tracker site (site you want checks if third party tracker cookie exists, finds it doesn't and redirects to the tracker site, which tries and fails to set a first party cookie, before redirecting back the the site you want, which checks to see if the third party tracking cookie is there, finds it isn't and redirects you to the tracking site...) so you just get nothing happening in your browser for a few seconds, followed by a browser "too many redirects" failure message.

If you've ever struggled to load a site as your browser just gives you a "too many redirects" error, and you use some sort of ad or cookie blocking tool this is likely what's happening behind the scenes.

Users complain of missing data in UK wills search service


Re: Why not index all names?

It's a bit poor, but if you can't find it online, you can still request it manually using the form at https://www.gov.uk/government/publications/find-a-will-or-probate-document-form-pa1s. It still costs the same (£1.50), but takes four weeks. Even with a four week wait it's preferable to just not getting it at through the online system or waiting for them to fix the online system.

Worst of CES Awards: The least private, least secure, least repairable, and least sustainable


Re: "the marginal cost of sharing and making copies of things is pretty close to zero"

There are loads of Print on Demand publishers; you don't have to use Amazon. There's a list of some at the bottom of the Wikipedia page https://en.wikipedia.org/wiki/Print_on_demand for a start.

Fintech biz Wirecard folds into insolvency like two pair against a flush. Good luck accessing your chip stack


I agree. Currently, organisations with full fat banking licences or the equivalent (banks, building societies and maybe a credit union or two) display a discreet FSCS logo.

I think that the regulations need to be changed so that any institution without FSCS coverage should be forced to display a large warning as part of each account opening process, that you have to specifically and separately accept, making clear that they don't have full regulatory supervision, don't have compensation available in the event of their insolvency, and if you want this FSCS coverage you should stop and go to a real bank/building society.

Loads of people quoted by various media outlets who have been locked out of their money don't seem to know:

- that they didn't have FSCS coverage, and in many cases

- that the FSCS exists and would cover them if they went with a "real" bank.

Openreach tells El Reg it'll kill off copper sales in 118 UK locations next year


Re: Not sure how they measure availability of FTTP

Tell me about it. The exchange I'm on has been fibre for years, but the road we live on (and the roads around it) aren't event FTTC yet! It's copper all the way or nothing.

We're not in a conservation area or anything else like that, and roads both closer and further away from the exchange all have fibre cabinets.

Openreach's website simply says "We don’t have plans to upgrade your area yet."

The Rise of The (Coffee) Machines: I need assistance. I think I'm running Windows. Send help


Re: Not quite Windows

Yes they have. However, in theory, each time you get a vague error message like that, the offending app/system component is supposed to write the technical details into one of the logs accessible through event viewer.

Unfortunately, finding the relevant entry in that morass can be challenging if you don't have the exact number to search for, and far too often you end up with something just as meaningless when you do find the entry.

This also means that your service desk people need to learn how to use Event Viewer in order to perform many diagnostic tasks, rather than just reading an error message. And for embedded systems (like this) it's only really any use if you have working remote management on the thing, otherwise getting to event viewer locally can be challenging.

Pimp my PostgreSQL: Swarm64 paints go-faster stripes on open-source database challenger


I agree. Postgres is really impressive, but not well used or understood.

And the technical documentation is an absolute joy to use compared with some of the stuff out there.

But companies like EnterpriseDB will sell you pretty swish support (for ridiculously cheap compared to Oracle prices), and even guarantee drop in compatibility for Oracle (you can make the Postgres DB appear to everything connecting to it that it is an Oracle DB), full PL/SQL support etc.

Like you say, this FPGA kit could still be cheaper than Oracle or DB2 if you are a bank or other big company.

Come to Five Guys, where the software is as fresh as the burgers... or maybe not


It could be embedded

To be fair, a load of the Embedded flavours of Windows 7 are still in support. Something like Windows Embedded POSReady 7 would be usable on systems like this for a while yet.

The $4.3bn trial of the century is over! Now we wait for judgment


Remember, this is a UK court - not US, you generally can't just appeal for ever.

This is also a system for GPs, right? UK doctors seek clarity over Health dept's £40m single sign-on funding


"health boards"?

Someone's in Wales (the only place that has an NHS and still has health boards).

This announcement is only related to NHS England - health is a devolved matter.

Microsoft's on Edge and you could be, too: Chromium-based browser exits beta – with teething problems


Re: If only they could include IE functionality

It does. It comes with "Internet Explorer Mode".

Details are at https://docs.microsoft.com/en-us/deployedge/edge-ie-mode

"IE mode on Microsoft Edge is a simplified experience that combines a modern rendering engine and compatibility with legacy sites that require Internet Explorer in a single browser. IE mode provides an integrated browsing experience in Microsoft Edge, using the integrated Chromium engine for modern sites and leveraging Internet Explorer 11 (IE11) for legacy sites that require the Trident MSHTML engine."

HPE goes on the warpath, attacks AWS over vendor lock-in


Re: Hotel California is very apt

I don't disagree, but this is what the implementations of The Open Cloud Computing Interface (OCCI) and similar projects are all about (OpenStack etc). You don't build and deploy your IaaS / PaaS workload on AWS, or Azure, or whatever, you build it on OpenStack/OpenShift/OpenNebula etc, then deploy that where you want, whether that's in house, on AWS, on Azure, on IBM's cloud etc. It also makes it easier to move between cloud vendors and your own hardware.

The problems start when people build directly on AWS/Azure, rather than using a vendor agnostic interface layer.

I do admit this does nothing for SaaS though (Microsoft 365/Adobe and the rest).

US watchdog OKs robo-doc AI that spies eye disease all on its own


This isn't going to be used in hospitals or reduce doctors workload

Eh. This has been being researched by various companies for years.

The use case is not in hospital clinics.

In the UK, and other countries, there is a national screening programme for people with diabetes called the Diabetic Eye Screening Programme.

This screens everyone with diabetes 12 years and older every year, by taking digital photographs of the retina (and macula). Currently, these are then stuck in a queue to be graded by a human (within a target of 6 weeks), with 10% of the "normal" ones then being regraded by another human and up to 100% of the "abnormal" ones being regraded by a second human.

The people grading just answer a series of yes/no questions like "is there retinal thickening within 1DD of the centre of the fovea" or "are there new vessels on disc (NVD)". The system then generates a numerical "grade" of the severity of the condition. If the "grade" is high enough, the images are sent to someone qualified (like an eye doctor) to "gatekeep" a referral to Opthalmology, and the priority of any referral.

Once referred into hospital, the doctor will be looking at the retina and making a decision, not a computer.

All this system will be used for is to get rid of / act as a check on the current human graders. In most cases, these graders aren't qualified ophthalmologists, but just people hired and sent through a training programme. Anything identified as "abnormal" will still be sent to someone qualified to decide on if referral into hospital is necessary just as now.

Use Debian? Want Intel's latest CPU patch? Small print sparks big problem


Re: I'm fine with that

At the moment it is looking like you will be waiting for at least AMD Zen 2 then.

Which is slated for 2019 at the earliest.

Oracle Linux now supported on 64-bit Armv8 processors


Oracle recently announced that they are stopping direct development of SPARC over the next few years.

However, they will still sell Solaris on SPARC and SPARC solutions, it's just that Fujitsu will make the boxes. Their website has already been updated to list a load of Fujitsu servers.

Basically, Fujitsu will be the only Serious Money still going into SPARC. This isn't necessarily the end of SPARC, as IBM is the only Serious Money going in to Power and The Z processors, and Power is still chugging along.

Fujitsu's SPARC roadmap actually looks pretty impressive tbh.

Equifax reveals full horror of that monstrous cyber-heist of its servers


Re: And how...

Yeah. There is a statutory basis for CRAs to hold your data, that's the thing.

The ICO rejected complaints that this breached the DPA because CRAs only had consent to hold account information for the duration of the credit account. It said that the retention of such data was permitted under paragraph 6 of Schedule 2 to the DPA because it was necessary for the purposes of the legitimate interests of lenders (so that they could make informed lending decisions) and the information was not retained longer than was necessary for that purpose (i.e. 6 years).

Similar wording is being placed into the "new" Data Protection Act that is going to replace the old DPA on May 25th to be GDPR complaint.

The ICO issued a note on this back in 2006.

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug


Re: Firmware update or OS?

After a read through the (now published) details and paper, another lucky save is that this is a [strong]client[/strong] attack. So unless you are running your routers in a client configuration (like as a repeater) or have fast roaming enabled on them, this does not have any effect.

It's just OSs that need patching, so your PCs, phones and other devices.

It also requires that the attacker is [emphasis]already on the WiFi as a client[/emphasis], i.e. already knows your WPA2 key / has a WPA enterprise connection.

The patch is also fully backwards compatible, so unpatched devices can communicate with patched ones on the same network.

The big patching headache is going to be all the specialist devices used in business and industry that don't receive vendor patches or are a massive pain to patch, and any old home gear lying around that has reached vendor imposed obsolescence - though someone being able to crack the encryption on the connection your WiFi radio uses is unlikely to be a problem.

As you stare at the dead British Airways website, remember the hundreds of tech staff it laid off


The CEO's nightmare

When I was at university we had the then CTO of BA come and talk to us about their approach to informatics. The big quote that stood out to me was that the CEO's (and CTO's) big nightmare at the time was of getting a phone call saying "ba.com is down", as so much of their operations and sales required a web presence.

Looks like their nightmare came true.

Fedora 25: You've got that Wayland feelin', oh, that Wayland feelin'


> The only downside? Fedora lacks an LTS release, but now that updating is less harrowing, that's less of a concern

Eh. It does have an LTS release. It's called RHEL (or CentOS or Oracle Linux). Remember it is built as a desktop version as well.

The current version (7) goes EOL 30 June 2024, and even the old version 5 branch from 2007 is still getting critical security patches until March this year.

Routes taken by UK prosecutors over supply of modified TV set-top boxes


Re: City of London Police = Rent-a-cop

It works the same as with an ambulance crew. Lets say they are not responding to a call, but need a coffee/sandwich/loo break.

Then a call comes in they need to respond to.

If they have parked right outside the corner shop they just run straight to the vehicle and get moving.

If they have parked in the nearest public car park 1/2 a mile away which requires payment at a machine to let your ticket open a barrier then things aren't looking good for the poor sod having a heart attack.

"But they get allocated breaks". Yeah. And when someone has an emergency when the only available vehicle near by is on break? They get sent anyway.

Hapless Network Rail contractors KO broadband in Uxbridge


Re: "not highlighted in the thorough surveys"

It doesn't matter about having watchmen/flagmen. Network Rail now won't let anyone work within 3 metres of the tracks without a sentinel card, which requires mandatory training (with basic tests) and a medical.

Getting OR technicians on or about the railway is going to be a pain in the bum.

My Nest smoke alarm was great … right up to the point it went nuts


Re: You don't need "smart"...

Is converting a car to run LPG actually worth it? Did you save money overall?

Patch AGAIN: OpenSSL security fixes now need their own security fixes


Re: And LibreSSL isn't even an option on 32-bit Linux

Do remember that most ARM chips in use today are 32bl bit

And that root CAs tend to have stupidly long expiry dates on them.

This is an issue you can come up against today on new systems.

Linux implementing an additional 64 bit date type like BSD would be no bad thing, but that's unlikely to happen.

British unis mull offshore EU campuses in post-Brexit vote panic


Maastricht has a load of good programmes in English.

Google: There are three certainties in life – death, taxes and IPv6


does Google offer IPv6 yet?

So, Google Computer Engine, Google's answer to AWS. Does it support IPv6 yet?

Hint: the answer is no. It also blocks all external comms that aren't IPv4 TCP or UDP.

NHS health apps project plan: Powered by your medical records


They are announcing something they have been doing for years

This is a non announcement.

It works exactly as everything already works (or has worked in one case where functionality was pulled last year).

If you find your GP on nhs.uk today you will see a link under Online Facilities. If you click this link it takes you to your GP's system supplier to log in. Have a look at an example.

The online symptom checker has existed for around a decade, but was integrated into NHS Direct - based on your answers it scheduled a nurse callback at an appropriate urgency. When 111 was introduced all this integration fell apart, as 111 is commisioned on a local basis. As a result, the online symptom checker was pulled.

Allowing things like fitbits to push data into your record depends entirely on the GP system suppliers develpping this functionality. Fortunately, this has been avaliable since 2014. Nice to see that the minister has finally got around to reading the press release.

Sounds like this announcement is them saying that they are going to make the log in to online services button bigger and dust off all the old symptom checker code.

IBM lifts lid, unleashes Linux-based x86 killer on unsuspecting world


Can this do things that the new Unisys clearpath x86 kit can do though, like hard partitioning (LPARs) and other traditionally "big iron" features?

A plumber with a blowtorch is the enemy of the data centre


Re: Cable woes...

I once made the mistake of trying to explain to someone that you don't even "boot" a mainframe, you execute an IPL. And anyway, that isn't going to help with what you are describing as an OS problem as the thing has to run multiple OSs in multiple LPARs just to actually turn on properly.

"But that makes no sense, it has to be the hypervisor, just reboot the thing".


Mozilla's trying on seven hot new spring/summer logo looks


Re: Firefox direction

Vivaldi is still Chrome's engine underneath (Blink) - you can even use Chrome browser extensions.

VMware pulls buggy NSX release from distribution


Re: So ... what happened to "testing"?

From what I have seen in various settings, the lack of testing these days seems to stem from teams embracing Agile, and using this as an excuse to roll testing into development work. So, rather than having a well staffed QA team who actually test everything for regression bugs and the like, you get developers writing feature specs using a few half baked "tests" that they are then expected to run themselves. QA as a profession has taken a serious haircut.

Also, Agile leads to a "release early, release often" approach, which can lead to less testing time with teams expected to produce an entire new fature in one "sprint", then chuck it out the door and hope for the best.

The developer died 14 years ago, here's a print out of his source code


Re: Limits

Yeah. If it's something ridiculous like this it can be best to point them at the "official" support channel, even if it is hideously expensive.

Attachmate do offer on-site consulting, including custom software development and support if you are desperate. It's then up to the client to decide if it's reasonable just to buy a new cloud accounting service rather than pay the vendor's consulting fees.



Mobile App

Why not say that the winner gets a contract to rewrite El Reg's Android app? The current one is particulaly crap, and I'm sure that a great many of your readers have the ability to make a better job of it, and for a decent price to boot.


Re: One-file rule

A .jar file is a .zip file with a different extention.

Google medical search


Re: Self-diagnosis via Google

Yeah. In the UK it should really at least advise people to call 111 rather than making them think it's an emergency and thus sending them to A&E.

At least then people with a spot in their early or an aching knee can be redirected to a pharmacy or out of hours GP.

Third OnePlus flagship: £309


Re: OS upgrades

Well, the Nexus 5X both costs more, and isn't really an equivalent phone in terms of features, the 6P is broadly equivalent, but has a list price of £500 for the 64gb like this phone.

This OnePlus ships with a customised android based on Marshmallow.

So, it depends on what you want. The hardware specs or stock Android with security updates.

Judge slams BT for blaming engineer after 7 metre ceiling plunge



Yeah. This sounds a bit similar to the medical field here. If you didn't write it down in the patient notes it is very difficult to prove that:

- it happened, or

- you considered it as a possibility.

So, unless the employer can produce some documentary proof that the employee underwent the appropriate training and was issued with the appropriate instructions and equipment, all it takes is the employee to say that it didn't happen and it didn't happen.

Generally speaking, this is A Good Thing and The Right Answer, but occasionally it can go a bit too far. There is a really interesting Radio 4 programme presented by ex MI5 chief Eliza Manningham-Buller called The Blame Game. Give it a listen if you have half an hour to spare, it's really good, and also rather applicable to IT service management.

You deleted the customer. What now? Human error - deal with it


Re: I concur with the procedure guides.

Procedure guides. They are nice when they are up to date.

I once had to be rotated temporarily into a different unit to cover for staff being on maternity leave/quitting/being seconded elsewhere.

"But it's OK", I was told, "just follow these signed off Standard Operating Procedures"!

So I do. Until it turns out one is now out of date due to some system change and actually following it leads to silent data quality errors in a (random natch) small percentage of records.

Which of course was my fault, as I was the one who pressed the button, and obviously I should have known better than to follow that particular SOP.


G4S call centre staff made 'test' 999 calls to hit performance targets


Re: Targets Vs Cost

@Rol; "they had a "waiting list" for patients to go on THE waiting list, thus ensuring no one on THE waiting list, waited so long that the hospital incurred penalties."

Yeah. In England that doesn't happen any more, and hasn't for some time now. The 18 week Referral to Treatment (RTT) target, and the Two Week Rule (2WR) for suspected cancer are measured from referral to the start of treatment.

- There is no provision to pause or suspend an RTT waiting time clock under any circumstances.

- The percentage of incomplete pathways seen within 18 weeks (92%) has become the sole measure of performance

- The financial penalty for incomplete pathways breaching 18 weeks above the threshold of 8% is now £300 per breach (£5000 if any single patient waits more than 52 weeks), and the regulator, NHS Improvement, coming and breathing down your neck.

Finally, if you cannot be seen within the maximum waiting time the organisation that commissions and funds your treatment (CCGs or NHS England) must investigate and offer you a range of suitable alternative hospitals or community clinics that would be able to see or treat you more quickly. However, you will need to contact the original hospital, clinic or commissioner first before alternatives can be investigated for you.


Re: Metrics?

I have actually had the pleasure of reading the unreacted "Public Emergency Call Service Code of Practice" a few years ago.

The Emergency Operator (EO) who answers the 999 call asking for which service you require had a target of answering 95% of 999/112 calls within 5 seconds. "Under the Policing Pledge, the Police Service aims to answer 999/112 calls within 10 seconds; the recommended response time for the Ambulance Service is to answer 95% within 5 seconds; and the Fire and Rescue Service and Coastguard aim to answer 95% within 10 seconds."

If the EO cannot connect the call (including if no one answers) there is a fall back process:

"In circumstances where the CHA emergency operator receives no reply on the primary number after 60 seconds, the operator will connect the call to a secondary number provided by the EA, except where call queuing is used". If a queueing system does exist, the operator will only sit in a queue on the primary number for a maximum of 2 minutes before falling back.

And, if no one answers on the second number after 30 seconds, they fall back to an alternate number, normally a different service.

Although it may not sound like much, in an emergency waiting 10 seconds for someone to pick up the call, then another 10 seconds to be transferred to the right service can seem like an eternity. Sitting in a queue for 2 minutes must be terrible.


Re: Targets Vs Cost

Yeah, the rail performance targets are written in a really odd way.

Did you know that if a train doesn't stop at any one of it's scheduled stops it is as if the train never ran at all? So, if a station is evaculated and closed, every train that passes through the station is now a total failure. This gives the perverse incentive to actually not bother running some trains if everything falls apart so badly that a station has to close.

Also, the late running targets are only measured at the terminating station, not any intermediate station, so you can be as late as you want everywhere except the last stop without any problem.

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day



@Ken Hagan

BBC R&D published a blog post explaining the technologies the player uses and why they can't support some environments. It's linked from the main HTML5 page.

In summary:

- Safari on Mac OS X doesn’t support AVC3 via its Media Source Extensions implementation. The HLS implementation is also incomplete.

- In Firefox, the H.264 and AAC decoders are provided by the operating system. Currently, Firefox will only use decoders from Windows and OS X by default. On POSIX, you have to manually plug your own in.

- Old browser versions do not have support for HTML5 or MPEG-DASH (the MPEG-DASH standard was only published in 2012).

If you have any suggestions or other problems, drop the team an email at mediaplayer@bbc.co.uk.



@John Riddoch

Go to http://www.bbc.co.uk/html5 and switch to the HTML5 BBC player. Ther's also an Android HTML5 player avaliable.

They have been in beta since September last year, but still have not been pushed out as default. The new HTML5 player also uses MPEG-DASH and the avc3 codec, which is pretty cool.

BBC Research & Development have a load of really interesting blog posts on the work they have been putting into it.

SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers


Here's how it works:

In WhatsApp, your handle/username is your phone number in E.164 format (so +441242221491 for example).

To verify you control that number, when you register, WhatsApp sends the number you enter a verification SMS, which if you receive it authenticates you to access the account associated with that number.

There's something I don't get though. I thought that the SMS contained a random 6 digit number, which had to be entered into the app and transmitted to the server for validation. Only if that number matches what was sent in the SMS does the server authenticate the request. How the heck does SS7 signalling allow you to intercept incoming SMS messages directed to someone else's number?

Anyone care to explain this?

IT glitch causes 'nationwide' Post Office outage


Re: kind of vague


So, how bad exactly is the USPS?


Not anymore!

Amazon now runs its own delivery arm: Amazon Logistics

UK's Universal Credit IT may go downhill soon, warns think tank report


Rewriting all the rules isn't helping

From what I understand from someone “with knowledge” of the thing, there are two main problems:

- The IT

- The Rules

Ignoring the IT for a moment, the whole point of UC involves a complete rewrite of the DWPs rulebook, developed over many years from the end of the Second World War. Currently, the DWP's Decision Makers' Guide (yes, you can read it online) runs to 14 volumes and covers everything. For example, labour market questions for Job Seekers Allowance are 228 pages long and the definition of “membership of the family” is 28 pages. So, if you have a member of a polygamous marriage trying to claim Income Support, where the other members of the marriage are all in prison, except for one “technical lifer” who has been transferred to an NHS hospital, you can process the claim (page 24217 for those wondering).

UC rips all this up and writes its own, entirely separate Advice for decision making document. This struggles to cover someone with a mortgage, never mind a truly complex case. It's also constantly in flux, with modification memos being chucked out monthly. At the moment there are 41 memos that decision makers have to know that modify the official procedure, that have yet to be included in the “Advice for decision making” document, never mind be included in the software!

tl;dr: Never underestimate the complexity of people's circumstances.

Restaurant booked, flowers ordered ... Microsoft has a hot date for SQL Server 2016


Re: Who'd want SQL server

Yeah. If your use case supports what PostGres can do, then the quality and price of support from EnterpriseDB is hard to beat. Unfortunately, PostGres is most similar to Oracle, so in a lot of cases isn't what people currently using SQL Server are after.