* Posts by drtune

37 publicly visible posts • joined 31 May 2011

VMs were a fad fit for the Great Recession. Containers’ time has finally come


Re: Hmmmmm

I'd say the fairly minimal runtime overhead of containers are very much worth the convenience of having your components be network and filesystem isolated, and have a simple gui to manage (e.g. portainer), etc, etc. They're _much_ closer to being "lego bricks" than what apt-get can do for you at the best of times.

That developers can now ship their products in a form that is both well-optimized in footprint (e.g. running on Alpine) yet "batteries included" and practically guaranteed to work out of the box (plus guaranteed to remove without trace), is marvelous


Horses for courses

1. Anyone not building new systems on containers needs their head examined or to be shown the door.

2. Converting an existing system to a stack of containers is {some amount of work, varies wildly}; if you're lucky it can be a relatively modest reconfiguration.

3. If you're unlucky, the task can be practically impossible - or more work than you can be arsed with - in which case a VM is a pragmatic but less efficient compromise; there are some corner cases where VMs have special properties you want despite the efficiency loss.

4. There is no four.

Google: Psst, hey kid, want a new eSIM? Our Fi has one right here


I have the US service

It works really well, given the constraints of hopping between Sprint and TMobile (not the leading carriers for coverage). It's very cheap and 'reasonable' deal by comparison with incumbents; plus 'free' international roaming is really a terrific deal. We pay $55 for two phones, very happy. Plus, Google phones actually get regular (and long-term) OS updates unlike yer average carrier Android device. Like.

Seminal adventure game The Hobbit finally ported to the Dragon 64


Re: Platform War

hah "Miner Dick" ... I wrote that :-)

Who killed Pebble? Easy: The vulture capitalists


Re: The VCs didn't force them to sell out.

Right, and look at the very substantial amount of VC money that gets burned to ashes; they have a huge number of misses, so they need a few very big hits. The alternative to this is to have much more conservative lenders who expect a lot fewer pounds of flesh but won't lend to anyone who isn't already showing near-as-certain signs of success; these sources of capital exist of course, they're just not called Venture Capitalists. No free lunch. Not many people feel sorry for VC funds that give large sums of money to people who effectively end up pissing it up the wall, but it happens all the time.

Cisco president: One 'hiccup' and 'boom' – AWS is 'gone'


Insane comment from Cisco

AWS ... go bust? Errr. right. Even if AWS wasn't backed by Amazon's e-commerce money machine it's still in its own right a very sophisticated, feature-rich, aggressively priced and extremely popular cloud environment - it's head and shoulders above the competition (and what is the competition anyway.. Azure, Google... err.. Rackspace? It drops off real quick after the first few). From where I sit Amazon practically own the cloud computing game already, and for some concrete reasons.

Cisco are just pissed because the major server farm players don't buy much of their stuff any more.

Alleged hacker Lauri Love loses extradition case. Judge: Suicide safeguards in place


Re: Human rights?

Since when has breaking the law & if you're caught claiming you might kill yourself been a mitigating factor? Ok I mug a granny or rob a post office and suddenly get all depressed when I'm nabbed? FFS.


Cry me a river

Ok so;

a) A guy ('allegedly') hacks into a bunch of US govt computers; crappy ones, webservers etc. Big woop. He (allegedly) attempts to cover his tracks with proxies/tor/etc and does so ineptly. He gets tracked down and busted. Ok he might be innocent - but it's really not clear why the cops would be so interested in kicking his door down unless they had something to go on (which, of course, will all have to come out in court).

b) He's encrypted his HD's and refuses to provide the key. His support website implies this is because he's innocent but somehow fighting for everyone's right to {..something?} - during which time he's sitting in a jail cell. He's in jail, and supposedly he has nothing to hide, and yet he won't provide the decryption key - which in itself is illegal in the UK (not something I agree with but that's not the point) - so he's guaranteeing himself trouble with the law. Damn, he must have some fucking astonishingly high moral principles if there's nothing incriminating on those drives.

c) He's got eczema. He's depressed. His hair won't stay quite the way he likes it. He stubbed his toe. He 'might kill himself'. He's got Asperger's. ...Whatever the fuck. Anyway, this apparently is a reason to let him off the hook.

He's yet another idiot who (allegedly) did something he knew was illegal, thought he wouldn't get caught, got caught, and is now whining any excuse he can think of. Not unlike Ross Ulbricht - who was astonished and outraged to find himself 'made an example of' (yes honey, that's the whole idea, you're being used as a deterrent to others).

I suggest _not_ fucking with a government and expecting to be let off if you get caught. By all means fuck with them if you think that's going to achieve {personal crusade X} but if you get nabbed don't be surprised if they throw the book at you. Stupid kids.

Verizon fingered in Android bloatware-for-cash cram scandal


Don't understand how this is news

Surely VZW has been doing exactly this for many, many years? Even pre-Android they'd preload crap on there, and they surely charged the developer for it. No question the pre-installed non-deletable junk on VZW Android phones was put there because the developers paid Verizon to do it...

Android's latest patches once again remind us: It's Nexus or bust if you want decent security


Remote code execution in Wifi driver!?

Oh man that's a tasty one...

It's not our fault we don't hire black people, says Facebook


It's absurd, I have no doubt that FB would dearly love to hire more women and black people simply to stop this criticism (although I'm sure it has tons of brown people - Indian workers), but they're not going to hire unqualified people just for that.

I don't think I've ever met anyone in tech who hired on the basis of gender or skin color - it's ENTIRELY about skills and "will they fit in and work hard".

It's hard enough to find good developers as it is, companies I know would never turn anyone good down even if they had three heads and purple skin. FWIW, I've been a hardcore developer my whole life and I'm entirely self taught; left school at 16 to program computer games, it's not about money on education and it's not like there's a huge barrier to entry to learn coding; you've just got to really love the job, that's all there is to it. It's not for everyone.

Server-jacking exploits for ImageMagick are so trivial, you'll scream


Damn this is huuuuge

Practically every server in the world uses Imagemagick to process images uploaded by the public - and it's wiiiide open... LOLZ!

I've certainly set up more than one server that's vuln to this... patchin' time!

Intel takes aim at Arduino with US$15 breadboard


What the hell does anyone want x86 embedded for?

What a truly insane thing to produce - take a widely reviled instruction set (x86) which is only still around because of the desire for binary backwards compatibility on very large fast chips (which go to great lengths to dynamically recompile it in hardware into something that doesn't suck) and then put it on an embedded CPU where nobody has the slightest interest in binary compatibility (..not that it even is!) and in a field where there are several very long established and highly efficient alternatives (ARM, AVR, etc) that work better in every way. IN-FRICKIN-SANE. This thing is already deader than a dead dodo & absurd to the level of finger-pointing mockery.

Websites take control of USB devices: Googlers propose WebUSB API


What could possibly go wrong?

As a firmware developer/hacker kinda guy, this is a "spit your coffee over the keyboard" quality idea.

I did go and RTFA (well, spec) and they pay a lot of lip-service to CORS/security/etc it's still a pretty out-there idea.

There are actually few things in this world _less_ robust and securely programmed than your average USB peripheral - not only that but by definition a lot of them are in control of real physical things. USB peripheral firmware is totally the wild west... Ask any Linux developer trying to support something with Windows-only drivers - the first step is to basically run it under windows and reverse-engineer the device protocol to figure out how the hell the vendor set it up - but there is literally no telling what the device actually supports without reading and disassembling its firmware. USB devices are the blackest of black boxes, and there's millions of them, all with different firmware..


Primarily, most USB devices are _exceedingly_ brickable; because most peripherals are flash-based MCUs, and most of them have some sort of firmware update procedure, and only very rarely does anyone even use the USB "DFU" standard; rather often, firmware updates are via what would (in any other system) be called hidden backdoors; e.g. HID command endpoints, hidden command messages, etc. Bulk endpoints with a "manufacturer specific" USB descriptor..

..There's very rarely a oh-shit-you-loaded-bad-firmware recovery mechanism either.

Even current USB devices that don't nominally require drivers (e.g. CDC, HID, Mass storage, etc) VERY often have these sorts of hidden backdoor things going on (for reflashing, debug, diagnostics, etc) because that's the way things have evolved for the last 20 years or so...

I think it's an interesting idea and (as a long time firmware developer including many USB peripherals) I mean that in an "oh wow the possibilities for shit going very badly are.. really interesting". I can think of a huge number of ways to turn previously useful peripherals into doorstops, and that's barely scratching the service of the issue. Yes.. but... WOAH THERE NELLY!

Letting the browser talk raw USB packets would be kinda like having an unpatched Windows 95 machine with every service turned on and all ports exposed to the internet.

Raspberry Pi 3 to sport Wi-Fi, Bluetooth LE – first photos emerge


Still sucks for i/o performance

Yeah it's the same story; hang everything off a single USB host port. This was a disaster for the stuff I was doing. Having tried many of the boards on the market personally I now have a deep and abiding love for the Banana Pi (M1 - first revision) which for $35 has THREE separate real USB host ports (i.e. not on a hub) that all run in parallel at full speed AND real gigabit ethernet AND SATA; all properly implemented and independent. (and a real time clock and many more little joys) - it depends what you want it for but if you want any kind of useful i/o performance the RPis have always been a joke

Don't Fedex your tapes, people! We're so fast it's SANdulous – WANrockIT


Graphs show that a shitty solution to an long-solved problem is still shitty

Right, so you run a protocol that has poor performance on high latency links due to ACKing, and say "look! It's poor!".

Oh - the 1970's called and they want their due credit for adaptive TCP window scaling...

FTDI boss hits out at 'Chinese criminal gang' pumping knock-off chips


Ironically the FTDI clones actually work better than the originals

The FTDI clones (clone FT232R for example) work better than the FTDI chips - not only do they work just fine as USB-UARTS (which is not rocket science) but the clone "bit bang" and SPI modes work BETTER; on official FTDI chips the timing is pretty horribly broken.

I refer the learned viewer to the posts and scope captures by "Marcan" (who has an excellent pedigree in the low-level hacking world)


Another post pointing out bit-bang mode is hopelessly broken


And FTDI bury the admission in an errata (3.1.2 "BitBang Mode variable Pulse Width")


You'd assume because they mention it in RevA silicon that it's fixed in later version but apparently not.

Ross Ulbricht lodges (another) appeal of Silk Road verdict and sentence


Dude he _confessed_ to it. He wrote a letter to the judge completely admitting everything:


He also kept a diary throughout the whole thing, he had the private key to 144,000 bitcoins on his laptop - tracable through the blockchain to SR sales (and he even stated they were his to try to avoid them being seized). He posted all sorts of stupid shit on forums using his own email address. He was caught with his laptop open, logged into the SR admin pages - that's about as red-handed as it's possible to get.

The feds had a literal mountain of evidence against him. His defense couldn't think of anything credible to save him, they were grasping at thin air with their bizarre arguments.

I don't - at all - agree with his sentence from a moral perspective, I don't think SR should have even had a reason to exist because I don't think drugs should even be illegal - but given that these things undeniably _are_ currently (very) much against the law, and he without question did all that stuff knowing full well how illegal it was.

I very much sympathize with him, but he's totally, totally fucked. The system got him by the short and curlies and has essentially cut his head off and put it on a spike as a warning to others.


Rarely is an accused so thoroughly nailed to the wall by the prosecution - regardless of the morals of this story (i.e. drug prohibition) when one reads the evidence against him (- and his confession, let's not forget that) he's about as banged to rights as anyone has ever been. A life sentence without parole is a pretty horrific thing to contemplate but I do think it's a pretty clear message to send to anyone else with enough balls to consider setting up a SR clone.

Yes Ross, you're being made an example of, I don't think anyone would pretend otherwise. You wanted to be a pioneer and indeed your name has gone down in history. Congrats!

Sucks to be your parents though; great way to spend every penny of your retirement on lawyers. :-(

Show us the code! You should be able to peek inside the gadgets you buy – FTC commish


fat chance

So... all the companies who invest a ton of money building embedded device firmware are going to open up their source code, making them easy to rip off?

Errr.... no. There's a reason microcontrollers have code-protection fuses... I'm not saying they're 100% effective but (as an embedded systems guy myself) I'm certain there's absolutely zero frickin' chance of this ever happening.

Trend Micro AV gave any website command-line access to Windows PCs


Wow that's a stunningly long list of epic fails from Trend Micro there - a shower of utter fuckwits.

Theirs may be the least effective security product since the tinfoil hat.

Microsoft kicks VMware right in its weakest, cloudiest spot


$54 a _month_? That's pretty ballsy pricing

IT security is a safe job? Tell that to Norse staff laid off this week


Re: Ah VCs

I'm with you there; I've contracted for lots of tech companies for well over a decade now and I have simultaneously "no job security" (nobody owes me a living) and "plenty of job security" (I'm constantly learning new stuff, nothing gets boring, and have never yet had a significant stretch without work). My typical gigs are say 3months to a year, and there's often repeat business. I like it a lot..

...oh and [almost] no pointless meetings, no annoying management, and as much vacation as I care to take (and frequently I'll do some billable hours while on vacation, which keeps customers happy and me paid)

Good news! US broadband speeds are up. Bad news – they're still rubbish


My comcast is great

My Comcast in San Francisco - 164Mbit/s down, 13MBit/sec up.

From my experience I have no idea what people are whining about with Comcast - it's not very cheap but it's fast and very reliable.

I work from home as a software/firmware guy and I find >150Mbit/sec downstream is ample (assuming the folks on the other end have their server shit together; I'm looking at you STMicroelectroncs)

In passing I was at a friend's wedding earlier this year and spent a most enjoyable time geeking out with the bride's father, who was (back in the day) one of the chief modem designers at US Robotics in the era of going from 9600 -> 56kbps..

Eh, kids nowadays. :-p

New Nexus 5X, 6P smarties: Google draws a line in the sand


Got my Project FI invitation, ordered a 5X - can't WAIT to kick Verizon to the kerb; their service is utter robbery. Like many people I spend the great majority of my time within range of a friendly wifi network, this will more than halve my bill.

Sick of politicians robo-calling you? Bin your landline, says the FCC


FCC is a fucking joke

I get dozens of robocalls on my cell, it's on the DNC list and everything; they just don't give a fuck. The FCC is completely toothless and useless.

The Breakfast (Table) of Champions: Micro Machines


Ah memories

I was working at Codemasters during this era; takes me right back. Andrew Graham (softly spoken scottish guy, now at Kwalee ) was the main man behind the Micro Machines games; he did the NES (and later PSX) version; my mate Charlie Skilbeck did it on the Megadrive; I built the dev systems and did some other stuff.. lots of fun. Actually myself and Nick Pavis worked for a while on a Sega Saturn version but that thing never went anywhere...

...Oh and we went to quite a lot of raves as well. Ah the 90's :-)

Windows 10: A sysadmin speaks his brains – and says MEH


Can't imagine why anyone would bother

I'm still on Win7 and I don't use most of its 'features'; it's very stable, supports all peripherals including some obscure embedded systems tools, and it doesn't annoy me. That, nowadays, is all I ask from my primary OS.

All my real work is done in a variety of linux images hosted on on VMWare.. All windows really ever does for me is run VMWare, Sublime Text and Chrome.

Neil Young yanks music from streaming services: 'Worst audio in history'


I call total bullshit. Will Neil Young grace us by performing a properly administered blind A/B test between a decent-bitrate AAC stream and a (losslessly) ripped CD - even of one of his own albums? Will he fuck.

Uber petitions page p0wned, thanks to textbook code


This is news?

Newsflash: n00b hacker fucks about with web form written by intern. More news at 11

A good effort, if a bit odd: Windows 10 IoT Core on Raspberry Pi 2


The Visual Studio python debugger extension mentioned in the article - which is rather good - works fine with a Pi running stock linux.

While on the subject of Visual Studio, the (commercial) WinGDB plugin is really excellent; supports cross-compile and remote debug of lots of embedded CPUs, Android apps, Linux apps, etc.

'I went from a two-hour commute to a 10-min scooter ride by the sea'


I moved to San Francisco from the UK in 2000 and it's fucking awesome, albeit very expensive. Not as glamorous as Bermuda but a really fun city full of interesting characters, also it's Geek Mecca of course :-).

Linksys's über-hackable WRT wireless router REBORN with 802.11ac


Super overpriced

It's hacker friendly... with special "I'm a hacker" pricetag.

I'm sure there's a market for it, but openwrt runs on an lot of cheaper boxes;

Since you didn't ask I'm tending to use Buffalo routers nowadays, have several Buffalo WZR-HP-AG300H's in action and they're splendid; separate 2.4 + 5.8G radios (lovely performance on 5.8), tons of flash+ram, usb for gadget-making, gig-e for speed, fast cpu, run openwrt or dd-wrt depending on yr needs, under a hundred bucks, reliable, end of story. Old news but a fine piece of cheap hardware. Hell I may order another one for hacking on - the Atheros chipset has a spectrum analyzer mode I need to tinker with

BlackBerry flings John Chen $89 MILLION to save troubled firm


How high up the toilet wall

can they piss their remaining money? It's pure comedy at this point.

Forget Wi-Fi, boffins get 150Mbps Li-Fi connection from a lightbulb


Re: You have to marvel at the bullshit that goes into marketing guff.

Alas Eddy you're the one who doesn't know what they're talking about.

When John Tserkezis said "single LED construction" he's clearly flying over your head; this doesn't mean "lights only contain one LED"; he means the light is made using a single-COLOR LED die and is internally using a phosphor coating to convert that single color into to white light. There is no such thing as a white LED die, as LEDs are by nature monochromatic. This is how all 'non-color-changing' white LEDs work.

His point (which is correct, and a very good one) is that the phosphor used for this conversion has a vastly slower on/off response time than the LED itself, and this screws up fast data comms.

Color-changing LED bulbs use Red+Green+Blue (and sometimes more) dies and modulate them to provide different colors. However the 'white' output (imo) is typically unattractive, and they're more expensive and complicated to make than a regular phosphor-conversion white LED.

Codethink jumps into the ARM server fray with Baserock Slab


Re: Looks like some Pi's*

" you can't run Linux on them?"

Mr Berger was attempting to impress with his personal knowledge of the system management controller on this product;; this is a microcontroller that nobody cares about, that indeed cannot run linux because it's.. a very small microcontroller. It's about as interesting as describing the fan blades or the screws in the chassis

BenQ W1200 HD DLP projector

Thumb Up

I got a W1100 last week

and it's excellent. 1920x1080 native resolution. The speakers are ok but you wouldn't really use them. Not too noisy; quieter on econo mode. Works great paired with a cheap NVidia ION HTPC (e.g. $150 on newegg)

Blacks are good; if you stand up close to screen you can see noise on dark colours; (this is deliberate and part of the picture processing but you can see it; still better than banding or whatever else would happen if it wasn't there)

Rainbow effect is juuust about there if you're flicking your eyes about and the image is white-on-black (e.g. credits) but it's definitely not an issue for me or wife.

At night it's very bright on a 100" screen in econo mode ; can't imagine using full power unless partial daylight or a humungous screen.

I paid $999 direct from BenQ US site and am very happy.

NOTE: Use the BENQ website room-size calculator before buying! - this project casts "up" (or down if inverted) a lot and really wants to be placed correctly due to limited optical correction abilities. For me it works great when flush against ceiling onto 100" diagonal screen