* Posts by Phil Endecott

878 publicly visible posts • joined 29 Nov 2006


UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

Phil Endecott

“updated to add”

The original version of this article said that iOS apps can’t do bluetooth in the background, so users would have to keep the phone awake and the app running in the foreground for it to work, which is completely unrealistic and so the app would be a failure.

Then the author discovered the “special modes”, as he terms them, that allow exactly this i.e. bluetooth in the background.

References to the original allegation have now been edited out.

Not quite the quality I would hope for frankly.

(Presumably this post will be “rejected”.)

Phil Endecott

Re: How does a decentralised solution avoid the backround-running restrictions?

Because Apple and Google have specifically allowed this.

Phil Endecott

I might have almost given them the benefit of the doubt until I heard that Palantir was involved.

Phil Endecott

Re: Apple and Google have too much control

> I should be able to say which app has that control, not Apple and Google.

90% of the time you do have that control, but experience shows that too many “allow permission?” popups are counterproductive. In the case of Bluetooth, it became clear that retailers were using it to track people around shops and shopping centres; as a result, Bluetooth-using apps on (some versions of?) Android now have to ask users for “fine-grained location” permission. That makes users think that legitimate apps are spying on them; there’s not enough space on the screen to explain that it’s not the app but rather 3rd parties who will get this information. It’s a horrible mess.

Phil Endecott

Re: Of course, being centrally controlled

> It could be centrally configured to neglect to alert those who the

> Government considered to be Troublemakers.

Or the opposite - do alert them and keep them at home unnecessarily.

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

Phil Endecott

Re: Look out the window?

And how do you choose who goes up and who goes down?

Left/right avoidance is easy, you both turn right. Up/down needs a rule to choose who does which. I’d be more than happy for a box of electronics to decide that.

The ultimate 4-wheel-drive: How ESA's keeping XMM-Newton alive after 20 years and beyond

Phil Endecott

Re: Worth a read of their website

Mmmmmm Melons....

Browse mode: We're not goofing off on the Sidebar of Shame and online shopping sites, says UK's Ministry of Defence

Phil Endecott

Re: world's biggest English-language news website

Reading the Daily Mail might actually motivate defence people - convince them that the country needs “defending” from nasty foreigners etc. etc.

Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin

Phil Endecott

Re: Another MBA created business model

> There has to be a an ongoing service contract that keeps the server funded.

If users have a choice of two products, one of which has an ongoing charge and the other doesn’t, they will choose the one that doesn’t.

The exception could be if there is no initial cost, just a subscription. But that would be hard for a product like this.

> you have a classic pyramid scheme

You can avoid the pyramid if the cost to the manufacturer of providing the service declines exponentially over time (the integral of an exponential decay is finite); see e.g. the falling cost of cloud storage and processing, What doesn’t decline, though, is the staff costs of keeping it running smoothly.

UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy

Phil Endecott

Re: No thanks

Are you serious about the 1/4 billion £ bit?

That’s shocking if true.

Happy birthday, ARM1. It is 35 years since Britain's Acorn RISC Machine chip sipped power for the first time

Phil Endecott

Re: Video

And the second guy is Al Thomas (I hope the surname is right), who very sadly took his own life probably not very long after that event.

Phil Endecott


Thanks for sharing the ARM @ Apple video, it has brought back some memories.

Guess who's back, back again. SE's back, tell a friend: 2020 reboot looks like an iPhone 8 and even shares components

Phil Endecott

Re: It's still the fastest Apple iPhone at the lowest Apple price

The Sony XZ2 Compact just fails your “released in thr last two years” test.


April 2018



64 GB flash

It is interesting that there aren’t more like this.

Keen to go _ExtInt? LLVM Clang compiler adds support for custom width integers

Phil Endecott

Re: What am I missing?

The issue with e.g. 128-bit integers in C is that there’s no access to the carry flag, so what would be a sequence of 4 add-with-carry instructions (on a 32-bit CPU) ends up much more complicated. (If you’re lucky the compiler will spot what you’re doing and use add-with-carry, but do you know what you have to write in C for it reliably do that?)

uint64_t a,b,c,d,e,f;


c = a + b;

bool carry = c<a;

f = d + e + (carry ? 1 : 0);

Is that correct? Does that produce the optimal two-instruction sequence?

.... now write a version for signed arithmetic!

Phil Endecott

Re: What am I missing?

What you’re missing is using that syntax anywhere other than in a field of a struct.

E.g. int:6 foo(int p1:3, unsigned p2:15);

And sizes > 32 or 64. I’d quite like a standardised 128-bit and maybe 256-bit int.

Scaleway disarms its ARM64 cloud, cites unreliable hardware as the reason

Phil Endecott

I tried to use this for a few months and it was indeed horribly unreliable.

It wasn’t unpopular. One of the problems was that for some configuration changes you needed to snapshot, shutdown, reconfigure and restart from the snapshot - and at the restart step, you could discover that there were no more instances available and you’d be in a queue - perhaps days long - for someone else to release one. Not ideal for a business. I learned a lot about how to make resilient systems, mainly by failing over to AWS when the Scaleway server crashed.

The AWS ARM instances are good and demonstrate what is possible; but maybe it’s only possible if you can make your own chips, as Amazon has. Maybe the off-the-shelf servers are not good enough yet. (My own experience with a Gigabyte ARM server motherboard was as poor as the Scaleway experience).

Scaleway’s earlier 32-bit ARM hardware was apparently reliable, though low-spec.

A paper clip, a spool of phone wire and a recalcitrant RS-232 line: Going MacGyver in the wonderful world of hotel IT

Phil Endecott

Re: Proper lash up

The other common possibility, in my experience, is that it WAS fixed properly about 3 days later but the comment was left unintentionally...

Apple: We respect your privacy so much we've revealed a little about what we can track when you use Maps

Phil Endecott

Re: Shocking

> Apple maps is actually a good product now..

It still shows half of Edinburgh Old Town as a park.

And it still shows a B&B next to me that closed 10 years ago.

Why should I trust it to be accurate anywhere else?

Let's authenticate: Beyond Identity pitches app-wrapped certificate authority

Phil Endecott

What’s the business model? (For consumers.)

If it’s paid it will fail, people will continue to use “sign in with Facebook”.

If it’s free - who is paying for it, and what are they getting in return?

Upstart Americans brandish alligators at the almighty Reg Standards Soviet

Phil Endecott

Re: Of course there is an XKCD

And this one:


Microsoft corrects '775 per cent cloud usage surge' claim: Big number only applied to Teams and only in Italy

Phil Endecott

When I saw the original number, my reaction was, “how can they possibly have enough space capacity to support a 7X increase”?

That awful moment when what you thought was a number 1 turned out to be a number 2

Phil Endecott

I experimented with an ”AI” thing that was supposed to extract meaningful content from PDFs.

It managed to change £ and € to L and E respectively, indicating that it was rasterising the PDF and then OCRing it. FAIL!

20 years later, Microsoft's still hammerin' Xamarin: Bunch of improvements on the way for cross-platform coding toolset

Phil Endecott

I think one of the most valuable things they’ve done in Mono Touch is to somehow parse Apple’s objective C API headers and auto-generate C# equivalents, with forwarding stubs. I have sometimes wondered about trying to hack that to create C++ wrappers for the iOS APIs. Maybe someone has already done that? Could be an interesting quarantine priject.

UK Carphone Warehouse shops set to sling their last phones, 2.9k redundancies hit high street, as Dixons closes all 531 'standalone' sites

Phil Endecott

Re: So fairwell, Carphone Whorehouse...

Similar story, mine was an 8310 in about 2002.

Tinfoil hat brigade switches brand allegiance to bog paper

Phil Endecott

You’re supposed to read each page before tearing it out!

Phil Endecott

I’ve been trying to decide what I should go out and buy now in order to resell at an inflated price on ebay in a few weeks.

My best idea so far is jigsaw puzzles, and copies of War and Peace.

Apple fans may think they can't get viruses but Cupertino disagrees: WWDC 2020 dev summit goes online-only

Phil Endecott

Remember to boo when they announced that just the stand for a new monitor would cost a thousand dollars?

Phil Endecott

> Another unanswered question is whether Apple will make all its content available as streaming video or only some of it? And will anyone be able to view the developer-oriented sessions, or will certain presentations be offered only to registered developers?

Previously videos of all the presentations have been available to anyone, I think.

I’m not sure how long after the event they appeared though.

See e.g. https://developer.apple.com/videos/wwdc2019/

US prez Donald Trump declares America closed to those flying in from Schengen zone over coronavirus woes

Phil Endecott

Re: Ratio of medical staff to total population

Also improves when you include the hospitals’ marketting and billing departments in medical staff.

Phil Endecott

This reminds me of when in the 90s Russia decided foreigners needed to be tested for HIV, because Russia was suffering an out-of-control AIDS epidemic and it must be the fault of outsiders.

Hello, support? What do I click if I want some cash?

Phil Endecott

Re: Barclays don't dogfood their IT

> Barclays were at least intelligent enough to log the user agent data

> from Online Banking logins

Epic fail on your part.

You shouldn’t even believe it’s from Barclays, FFS. Any email claiming to be from a bank - whether it’s your bank, another believable bank or the National Bank Of Nigeria - MUST be deleted unread.

Like a Virgin, hacked for the very first time... UK broadband ISP spills 900,000 punters' records into wrong hands from insecure database

Phil Endecott

AWS S3 bucket, by any chance?

MPs to grill Post Office and Fujitsu execs on Horizon IT scandal after workers jailed over accounting errors

Phil Endecott

Re: Kafka has nothing on this.

> It would've been interesting for a post office to set up a few high quality

> cameras pointing directly at the till, the cashier, the customer etc.

They had keyloggers, which achieved the same thing.

If the keylogger data had been looked at they would have seen that the sub postmasters had done nothing wrong. But that was a lot of work. Instead they relied on numbers from their management accounts system, which was buggy.

Come kneel with us at UK's Cathedral, er, Oil Rig of the Canal: Engineering masterpiece Anderton Boat Lift

Phil Endecott

I saw this in about 1989, while on a day out cycling along the canal towpath. It was in a very sorry state. I’m very pleased it has been saved.

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage

Phil Endecott


On the subject of ransomware, does anyone know what happened to Travelex in the end?

Some googling suggests they were eventually partially back online after a month. Would love to know what really happened.

Starship bloopers: Watch Elon Musk's Mars ferry prototype explode on the pad during liquid nitrogen test

Phil Endecott

Elon “Pedo Guy” Musk, remember.

The great big open-source census: Most-used libraries revealed – plus 10 things developers should be doing to keep their code secure

Phil Endecott

I find it surprising that I’ve never heard of any of their top-10 things, from either list.

Things like OpenSSL and Apache aren’t there. Have I misunderstood the scope of what they’re doing?

Call us immediately if your child uses Kali Linux, squawks West Mids Police

Phil Endecott

Re: Let's hope West Midlands Police learns something useful

> micro-coding bit-slices....

Micro-coding bit-slices! Pah. We just had a soldering iron and a box of resistors and capacitors in our hole in t’road.

Day 4 of outage: UK's Manchester police deploy exciting new carbon-based method to record crime

Phil Endecott

Re: Graphene


Artful prankster creates Google Maps traffic jams by walking a cartful of old phones around Berlin

Phil Endecott

Re: I don't think this does as much as people think

> 99 phones =

A tram? A couple of buses?

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage

Phil Endecott

Re: There are fifty ways to pass a message

Hop on DBus, Gus...

Gin and gone-ic: Rometty out as IBM CEO, cloud supremo Arvind Krishna takes over, Red Hat boss is president

Phil Endecott

> played a significant role in developing our key technologies such as

> artificial intelligence, cloud, quantum computing and blockchain.


It's been one day since Blighty OK'd Huawei for parts of 5G – and US politicians haven't overreacted at all. Wait, what? Surveillance state commies?

Phil Endecott

Re: Who dines at the top table?

> UK, at 5th in the pecking order IIRC,

Nope, currently 6th

What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction

Phil Endecott

Re: Also want more security info

> I see it supports pointer creation, casting and dereferencing. The

> created X86 code includes no checking of values

What “created x86 code”?

If your source C code dereferences an invalid pointer, IIUC the corresponding Wasm Javascript will access outside an array; this is trapped by the JS runtime.

Behold the Internet of Turf: IoT sucks waste energy from living plants to speak to satellites

Phil Endecott

BTW my last rant about this was something described as using “6 kWh per 1000 h”.

Dimensionally correct this time, but still fecking stupid.

Phil Endecott

> which 'costs' only 75 microWatt per message

Typical ignorant nonsensical misuse of units.

Maybe they mean 75 micro Joules per message. Or maybe they mean it consumes 75 micro Watts while sending messages (taking how long?). But who knows; it’s like saying “the shop is 30 mph away” or “the train’s top speed is 125 miles” or “this wind farm produces enough energy to supply a city the size of Bristol each day”.

'No BS' web host Gandi lives up to half of its motto... Some customer data wiped out in storage server meltdown

Phil Endecott

Re: No sympathy whatsoever

> How much money and effort does it take to make a local backup?

Possibly rather a lot if, like me, you have a system with hundreds of gigabytes of data and work from a home office with a bog-standard internet connection. “Local” backups just aren’t an option. Multiple “cloud” backups with different providers are the best available option.

Phil Endecott

Re: Talking about bullshit

AWS Lightsail makes an interesting point of comparison.

One observation is that AWS is probably one of the few places where, due to their sheer scale, hardware failures like borked disks must happen quite regularly. So whereas a small provider will have a theoretical disaster recovery plan that you hope they have rehearsed, AWS will have a routine and frequently-used process to deal with failures.

The main storage on a Lightsail instance is EBS, which is replicated within the same “availability zone”. So it should be resilient to a single disk failure, similar to how RAID is. You can then configure it to make incremental snapshots on whatever schedule you need, and these are distributed around the different availability zones in the same region.

Pricewise there are various options; compare Gandi’s “M” plan (120 GB bandwidth, 20 GB storage, about €10/month IIUC) with Lightsail’s $10/month plan : 3 TB bandwidth, 60 GB storage. You can have that in London, Dublin or a load of other places.

Lightsail’s (and AWS’s) weak point, in my experience, is the support; it seems to use Mechanical Turk and/or chatbots, rather than actual support humans. But compared to my experience with Gandi (and another European provider, Scaleway), things generally don’t go wrong so you don’t need support.

Of course this is an apples-and-oranges comparison in many ways.

Phil Endecott

That’s all completely irrelevant; you’re replying to my post, and AdamWil’s reply to that, where we say that we are using Gandi ONLY for domain registration. Stuff about backups really doesn’t apply.

What was Boeing through their heads? Emails show staff wouldn't put their families on a 737 Max over safety fears

Phil Endecott

Remember that Boeing is also a weapons company.

I mean their *entire business* hinges on .... killing hundreds of people.

The people who run this company must have a “balanced” attitude to the relative importance of human life vs. corporate profit, else they wouldn’t sell weapons. Once you’ve started to think in those terms, things like this are inevitable.