* Posts by Marco Fontani

256 publicly visible posts • joined 3 Dec 2012


McDonald's email blunder broadcasts database creds to comedy competition winners

Marco Fontani (Written by Reg staff)

Re: security.txt

... and we now do ;) Friday deploys are bliss.

Are the forums broken?

Marco Fontani (Written by Reg staff)

This time I've added a message stating the downtime will happen, so hopefully it won't be a surprise ;)

Please bring back the headings.

Marco Fontani (Written by Reg staff)

We're internally discussing this.

One note:

Since you've removed the direct link from the top of the story direct to the comments

This will soon® make a come-back.

Marco Fontani (Written by Reg staff)


We've added an aria landmark to delineate the "articles under articles" section, which should be read out to you as: "Other stories you might like".

I cannot honestly recall if we've ever had a landmark for the bottom of the article units (which contain the link to corrections, etc). From my own testing, I could quite easily navigate to the corrections, tips and comments link.

Could you let us know if you'd prefer the under-article list of corrections, etc to also get a similar landmark like the one we've just added to the "Other stories you might like" ?

Gummy bears as a unit of measure? The Reg Standards Soviet will not stand for this sort of silliness

Marco Fontani (Written by Reg staff)

Re: Brontosaurus

The original article introducing the Brontosaurus as a unit of measurement was flat-out wrong, and we fixed the converter in 2017-04-28.

It used to be 987.751 linguine to a brontosaurus, but it's really only 157 linguine long, or 2.3842 double-decker buses long, or about 11 Osmans.

Chrome zero-day bug that is actively being abused by bad folks affects Edge, Vivaldi, and other Chromium-tinged browsers

Marco Fontani (Written by Reg staff)

Re: "the flaw exists in [..] Chromium's Javascript engine"

Script is why ads should be showing up on my browser, but they don't.

I fear that might be an ad blocker or an extension or something else, as most of our ad fragments contain a "noscript" tag which ought to deliver image-based ads to users with JS disabled.

This is testable by actively disabling the browser's whole JS feature (i.e. "javascript.enable" set to false in FF's settings, or similar "javascript" set to "Off" in Chrome) and seeing that ads do indeed get delivered on a pristine browser in such a scenario.

Some extensions break that scenario as while they do block scripts from being executed, they don't seem to also properly allow "noscript" tags to be executed :/

If you want to block all JS, you can configure your browser to do just that. Noscript is something else, and it's much harder for us to work around (and show ads to people who want to keep JS "disabled" but would still be fine seeing ads).

Looking for a new tech job? Just browsing? This week's list includes roles for devs, engineers, and Perl maestros

Marco Fontani (Written by Reg staff)

Re: So El Reg is hiring?

Yup, ElReg is hiring. Previously a sysadmin/devops, now also a full-stack dev.

Perl 5 is alive and well, as also evidenced by the large amount of good jobs available (for the right type of camel herder) on https://jobs.perl.org/

Is El Reg georestricting stories?

Marco Fontani (Written by Reg staff)

Jake already eloquently put it :)

ElReg's homepage has three "editions": US/CA, AU/NZ and GB/Rest Of World.

The US and GB editions have been there from the start best I can tell; the AU edition is a bit more recent - it's only 10 years (and a few days) old.

When visiting the homepage you see a region-filtered view of what's been recently published for the homepage. So if you're visiting from the US you may see some stories which are mostly relevant to the US public, and mostly useless to a GB or AU (or indeed RoW) audience. Same goes for AU: some news are more appropriate for readers down under.

If you really want to read everything regardless of whether it's shown on the homepage for an edition, you can either look at the sections - which don't have editions, or at the Latest News page, which contains all the stories published in the last seven days, regardless of edition.

Barmy ban on businesses, Brits based in Blighty bearing or buying .eu domains is back: Cut-off date is Jan 1, 2021

Marco Fontani

dig aaaa theregister.com returned AAAA resources yesterday, but not today.

Yup, apologies, it was turned on by default which was fine while we were preparing, and we didn't "really" get many users on dot com, but now that we've switched I've turned it off as forums (and other bits) aren't yet ready for it.

Luckily this time (unlike on channelreg, where it happened a bit too much) no forum posts were "lost" (well, "saved" to /dev/null) due to (our own, self-inflicted, hopefully soon fixed) IPv6 "issues".

RSS Feed Isn't Being Updated

Marco Fontani

Re: RSS Feed Isn't Being Updated

AFAICT, we're continuing to serve the proper information in the feed:

$ curl -vso/dev/null https://www.theregister.com/headlines.rss 2>&1 | grep -e '^< \(last-modified\|cache-control\|expires\|content-type\|date\):'
< date: Thu, 04 Jun 2020 11:25:59 GMT
< content-type: application/rss+xml
< last-modified: Thu, 04 Jun 2020 11:20:30 GMT
< cache-control: max-age=1800
< expires: Thu, 04 Jun 2020 11:55:59 GMT

Dunno if maybe you need to somehow "hard refresh" your feed reader?

In any case, I've cache-busted the CDN's version of it, so it should hopefully work properly now.

New TLD redirect?

Marco Fontani

Re: New TLD redirect?

We did have both domains available for a while, as we were preparing for the switch-over - with "co uk" still being the canonical one.

Then, we made "dot com" the canonical one, and later on we started hard redirecting.

"co uk" is no more. Long live "com".

Marco Fontani

Re: Smartphone app

We heard the same when we switched from ".com" to ".co.uk".


"Something went wrong with the submission. Please try again." ... forever.

Marco Fontani

The "Powered by AMP ..." stuff is from an ad. Ads nowadays come in all shapes and sizes, and some of them even use AMPHTML in their delivered payload. themoreyouknow.gif

Unfortunately the cookie bar was a bit broken on forums and search (see other topic for more details). It's fixed now. Thanks for reporting it.

Your new cookie stuff is broken [aka why you shouldn't roll out changes on a weekend]

Marco Fontani

This should be fixed now, and the (AJAX-powered) consent form submission works on forums & search, too. The "JS disabled" version never had this problem.

Marco Fontani

Re: Your new cookie stuff is broken [aka why you shouldn't roll out changes on a weekend]

Thanks for your bug report.

I deployed this change over the week-end to ensure the smallest amount of people would be affected by whatever bug might've come up. It's unfortunately hard to ensure we never introduce bugs, but we occasionally fuck up. We do try not to, but it can happen.

The problem seems to not be entirely how you described it, but you got me looking.

It's not about whether you accept all or only customise - if you open an incognito/private window on forums, you'll find neither button works, displaying the message (but if you keep your device on landscape, you might have to scroll up to see it):

Something went wrong with the submission. Please try again.

The problem occurs on forums and search, or any other sub-domain in which we use a "base href" set to www - as the POSTing of the consent form isn't done on the correct domain (forums or search, respectively) - but is instead done to the base href (www).

I'll look into this imminently (or tomorrow morning EU time, depending) and will hopefully come up with a fix soon.

Thanks again for having reported this.

Meanwhile, might I suggest you can still manage/set/reset set your consent options through the "Your Consent Options" link in the footer.

PC owners borg into the most powerful computer the world has ever known – all in the search for coronavirus cure

Marco Fontani

Re: Very worthy

NVIDIA GeForce GTX 1080 Ti, close enough!

I've not enabled the CPU ones as despite liquid cooling the fans go crazy and even I can hear them...

The graphics card is making some fan noise and it's disturbing my partner... so I might have to take the system down for a thorough cleaning during the week-end.

Marco Fontani

Re: Very worthy

This kind of "hack" says: no problem at all (in fact, even better) IMO: the 250966 team's mentioned in this article as being made up of a bunch of Reg commentards (well, "Reg Readers" - but that's different lingo), so go for it :)

Might be also nice to link to this article, rather than the homepage, too.

I'll shut up and continue crunching - the runner-up is getting perilously close.

How many days of carefree wiping do you have left before life starts to look genuinely apocalyptic? Let's find out

Marco Fontani

Re: think out of the box?

Surely that's just bad keming on the font you're using.

Sponsored Articles

Marco Fontani

One of the videos used (which is shown as "main" rotates every few mins) was unfortunately the wrong version, meant for a different display (i.e. for our whitepapers site, for which videos _ought_ to auto-play audio). This has since been rectified. Thanks for bringing it up.

Marco Fontani

Re: Sponsored Articles

Chris Williams (Editor in chief) replied to a similar question a few weeks back, linked here.

Hope this helps!

Tech won't save you from lockdown disaster: How to manage family and free time while working from home

Marco Fontani

Re: re: maximum distance of 200m

Curfews are _great_ to ensure more people cram what they ought to/will do regardless (walking the dog, groceries, what-have-you) in fewer hours, thus ensuring that the chances of them infecting each other go up, rather than down.

Same goes for supermarket open times: the local 24/7 shops are now down to being open only ~10h/day (7h on Sunday) and it's obviously a lot more crowded at all times.

Gone are the times I could go get groceries at 1am and not see many around.. now one has to pray there's not a queue at 4pm, and risk much more than just a week or two ago.

It's madness.

Marco Fontani

Here in Italy/Lombardy, one of the places with the most restrictive rules in place as of tomorrow, we're now forbid from doing sport and motor activity done outside altogether, OTHER THAN if done "in the vicinity" of one's place of residence.

When walking one's pet for the pet's "physiological needs" one is also restricted to staying "in the vicinity" of one's residence, but also at a maximum distance of 200m from the residence.


Schermata blu di errore: Italy might be in lockdown, but the sh!tshow must go on

Marco Fontani

Re: Language pedant

Hello pedant,

"schemata blu" is what we say in Italy when Windows bluescreens. For SEO purposes, many use "schermata blu di errore", but really "schermata blu" suffices. Everyone knows that a "schemata blu" is "di errore".

See also: https://www.google.it/search?q=%22schermata+blu%22

We also usually utter a ton of not-so-nice words along with "schermata blu", too - but those aren't safe for publication and aren't restricted to Windows kernel panics. I've been guilty of uttering some really nasty ones when my Linux boxes have had a kernel panic, too.


You've duked it out with OS/2 – but how to deal with these troublesome users? Nukem

Marco Fontani

Re: Expensive

I had the same ~mid nineties (SX, 4MiB, 120MB IDE spinning rust). Was *so* glad I managed to upgrade it to a DX2 and 8 MiB RAM a few years later.. and MUCH later to IIRC 16MiB.

I eventually (much, much later) ended up replacing it with a Pentium 2 (or was it a Celeron?).

Still, the poor old 486 DX2 continued to work *so* well that the thing ended up being sat at a ISP's desk, hosting my MUD and corresponding website... *this* side of the century. 486DX2, 16MiB RAM, spinning rust, running Slackware Linux.

Nowadays, one wouldn't even *hope* of getting that mileage out of a PC...

We regret to inform you there are severe delays on the token ring due to IT nerds blasting each other to bloody chunks

Marco Fontani

Re: Captcha

The content of a post can/could trigger the web application firewall, which in turn can/could require a reCAPTCHA to be completed for it to go through; other times (depending on the actual content), it can/could be denied outright - without offering the possibility to complete a reCAPTCHA for it to go through.

If it happens again, and assuming you're eager to help troubleshooting this... could you please follow https://www.theregister.co.uk/Page/problem.html and send us an email at webmaster@ ? That'd help a lot, thanks!

Going Dutch: The Bakker Elkhuizen UltraBoard 950 Wireless... because looks aren't everything

Marco Fontani

Re: El Reg shitty photography

I'm not a huge fan of Markdown, but this seems just the sort of thing it was invented for.

Markdown is great if all you need is the subset of things that it makes easy - bold, italics, a simple link or a simple (already cut to size) image embed. Hell, I use it all the time in a number of places. I use it in hugo for my blog, too.

It has limitations.

An "image unit" which comprises of a centered image with an optional description, and possibly linking to a larger version... hits those limitations. I'd love to see the markdown to make that happen.

Chances are it'd either look like the HTML, or it would be so messy that the HTML version would be far more readable.

Change to front page

Marco Fontani

Just most of them?

The vast majority is just spam or SEO shit which might as well be spam.

When a genuine person writes, I usually take the time to reply when I have an answer, which might not be immediately.

Marco Fontani

Why not put it at the footer if you want a cleaner top-bar?

That's exactly what we've gone with. Second-last item in the "More content' list.

Hope this helps!

Marco Fontani

but no longer has the links to the general and article forums in it. That's now on a larger bar at the top

"User topics" gets you to the user forums; "Article topics" gets you to the article forums.

Re "a way to get to the forums", I personally just type "forums" on the URL bar, and I pick the first result - but I might be biased.. we'll find a way to "help" navigating to the forums, in a manner that isn't front-and-centre like the link in the top bar used to be.

Re complaining, you can always direct your ire at webmaster@ if you feel so inclined. Not all emails sent there are sent to /dev/null.

Marco Fontani


We've gotten rid of all the top links, as they weren't deemed worth the "above the fold" real estate they were taking up.

The forums indexes ("Article topics", "User topics") are still available, and one can still directly go to them - but we're not linking to the forum homepage, or to other links we used to have in the top nav bar, with the same prominence.

I'm not sure what you mean by "the list of forums also appears changed" - we've done no change recently to the forums layout, list of sections, or anything like that.

Hope this helps!

With Great Power, Great Responsibility.

Marco Fontani


Marco Fontani

It's Hipp to be square: What happened when SQLite creator met GitHub

Marco Fontani

Re: rebase is important and useful

I can't understand what's wrong with rebase, either on public branches or on private branches.

We use it for _both_ all the time.

The only thing that should be fast-forward only is master. Period. Everything else is fair game.

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE

Marco Fontani

Re: In anticipation of the inevitable "why hasn't el reg got ip6 access" ?

That should be fine if you just add www; it will also work for "reads" of forums and search, but will not work for posting on forums (which is part of what we have yet to finish updating for full IPv6 support).

The image hosting domain, regmedia.co.uk, is also IPv6 and has been IPv6 for quite a while.

Forum posts which "fail" due to the poster having contacted forums using an IPv6 address will be rm -f until we can properly support IPv6. Not the user; the post. I'm not the BOFH, I don't rm -f people.

Margin mugs: A bank paid how much for a 2m Ethernet cable? WTF!

Marco Fontani

Re: Not just business

You've since been promoted to being a SILVER badge holder. That'll tell them!

Frameworky Goodness: Mojolicious (Perl)

Marco Fontani

I'd recommend also looking into Minion, the Mojolicious-related queue manager/runner, which is at the same level of (Perl) awesomeness

Feature request

Marco Fontani


If a post has ever been made visible / has been approved, prior to having been withdrawn, we show "This post has been deleted by its author".

This happens fairly often as we kinda auto-approve posts after you've been a (non-naughty) user of the site for a little while.

if instead a story's forum is moderated, or you're getting moderated... or you've not yet reached the threshold for your posts to be auto-accepted, and you submit a post which hasn't been accepted yet.. and then withdraw it... in that case, instead, we just won't show the post at all.

Hope this helps!

Four more years! Four more years! Svelte Linux desktop Xfce gets first big update since 2015

Marco Fontani

Re: Debian?

Best I can tell, Devuan ships with 4.12, not 4.14 :/


Marco Fontani

Re: Debian?

That doesn't change the new version appearing in Buster, which was my point.

Compiling (and installing) it myself is also something I'd rather avoid, as sooner or later I'd be left with Yet Another Frankendebian, which is what I'd really like to avoid having :)

On my computer, the WM, DM, etc are all OS-provided; "personal apps" are what I can compile myself/track development & security bulletins for, but I most often than not run those in containers.. and it's not _that_ easy to run a DM in a container (but browsers run "fine", for large variations of "fine").

So, I'll just wait for it to hit testing and I'll get it if and when I'll next move to testing.

Marco Fontani

Re: Debian?

Unfortunately the Debian Buster freeze was already underway when XFCE released this new version. If they released it ~6 months earlier, it might've ended in Buster.

Alas, there's not much to do about it now.

Marco Fontani

I disagree with the premise; a desktop manager should be as visible or invisible as you want it to be.

I use i3wm, and my windowing manager is pretty much invisible... but I also long for some desktop manager features, like a notification system and a system tray which doesn't suck.

Rather than reinventing the wheel, I've usually opted to use the XFCE or the LXQt desktop environments / desktop bars, which give me the right amount of desktop management I need; no more, no less.

XFCE was lagging behind quite a bit, so on my last reinstall I opted for LXQt.

Unfortunately for Debian Buster the ship has sailed, as it ships with 4.12.15 and I'm unlikely to want to end up with a Frankendebian any more than I already have.

The day I'll switch to testing again, I'm very likely to again try it out. It looks good!

Dear Planet Earth: Patch Webmin now – zero-day exploit emerges for potential hijack hole in server control panel

Marco Fontani

How is the release signed? Using a key on the build box?

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

Marco Fontani

Re: Meanwhile...

IPv6 is "on" for _all_ places we could enable it at the flick of a button. ALL of them, bar none.

... like our image hosting domain, regmedia.co.uk

All images you load, or all assets you request from that domain, are likely to be served over IPv6 if that's your preferred method of connecting to the interwebz.

Not all hope is lost - it's "only" the main content site that lacks IPv6.

with absolutely no public explanation

Seriously? No public explanation? Look at my comment history, and look for "IPv6".

https://forums.theregister.co.uk/forum/containing/3687246 - 4th Jan 2019

https://forums.theregister.co.uk/forum/containing/3579103 - 1st August 2018

https://forums.theregister.co.uk/forum/containing/3536352 - 7th June 2018

https://forums.theregister.co.uk/forum/containing/3521098 - 22nd May 2018

It comes up in every IPv6-related thread, and usually in the same condescending manner (not your case!): "my phone has IPv6 only!" "my car has IPv6, why can't you" and whatever else.

My/our reasons are still the same. We're a small team; we have other priorities; the business has other priorities; my own business ISP still doesn't give me proper IPv6 connectivity; I have to use he.net's IPv6 tunnel; bits and bobs in our system (database fields, some validator, other bits and bobs) still can't deal with IPv6.

All those reasons are still the case, and will continue to be the case until the situation or the priorities change.

The very moment I'll be sure that the systems can deal with it, it'll likely be the most happy I've ever been at flicking a deploy button, and I look a LOT forward to being able to do that ;)

It's official: Deploying Facebook's 'Like' button on your website makes you a joint data slurper

Marco Fontani

Re: That's a per asset cache bust string

Both IGotOut and Donn Bly claim to have the same url, and it's also shared across articles

Yes, as it should be - as it's the exact same icon! Its "unique" URL ensures it's only fetched once by your browser, and reused if it's in its cache, as it should be. With that URL structure, and assuming you don't clear all caches when your browser closes, and assuming you have enough space in your browser's cache (and... yadda yadda yadda) you only "pay" the "download price" for that image once every 13months, as that's the validity of a "design picker" URL.

If we ever were to change the image served by that path part (sans SHA), and for some obscure reason we wanted to retain its path part as-is (which is silly... just create a new file!), we would have the option of "simply" sticking in a new SHA, and everyone would fetch the new image, and cache the new image for 13mo.

This isn't _that_ useful for static assets like furniture images, or site logo, or the like - as those very seldom change and often enough we can/do/will just use a new file name. This is, though, _very_ useful for us to be able to cache-bust the site JS and CSS at-will "just" by changing the SHA in the URL.

The reason we put the cache bust string on all those places is simply because this way we can be conservative in the expiration time given when the "real" /Design/... file is requested (7d) and can be lax (13mo expiration) when the URL path is, instead, "more unique".

Think of the /design_picker/SHA/PATH as a RewriteRule for /PATH, which adds a longer expiration time - that's pretty much exactly what it is; no more, and no less.

It's (also) a cache buster, and it's working exactly how it should be - for the things that need it as a cache buster; for those who need it for the higher expiration time, it's also performing as required.

Hope this helps! For anything more, though, webmaster@

Marco Fontani

Re: No f in button?

The button is a "share on Facebook" button, which is why it requests you log in in order to complete the operation. Same goes for all other login protected sites you'd want to share an article with via the widget: if you aren't logged in, and the site doesn't allow sharing links anonymously, you'll have to log in to use it, and "be tracked". Somehow it doesn't scream as much "dark pattern" as what the article talks about w/regards to the "like" button which instead allegedly tracks by default?

Marco Fontani

Re: No f in button?

That's a per asset cache bust string, set to whatever git sha1 for master was "current" at the time the asset was introduced. We use those everywhere, not just for the Facebook image. Grep the site source for picker.

I got 502 problems, and Cloudflare sure is one: Outage interrupts your El Reg-reading pleasure for almost half an hour

Marco Fontani

Re: Independence

it just doesn't fit right to me that the mighty El Reg - who operate using open source [...] have such a dependency on a commercial 3rd party.

We also have another hard dependency on a commercial third party in the form of the providers of the servers we use; same goes for the commercial third party OS installed in the load balancer, the firewall, etc. as well as other bits and pieces which there's either no free software or open source version available for, or for which it's infeasible to use one. I don't think it's avoidable much. Where should one stop? Organically in-house grown free BIOS-laden servers?

DDoS comment aside it's an optional choice to place your tin behind Cloudflare, not a technical necessity

Having a sorta kinda CDN in front of the infrastructure provides other technical tangible benefits. Substitute Cloudflare with Akamai or Fastly and it'd be kinda the same, modulo feature set. Should we hand-roll our own CDN? I strongly prefer not to, and I do like the fact I don't have to as there's a commercial service available which can do it for us. The only other alternative would be to not have one at all, and that'd be worse for us, even worse than having to hand-manage a home-rolled one.

Unfortunately, as all things - sometimes things go TITSUP and there's not a lot we can do about it.

At other times, some of our previous ISP's network went TITSUP - and there wasn't a lot we could do about it, either. We can control some things; just not all of them; or, if we can - it's probably too time consuming to control it down to the tiny bits.

What we can and do control is what's running on our servers, and that's a fairly healthy mix of mostly free and open source software, with some commercial stuff peppered in-between.

Just my 2c :)

Cloudflare hits the deck, websites sink from sight after the internet springs yet another BGP leak

Marco Fontani

Re: By Richard Speed 24 Jun 2019 at 13:07

3 mins ago..

But it's actually 1 hour 3 mins ago.

Dear El'Reg what's going on!

The "minutes ago" is js-based, and uses your local timezone to perform the computation.

All non-relative times on the website are in UTC - which as it so happens is one hour behind BST, the current time zone in Europe/London, as daylight savings are in effect.