Re: security.txt
... and we now do ;) Friday deploys are bliss.
256 publicly visible posts • joined 3 Dec 2012
Hi,
We've added an aria landmark to delineate the "articles under articles" section, which should be read out to you as: "Other stories you might like".
I cannot honestly recall if we've ever had a landmark for the bottom of the article units (which contain the link to corrections, etc). From my own testing, I could quite easily navigate to the corrections, tips and comments link.
Could you let us know if you'd prefer the under-article list of corrections, etc to also get a similar landmark like the one we've just added to the "Other stories you might like" ?
The original article introducing the Brontosaurus as a unit of measurement was flat-out wrong, and we fixed the converter in 2017-04-28.
It used to be 987.751 linguine to a brontosaurus, but it's really only 157 linguine long, or 2.3842 double-decker buses long, or about 11 Osmans.
Script is why ads should be showing up on my browser, but they don't.
I fear that might be an ad blocker or an extension or something else, as most of our ad fragments contain a "noscript" tag which ought to deliver image-based ads to users with JS disabled.
This is testable by actively disabling the browser's whole JS feature (i.e. "javascript.enable" set to false in FF's settings, or similar "javascript" set to "Off" in Chrome) and seeing that ads do indeed get delivered on a pristine browser in such a scenario.
Some extensions break that scenario as while they do block scripts from being executed, they don't seem to also properly allow "noscript" tags to be executed :/
If you want to block all JS, you can configure your browser to do just that. Noscript is something else, and it's much harder for us to work around (and show ads to people who want to keep JS "disabled" but would still be fine seeing ads).
Jake already eloquently put it :)
ElReg's homepage has three "editions": US/CA, AU/NZ and GB/Rest Of World.
The US and GB editions have been there from the start best I can tell; the AU edition is a bit more recent - it's only 10 years (and a few days) old.
When visiting the homepage you see a region-filtered view of what's been recently published for the homepage. So if you're visiting from the US you may see some stories which are mostly relevant to the US public, and mostly useless to a GB or AU (or indeed RoW) audience. Same goes for AU: some news are more appropriate for readers down under.
If you really want to read everything regardless of whether it's shown on the homepage for an edition, you can either look at the sections - which don't have editions, or at the Latest News page, which contains all the stories published in the last seven days, regardless of edition.
dig aaaa theregister.com returned AAAA resources yesterday, but not today.
Yup, apologies, it was turned on by default which was fine while we were preparing, and we didn't "really" get many users on dot com, but now that we've switched I've turned it off as forums (and other bits) aren't yet ready for it.
Luckily this time (unlike on channelreg, where it happened a bit too much) no forum posts were "lost" (well, "saved" to /dev/null) due to (our own, self-inflicted, hopefully soon fixed) IPv6 "issues".
AFAICT, we're continuing to serve the proper information in the feed:
$ curl -vso/dev/null https://www.theregister.com/headlines.rss 2>&1 | grep -e '^< \(last-modified\|cache-control\|expires\|content-type\|date\):'
< date: Thu, 04 Jun 2020 11:25:59 GMT
< content-type: application/rss+xml
< last-modified: Thu, 04 Jun 2020 11:20:30 GMT
< cache-control: max-age=1800
< expires: Thu, 04 Jun 2020 11:55:59 GMT
Dunno if maybe you need to somehow "hard refresh" your feed reader?
In any case, I've cache-busted the CDN's version of it, so it should hopefully work properly now.
The "Powered by AMP ..." stuff is from an ad. Ads nowadays come in all shapes and sizes, and some of them even use AMPHTML in their delivered payload. themoreyouknow.gif
Unfortunately the cookie bar was a bit broken on forums and search (see other topic for more details). It's fixed now. Thanks for reporting it.
Thanks for your bug report.
I deployed this change over the week-end to ensure the smallest amount of people would be affected by whatever bug might've come up. It's unfortunately hard to ensure we never introduce bugs, but we occasionally fuck up. We do try not to, but it can happen.
The problem seems to not be entirely how you described it, but you got me looking.
It's not about whether you accept all or only customise - if you open an incognito/private window on forums, you'll find neither button works, displaying the message (but if you keep your device on landscape, you might have to scroll up to see it):
Something went wrong with the submission. Please try again.
The problem occurs on forums and search, or any other sub-domain in which we use a "base href" set to www - as the POSTing of the consent form isn't done on the correct domain (forums or search, respectively) - but is instead done to the base href (www).
I'll look into this imminently (or tomorrow morning EU time, depending) and will hopefully come up with a fix soon.
Thanks again for having reported this.
Meanwhile, might I suggest you can still manage/set/reset set your consent options through the "Your Consent Options" link in the footer.
NVIDIA GeForce GTX 1080 Ti, close enough!
I've not enabled the CPU ones as despite liquid cooling the fans go crazy and even I can hear them...
The graphics card is making some fan noise and it's disturbing my partner... so I might have to take the system down for a thorough cleaning during the week-end.
This kind of "hack" says: no problem at all (in fact, even better) IMO: the 250966 team's mentioned in this article as being made up of a bunch of Reg commentards (well, "Reg Readers" - but that's different lingo), so go for it :)
Might be also nice to link to this article, rather than the homepage, too.
I'll shut up and continue crunching - the runner-up is getting perilously close.
Curfews are _great_ to ensure more people cram what they ought to/will do regardless (walking the dog, groceries, what-have-you) in fewer hours, thus ensuring that the chances of them infecting each other go up, rather than down.
Same goes for supermarket open times: the local 24/7 shops are now down to being open only ~10h/day (7h on Sunday) and it's obviously a lot more crowded at all times.
Gone are the times I could go get groceries at 1am and not see many around.. now one has to pray there's not a queue at 4pm, and risk much more than just a week or two ago.
It's madness.
Here in Italy/Lombardy, one of the places with the most restrictive rules in place as of tomorrow, we're now forbid from doing sport and motor activity done outside altogether, OTHER THAN if done "in the vicinity" of one's place of residence.
When walking one's pet for the pet's "physiological needs" one is also restricted to staying "in the vicinity" of one's residence, but also at a maximum distance of 200m from the residence.
/shrug
Hello pedant,
"schemata blu" is what we say in Italy when Windows bluescreens. For SEO purposes, many use "schermata blu di errore", but really "schermata blu" suffices. Everyone knows that a "schemata blu" is "di errore".
See also: https://www.google.it/search?q=%22schermata+blu%22
We also usually utter a ton of not-so-nice words along with "schermata blu", too - but those aren't safe for publication and aren't restricted to Windows kernel panics. I've been guilty of uttering some really nasty ones when my Linux boxes have had a kernel panic, too.
HTH
I had the same ~mid nineties (SX, 4MiB, 120MB IDE spinning rust). Was *so* glad I managed to upgrade it to a DX2 and 8 MiB RAM a few years later.. and MUCH later to IIRC 16MiB.
I eventually (much, much later) ended up replacing it with a Pentium 2 (or was it a Celeron?).
Still, the poor old 486 DX2 continued to work *so* well that the thing ended up being sat at a ISP's desk, hosting my MUD and corresponding website... *this* side of the century. 486DX2, 16MiB RAM, spinning rust, running Slackware Linux.
Nowadays, one wouldn't even *hope* of getting that mileage out of a PC...
The content of a post can/could trigger the web application firewall, which in turn can/could require a reCAPTCHA to be completed for it to go through; other times (depending on the actual content), it can/could be denied outright - without offering the possibility to complete a reCAPTCHA for it to go through.
If it happens again, and assuming you're eager to help troubleshooting this... could you please follow https://www.theregister.co.uk/Page/problem.html and send us an email at webmaster@ ? That'd help a lot, thanks!
I'm not a huge fan of Markdown, but this seems just the sort of thing it was invented for.
Markdown is great if all you need is the subset of things that it makes easy - bold, italics, a simple link or a simple (already cut to size) image embed. Hell, I use it all the time in a number of places. I use it in hugo for my blog, too.
It has limitations.
An "image unit" which comprises of a centered image with an optional description, and possibly linking to a larger version... hits those limitations. I'd love to see the markdown to make that happen.
Chances are it'd either look like the HTML, or it would be so messy that the HTML version would be far more readable.
but no longer has the links to the general and article forums in it. That's now on a larger bar at the top
"User topics" gets you to the user forums; "Article topics" gets you to the article forums.
Re "a way to get to the forums", I personally just type "forums" on the URL bar, and I pick the first result - but I might be biased.. we'll find a way to "help" navigating to the forums, in a manner that isn't front-and-centre like the link in the top bar used to be.
Re complaining, you can always direct your ire at webmaster@ if you feel so inclined. Not all emails sent there are sent to /dev/null.
Hi,
We've gotten rid of all the top links, as they weren't deemed worth the "above the fold" real estate they were taking up.
The forums indexes ("Article topics", "User topics") are still available, and one can still directly go to them - but we're not linking to the forum homepage, or to other links we used to have in the top nav bar, with the same prominence.
I'm not sure what you mean by "the list of forums also appears changed" - we've done no change recently to the forums layout, list of sections, or anything like that.
Hope this helps!
That should be fine if you just add www; it will also work for "reads" of forums and search, but will not work for posting on forums (which is part of what we have yet to finish updating for full IPv6 support).
The image hosting domain, regmedia.co.uk, is also IPv6 and has been IPv6 for quite a while.
Forum posts which "fail" due to the poster having contacted forums using an IPv6 address will be rm -f
until we can properly support IPv6. Not the user; the post. I'm not the BOFH, I don't rm -f
people.
Hi,
If a post has ever been made visible / has been approved, prior to having been withdrawn, we show "This post has been deleted by its author".
This happens fairly often as we kinda auto-approve posts after you've been a (non-naughty) user of the site for a little while.
if instead a story's forum is moderated, or you're getting moderated... or you've not yet reached the threshold for your posts to be auto-accepted, and you submit a post which hasn't been accepted yet.. and then withdraw it... in that case, instead, we just won't show the post at all.
Hope this helps!
That doesn't change the new version appearing in Buster, which was my point.
Compiling (and installing) it myself is also something I'd rather avoid, as sooner or later I'd be left with Yet Another Frankendebian, which is what I'd really like to avoid having :)
On my computer, the WM, DM, etc are all OS-provided; "personal apps" are what I can compile myself/track development & security bulletins for, but I most often than not run those in containers.. and it's not _that_ easy to run a DM in a container (but browsers run "fine", for large variations of "fine").
So, I'll just wait for it to hit testing and I'll get it if and when I'll next move to testing.
I disagree with the premise; a desktop manager should be as visible or invisible as you want it to be.
I use i3wm, and my windowing manager is pretty much invisible... but I also long for some desktop manager features, like a notification system and a system tray which doesn't suck.
Rather than reinventing the wheel, I've usually opted to use the XFCE or the LXQt desktop environments / desktop bars, which give me the right amount of desktop management I need; no more, no less.
XFCE was lagging behind quite a bit, so on my last reinstall I opted for LXQt.
Unfortunately for Debian Buster the ship has sailed, as it ships with 4.12.15 and I'm unlikely to want to end up with a Frankendebian any more than I already have.
The day I'll switch to testing again, I'm very likely to again try it out. It looks good!
IPv6 is "on" for _all_ places we could enable it at the flick of a button. ALL of them, bar none.
... like our image hosting domain, regmedia.co.uk
All images you load, or all assets you request from that domain, are likely to be served over IPv6 if that's your preferred method of connecting to the interwebz.
Not all hope is lost - it's "only" the main content site that lacks IPv6.
with absolutely no public explanation
Seriously? No public explanation? Look at my comment history, and look for "IPv6".
https://forums.theregister.co.uk/forum/containing/3687246 - 4th Jan 2019
https://forums.theregister.co.uk/forum/containing/3579103 - 1st August 2018
https://forums.theregister.co.uk/forum/containing/3536352 - 7th June 2018
https://forums.theregister.co.uk/forum/containing/3521098 - 22nd May 2018
It comes up in every IPv6-related thread, and usually in the same condescending manner (not your case!): "my phone has IPv6 only!" "my car has IPv6, why can't you" and whatever else.
My/our reasons are still the same. We're a small team; we have other priorities; the business has other priorities; my own business ISP still doesn't give me proper IPv6 connectivity; I have to use he.net's IPv6 tunnel; bits and bobs in our system (database fields, some validator, other bits and bobs) still can't deal with IPv6.
All those reasons are still the case, and will continue to be the case until the situation or the priorities change.
The very moment I'll be sure that the systems can deal with it, it'll likely be the most happy I've ever been at flicking a deploy button, and I look a LOT forward to being able to do that ;)
Both IGotOut and Donn Bly claim to have the same url, and it's also shared across articles
Yes, as it should be - as it's the exact same icon! Its "unique" URL ensures it's only fetched once by your browser, and reused if it's in its cache, as it should be. With that URL structure, and assuming you don't clear all caches when your browser closes, and assuming you have enough space in your browser's cache (and... yadda yadda yadda) you only "pay" the "download price" for that image once every 13months, as that's the validity of a "design picker" URL.
If we ever were to change the image served by that path part (sans SHA), and for some obscure reason we wanted to retain its path part as-is (which is silly... just create a new file!), we would have the option of "simply" sticking in a new SHA, and everyone would fetch the new image, and cache the new image for 13mo.
This isn't _that_ useful for static assets like furniture images, or site logo, or the like - as those very seldom change and often enough we can/do/will just use a new file name. This is, though, _very_ useful for us to be able to cache-bust the site JS and CSS at-will "just" by changing the SHA in the URL.
The reason we put the cache bust string on all those places is simply because this way we can be conservative in the expiration time given when the "real" /Design/... file is requested (7d) and can be lax (13mo expiration) when the URL path is, instead, "more unique".
Think of the /design_picker/SHA/PATH as a RewriteRule for /PATH, which adds a longer expiration time - that's pretty much exactly what it is; no more, and no less.
It's (also) a cache buster, and it's working exactly how it should be - for the things that need it as a cache buster; for those who need it for the higher expiration time, it's also performing as required.
Hope this helps! For anything more, though, webmaster@
The button is a "share on Facebook" button, which is why it requests you log in in order to complete the operation. Same goes for all other login protected sites you'd want to share an article with via the widget: if you aren't logged in, and the site doesn't allow sharing links anonymously, you'll have to log in to use it, and "be tracked". Somehow it doesn't scream as much "dark pattern" as what the article talks about w/regards to the "like" button which instead allegedly tracks by default?
it just doesn't fit right to me that the mighty El Reg - who operate using open source [...] have such a dependency on a commercial 3rd party.
We also have another hard dependency on a commercial third party in the form of the providers of the servers we use; same goes for the commercial third party OS installed in the load balancer, the firewall, etc. as well as other bits and pieces which there's either no free software or open source version available for, or for which it's infeasible to use one. I don't think it's avoidable much. Where should one stop? Organically in-house grown free BIOS-laden servers?
DDoS comment aside it's an optional choice to place your tin behind Cloudflare, not a technical necessity
Having a sorta kinda CDN in front of the infrastructure provides other technical tangible benefits. Substitute Cloudflare with Akamai or Fastly and it'd be kinda the same, modulo feature set. Should we hand-roll our own CDN? I strongly prefer not to, and I do like the fact I don't have to as there's a commercial service available which can do it for us. The only other alternative would be to not have one at all, and that'd be worse for us, even worse than having to hand-manage a home-rolled one.
Unfortunately, as all things - sometimes things go TITSUP and there's not a lot we can do about it.
At other times, some of our previous ISP's network went TITSUP - and there wasn't a lot we could do about it, either. We can control some things; just not all of them; or, if we can - it's probably too time consuming to control it down to the tiny bits.
What we can and do control is what's running on our servers, and that's a fairly healthy mix of mostly free and open source software, with some commercial stuff peppered in-between.
Just my 2c :)
3 mins ago..
But it's actually 1 hour 3 mins ago.
Dear El'Reg what's going on!
The "minutes ago" is js-based, and uses your local timezone to perform the computation.
All non-relative times on the website are in UTC - which as it so happens is one hour behind BST, the current time zone in Europe/London, as daylight savings are in effect.