* Posts by -v(o.o)v-

90 posts • joined 17 Oct 2013


Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months


Woosh... Went right over you right?


I for one do NOT see this as being reasonable.

I have hundreds of certificates on different embedded-like endpoints. They get certificates with very long lifetime from the internal PKI. They are (currently) secure and changing them cannot be automated.

If other browser makers follow suit I'm forced to just start living with certificate errors - there's no way these will be changed yearly.

It seems idiotic, the browser could test if the certificate is weak instead of just blindly warning on lifetime!

He’s a pain in the ASCII to everybody. Now please acquit my sysadmin client over these CIA Vault 7 leaking charges


Logs could be modified? Really?? What kind of Mickey mouse operation is it? Beggars belief...


Indeed - how come there's always, always kiddie porn "found" from leakers' machines??

Just look at past reg pieces and it's always the same story. Kiddie porn found first.

As pressure builds over .org sell-off, internet governance bodies fall back into familiar pattern: Silence


Vint Cerf

I propose that from hereafter Vint Cerf will be referred to as:

The disgraced internet figure Vint Cerf.

Cubans launching sonic attacks on US embassy? Not what we're hearing, say medical boffins


Re: Were previous medical reports wrong?

Later news articles said the "same" "symptoms" and fears of a sonic weapon were found in China also.

Look it up.

Weird Flex but OK: New Samsung laptop lines haul QLED monitor tech squinting into the sun


They do look good. I'll stick to my T-series.

You're ARIN a laugh: Critical internet org accused of undercutting security over legal fears


It is pretty ridiculous. Do DNS root servers require signing a legal document? No.

A problem with those could lead to much larger problems.

Facebook: Remember how we promised we weren’t tracking your location? Psych! Can't believe you fell for that


Re: Small correction re. Android

What do you mean "beta"? My Pixel had updated to a final release, I'm in no beta program.


Re: Interesting phrasing

On Android 10 the Google apps will ask about background location the same way as any app.

Why does the reporter think that Android 10 is not yet released?

GIMP open source image editor forked to fix 'problematic' name


Re: Next up...

Mediainfo is much better

Huawei is planning to inject $436m into Arm-based server silicon


Re: "the company presents a national security risk"

Oh please. Everyone in the industry knows that security of Huawei products leaks like a sieve and the software engineering culture is not on par to C/J.

If the US was serious in wanting to keep appearances they would focus on that instead of the ridiculous "the government backdoors".

Boeing's 737 Max woes trigger BEEELLIONS in losses – and that's just for the latest quarter


Remember now, it's very simple:

"If it has split scimitars, I'm not going."

JavaScript tracking punks given a thrashing by good old-fashioned server log analytics


The article refers to a Matomo cloud service. Matomo (used to be called Piwik) software is open-source and free. We are using it for several million daily pages, works quite well with some tweaks.

Shall we strip price caps from .org, mulls ICANN. Hm, people seem really upset... OK, let's do it


I'm not going to even bother to rant about these clowns.

ICANN sucks.

You're not Boeing to believe this, but... Another deadly 737 Max control bug found


*Maneuvering Characteristics* Augmentation System

I do not agree.

Many in the industry seem to think that the reason for MCAS is simply the FAA certification requirements for handling characteristics i.e. "as nose pitches up, increasing aft stick force must be required" (paraphrasing but the FAA original text may be found easily from a certain forum or with much more effort from the original text (FAR?)), without MCAS the stick would lighten due to the aforementioned engine nacelles generating lift.

The other opinion is that it is there for FAA longitudinal stability requirements.

In a way both of them *do* protect against stall but especially Boeing is adamant that it is not stall protection system. And specifically, this is different issue from classic pitch/power couple that many seem to mistake it for.

Personally, I believe it is due to the former certification requirement. It may have something to do with type rating - but the aircraft would be simply uncertifiable without MCAS, type rating had little to do with it.

Vivaldi to give abusive sites the middle finger with built-in ad blocking


If it walks like a

We don't need to fork it, well just maintain a change to it - sounds like the very definition of a fork.

Also: is Vivaldi good and stable? Looking for an alternative to the current standard browser (Chrome) in the company.

Cram this in your Pai hole! New York, Cali, eight other US states sue to stop T-Mobile-Sprint merger



I wonder how big pile of $ made him sell himself and all his decency.

How does it feel to be one of the most hated American figures? Since he seems totally shameless, probably just OK and not giving a f all the way to the bank.

LTO-8 tape media patent lawsuit cripples supply as Sony and Fujifilm face off in court


Re: Every Two Years...


There just isn't any technology available that can meet all the use cases where tape is needed currently.

If there was then tape *would* already be dead!

Fact is, tape is not going anywhere until some new breakthrough is found in storage media. 3D storage was mentioned earlier. Cheap NAND flash could *maybe* be an option if adapted to some kind of cartridges.

Durability, transportability, speed, ...


Re: Bye-bye tape drives

And after a disaster, how do those hard drives in Romania get the data back to you?

Over the Internet?

Better have a 10G upstream connection, then.

I won't even bother to calculate how long it would take to download any larger than "small" amount of data. Can those cloud storage services even send the data back at 10G? Especially if the location needing DR does not directly peer with the cloud provider (which is usually the case)?

Since we are talking about LTO-8, we are obviously backing up mid-high double digits to few hundred TB minimum here.

Uh-oh .io: Question mark hangs over trendy tech startup domains as UN condemns British empire hangover


Re: Those who do not learn history...

And Moroccans should be sent back from the Western Sahara...


Even the ccTLD for the Soviet Union exists to this day. Don't think io is going anywhere.

Boeing admits 737 Max sims didn't accurately reproduce what flying without MCAS was like


Re: Simulators

I am *very* well aware of this Max issue. See my post history.

Boeing actually did test the aerodynamic forces on the STAB and apparently a fairly big woman could not move the trim wheel in a test bench at high air speeds and trim near extreme.

This, as we all know now, did not change anything at Boeing.

FAA requires the operation to be possible "without exceptional skill", Boeing failed on this with the trim wheel. Yes, there is the "rollercoaster" maneuver that might not be possible in 4000' and IIRC was not included anymore even in the NG FCOM...

Regarding your last sentence, I actually disagree. The Lion Air crash flight had the captain successfully fight MACS 20+ times before the FO lost it. The flight before on the same plane landed, thanks to a jumpseat pilot.

My point is that there is some truth to the "just fly the plane" adage. Both accidents indeed were chains of events. Boeing was the biggest culprit here but an "above average" pilot could have saved the flights, perhaps with some luck.

Just keep hanging the ANU trim switch, not a half-a**ed blip here and there.

Both airlines have serious issues (as do Boeing and the FAA), flying to destination with stick shaker on all the time?? Hello? Trying to engage AP with stick shaker on? and not following the *memory items* for unreliable IAS (power, pitch)?

I am not blaming the pilots. They were a product of their training and airline culture. Seems a bit of a case of the children of the magenta.

What *almost everyone* has missed was this mention in these comments is an *extremely important point*: AoA disagree was marked "where fitted"!!!

This totally contradicts the "oh it should be there in all the planes, we just made a mistake" line from Boeing, if true!!

Also initial reports I read said that this definitely was listed as an option, I am not clear on if it was to be included in the 50k AoA indicator or a separate option.

Regarding simulators: Southwest contract with Boeing had a clause that if any sim training is required there is a penalty of 1M per airframe.

Normalization of deviance - as so often.

Regulatory capture.

The real villains of this sad story can be found at higher levels of Boeing and at the FAA.


Re: Boeing - would you buy an aircraft from them?

The "kludge" you speak of is an actual FAA certification requirement regarding stick forces, not just to make it like the other 737 in the family.


Oh, the mythical Max simulators, of which probably 1 exists outside of Boeing??

Want a good Android smartphone without the $1,000+ price tag? Then buy Google's Pixel 3a


Re: more convenient that having it on the front.

Sends fingerprint to Google???

Are you perhaps also allergic to electricity?

Are the men in black silent helicopters also lurking you in the shadows?

You, sir, are clueless.

Backup bods Backblaze: Disk drive reliability improving


I wish a proper statistical analysis would have been done. For example the single drive out of 100 does not really say anything.

Boeing boss denies reports 737 Max safety systems weren't active


The article contains some factual errors.

1- The nose-up condition is not due to pitch/power but due to the engine nacelles creating lift at high AoA.

2- MCAS is not a stall-prevention system but simply, as the name states, modifies the maneuvering characteristics i.e. control forces on the yoke, in effect causing the yoke to need increased power to be pulled aft as the AoA increases. This is simply an FAA certification requirement and the airframe could not be certified without a system such as stick pusher, MCAS, etc. The additional lift of the nacelles would otherwise cause lessening of required control forces as the aircraft approaches high AoA/stall. Possibly aerodynamics could be altered also such as slots on the nacelles, vortex generators, canards, devices at the tail of the plane such as seen on some BJs etc. but these would come at increased drag i e. reduced efficiency.

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security


Re: AD != AD

Indeed, since when has Azure Active Directory been called AD? AD = Active Directory.

Very confusing and I hope it is only the clueless writer and not MS muddying the waters further.

Bug? Feature? Power users baffled as BitLocker update switch-off continues


Re: Why does anyone trust Bitlocker?

I can only think of one reason to use BitLocker over Veracrypt - and it's a big 'un.

GPT is not supported for FDE, only encrypting partitions. BitLocker makes it very easy for a user to encrypt GPT disks.

Drink this potion, Linux kernel, and tomorrow you'll wake up with a WireGuard VPN driver


Re: Why?

Those multi GB ISOs also include many packages. Like thousands it tens of thousands.

Skype Classic headed for the chopping block on September 1


Skype 8 is disgusting. Cannot even search the chat history. I now open it only when I must - when some client or partner has told me that we need to continue in Skype.

You wanna be an alpha... tester of The Register's redesign? Step this way


IPv6 support?!

They grow up so fast: Spam magnet Hotmail turned 22 today


Re: Spam, Spam, Spam, Spam...

I remember being excited when HoTMaiL (get it?), which was how it was initially stylized, IIRC, came available. It was pretty revolutionary: web interface, free.

Whippersnappers of today have no idea how it was back then and how useful Hotmail was.

Outlook.com has one extremely useful feature that the free Gmail axed: use your own domain name.

Arm emits Cortex-A76 – its first 64-bit-only CPU core (in kernel mode)


Re: CoreMark anyone, anyone ?

How do you suppose to do that when the things are not available yet?

The focus of the article was very clear: the technical architecture. And it was excellent.


Excellent article and there should be more of these

I might remember wrong, but I recall El Reg having a lot more of these really in-depth technical articles in the past that went way beyond the usual rehashing of PR material.

More of this please!!

About to install the Windows 10 April 2018 Update? You might want to wait a little bit longer


We were testing the 1803 upgrade on 6 PC out of 150.

So far 3 PC upgraded without issues, 2 not upgraded yet, and 1 has similar problem. Black screen after login, but no error messages and keys like Win-R do nothing. So we cannot try to process listed on many sites (run setup.exe from installation media).

Thanks MS... I have pushed back the phased deployment schedule for at least 1 month for the next phase, waiting for June's Patch Tuesday.

Twitter goes titsup


...to the IRC, of course.

Happy 30th birthday, IETF: The engineers who made the 'net happen


"White Americans only"???

Wow - I am offended. Even the current chair is Scandinavian. Many chairs where not white and/or American.

Cloud Security Alliance says infosec wonks would pay $1m ransoms


I won't comment on spacing on "$1m", but at least capitalize the M since it supposedly means millions not millis?

BlackBerry baffled by Dutch cops' phone encryption cracked brag


Must be an implementation problem, wasn't crypto supposedly still secure as per Mr. Snowden?

Or they got to the private keys.

Ten years in, ultra-high-def gets a standard


Re: @Pete H

Better buy that HDFury box soon then, before US content producers torpedo it.

Windows' authentication 'flaw' exposed in detail


Re: My "kerberos for Dummies" question ...

This whole krbtgt debacle is usually misunderstood. Same as the last two Reg articles about the same 2 years old+ "new" vulnerability.

This is mostly a persistence mechanism. After a DC is popped the access can be regained unless krbtgt is changed.

(Over-)Pass the hash is even older technique.


This "news" is over year old. Mimikatz did this long time ago. Not sure why this is in headlines again.

ASCII @dventure game NetHack gets first upgrade in ten years


Re: Past obsession

You ascend to a status of demi-god.

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog


Re: At Last!

It is not that simple - often it is not a question of skills. Often the hosting clients demand a control panel so they can create mailboxes etc. by themselves.

Cisco's telco-grade uber-routers can make almost anyone root


Re: Root requires a LICENSE?!

There is no enforcement, the licensing is "honour based".

Also, Cisco must provide security updates for everyone.


Not really - even the 1001 can do minimum 2.5 Gbps to max 5 Gbps and the 1001-X up to 20 Gbps. The largest model does 400+.

Ice cold: How hard man of storage made Everest climb look easy


Great article Chris, one of your best. But maybe one day you will learn to turn off the wavy lines of spell checker from the diagrams...

Google cloud outage caused by failure that saw admins run it manually ... and fail



Route leaks have nothing to do with Sony



Biting the hand that feeds IT © 1998–2020