* Posts by brotherelf

285 publicly visible posts • joined 16 Jun 2014


Netflix flinging out DVDs like frisbees as night comes for legacy business


Well that's one way …

… to save on landfill costs.

Resilience is overrated when it's not advertised


Re: Fallback fault-tolerant

Well yes, synchronous operations will do that.

RIP Bram Moolenaar: Coding world mourns Vim creator


No ibits left, so here's the obit. :-(

Rest in peace. Even if I use That Other Editor if I have to do more than fiddle a config file, I appreciate the positive change you brought to the world.

Quirky QWERTY killed a password in Paris


Re: All your QWERTY belong to us...

This seems like a good place for my favourite anecdote, where I had to tell a fellow admin "just wait until April 1st to install the software, then it'll work".

… the Python logging of the installer croaked on the "Mär" in the timestamps it generated.

Europe seeks to punish Putin's infowar pals with bans on Russian tech firms


Ah yes …

we are now preparing to abandon OnlyOffice, because we did absolutely not have enough other things to do.

Red Hat strikes a crushing blow against RHEL downstreams


Re: GPL violation

Yes. (Which was exactly how CentOS operated way back when, and which is why CentOS releases trailed the RHEL counterparts by months – not only did you need a working build farm, but you also needed to at least take a cursory glance at many, and replace some, packages.)

Reddit cuts five percent of workers while API pricing shift sours developers


Re: Exactly how many API calls are they making?

So remind me again why these apps do not let/make the user provide their own API token?

EU tells Twitter 'you can run but you can't hide' from disinformation policy



From a hard-lib viewpoint (which I do not share): voluntary industry code of conduct something-or-others usually only exist to prevent actual enforceable legislation. Since the Digital Services Act will come anyway, why bother anymore?

Zoho creates browser with 'Open Season Mode' for when you don't care about privacy


My bank's fraud detection mechanisms are a much more legitimate reason than, say, ElReg's Google Ads IMO, but YMMV.

AWS wants to cook its datacenter chips with vegetable oil


Re: This whole "green" thing is getting sillier and sillier.

Recently a friend from the New England area proudly spread the word about a newly built residential building that has battery-only backup, no diesel.

(Mind you, same friend didn't seem too worried about going to Singapore to watch the F1 Grand Prix.)

Microsoft tells admins to autoreview your Autopatch alerts or autolose the service


Re: AutoPatch: something like ...

Go on, use systemd-timers instead :-/

(I'm surprised they don't accept RFC5445 "iCalendar" for the events.)

But yeah, the semantics of cron are one of the weird corners of the toolchest, along with the output format of at being invalid input format for at.

How the Internet Archive faces potential destruction at the hands of Big Four publishers


"Nobody sues gutenberg.org after all."

I beg to differ. gutenberg.org was geoblocked from Germany between 2018 and 2021 for copyright infringement of works of Thomas Mann (and others).

(In the interest of clarity: AIUI they felt they should block their entire catalogue instead of just the works the court had ordered them to. Also, since it was only their organization, the mirrors still remained available for several months.)

ReMarkable emits Type Folio keyboard cover for e-paper tablet


return -ENOREVIEW?

I've seen one of the devices (sans keyboard) in action recently, and that looked quite nice. Notetaking, but without the running out of rustling paper. (Mind you, fairly niche.)

Google: You get crypto, you get crypto, almost everyone gets email crypto!

Black Helicopters

"This is secure because it's encrypted client-side before it goes on our servers"

We send the client the code to execute in the browser we make, but look, a groove-toothed squirrel!

(And nope, last I checked, every browser had support for x.509 certificates because TLS client auth is a thing, but there's no JS interface that exposes it.)

Twitter starts auction to flip the bird, furniture, pizza ovens, gadgets galore


Re: How shit is your grasp of value....

Yeah, not sure why Simon thought so.

Chinese researchers' claimed quantum encryption crack looks unlikely

Black Helicopters

To be fair:

The article sounds a bit "everybody worries about this quantum computing which doesn't exist at this level", but it is prudent to stay *well* ahead of the curve in terms of breaking and forging. If we look at digital signatures as a feature of your govt ID, for example: the smartcard you spec now gets into your citizens' wallets in two or three years at the earliest and will probably be valid for ten years or so, and you don't exactly want to say "oh it's 2023, I don't trust a digital signature from 2021 anymore", so yes, "at best breakable by nation-state-level actors only (but not large-scale organized crime, e.g.) for the next 20 or 25 years" is a very very valid requirement.

Bill Gates' nuclear power plant stalled by Russian fuel holdup


:looks at watch:

"Bridge technology" that will go online in roughly a decade? Just what the hell improvements in renewables are you hedging for? (Assuming we're not talking about Hoover Dam size projects, I would expect any improvements in solar panel efficiency or turbine shape or whatnot could be phased in more-or-less with scheduled maintenance/renewal. Because yes, stuff will break, because everything does, but that kind of RE has lots more resilience built in. Your runway has run out, your "bridge" would have needed to be operational about a decade ago.)

Two signs in the comms cabinet said 'Do not unplug'. Guess what happened


Re: Physical Methods Trump Signs in Any Language

I wonder if there's a market for plugs and wire ends that look dodgy. Like, "I can see bare copper, I better not touch this, it might electrocute me" dodgy.

Time Lords decree an end to leap seconds before risky attempt to reverse time


I'm sure a certain somebody

… will offer to build a contraption to adjust the Earth's rotation as needed. Project-named "Fan Base", it will turn out to just be a bunch of hot air, though.

The GNOME Project is closing all its mailing lists


Re: gamification?

It is a bit "we as a community don't have to make you feel appreciated for your contributions, we have automated that", innit?

You're Shipt outta luck: App sued for treating delivery workers as contractors


They do it because starving to death next week is better than starving to death today.

Meta, Google learn the art of the quiet layoff


Much easier to let these people develop those future products at their own risk now and buy out the startup once successful, now that their personal professional networks still reach heavily into the mothership. HHOS.

No, Apple, you may not sell iPhones without chargers


As much as I'd like to see that, I consider it perfectly plausible that a shrink-wrapped phone's batteries are "nominally empty" (beyond a factory QC test charge) by design, if only because they have been through some sort of shipping process, which may have different regulations for charged and uncharged Li-Pos/Li-Ions.

I'm pretty sure my last phone was uncharged, as were my last couple of laptops, as were the smartwatch and the gaming console. Not 100% sure about the e-reader.

GitLab versus The Zombie Repos: An old plot needs a new twist


Re: I don't understand the suggestion...

I guess it's alluding to a sort of BitTorrent-ish thing, where you would use some Web3.0 distributed decentralized filesystem. Even the up/down ratio thing finds itself again as storage donated vs used.


Even raising an issue was supposed to be enough to keep it alive. And even then, it would have culled the very very dead wood that truly nobody cares about, not even enough to set up a cron job, let alone move to (gasp) a 5$/mo tier.

Anti-piracy messaging may just encourage more piracy


Re: The "poor" victims of piracy

Yes, but does that session musician actually get a cut or were they given a flat fee cheque for the X hours they actually worked and then sent on their merry way?

I paid for it, that makes it mine. Doesn’t it? No – and it never did


Re: You know you're old when...

There's probably a dozen "maker" projects to build your own with an Arduino of some sorts, but to be quite honest, I'd never give anything that has been touched by my soldering iron control over more than 5W or so, and USB cup warmers notwithstanding, that won't brew you tea.

2050 carbon emission goals need nuclear to succeed, says International Energy Agency


Even in […] the US […] still only a third favor government investment in nuclear power.

Yeah, can I get those 2/3rds split further into "objects to nuclear power" and "objects to government investment"?

California's attempt to protect kids online could end adults' internet anonymity


Re: I can see this working

> There is no need to ever check age again, none of us getting younger.

You wish… They'll say the mechanism has to be robust against lost/stolen credentials.

If Twitter forgets your timeline preference, and you're using Safari, this is why


Re: Ermmm...

It may be a surprise to you, but "I want different settings on small-screen, low-bandwidth mobile and large-screen, high-bandwidth desktop" is a use-case.


Disable Removal of Non-Cookie Data After 7 Days of No User Interaction

That's the "best" wording I've seen since a form asked me whether I wanted to forgo opting out of a voluntary exemption from contributing to the pension funds scheme about 20 years ago. (The only hint to what would happen was that one option said "I realize this deducts from my current salary")

I hope this is a drop-down where both options are labeled "(DANGEROUS!)", at least?

Leave that sentient AI alone a mo and fix those racist chatbots first


AI Test Kitchen

… clicked and was disappointed it's not a recurrence of IBM Chef Watson, which was at least amusing on a boring afternoon.

(For those young enough, Chef Watson was trained on recipes, so you could see what an "AI" would make of "I have some dark chocolate and tuna, where do we go from here".)

Pictured: Sagittarius A*, the supermassive black hole at the center of the Milky Way


I was pretty confident that the A*-hole would be pronounced exactly the way you'd expect.

(I was also sure that if not the article, then one of the commentariat would have beaten me to this joke.)

Those NitroTPMs Amazon teased now really are coming to AWS EC2


No relation …

… with the NitroFoo series of HSMs, Cryptotokens, and custom-refit Thinkpads made by a company in … Berlin, I believe? Somebody might be in for a windfall if they can afford a trademark lawyer.

At last, Red Hat Enterprise Linux 9.0 slips out


Re: Trigger

This. Shortening a previously-announced lifecycle, and by that much, was the deal-breaker for us. Fortunately, we only had approx. two machines on generation 8 at that point.

Thinnet cables are no match for director's morning workout


I call shens.

No way a director would've moved their own desk, they'd have their local PA/grad student/similar minion do it.

Want to support Firefox? Great, you'll have no problem with personalised, sponsored search suggestions then


Re: It's as if they're designing it to lose market share

No, Firefox does no such thing. It's the web server sending HSTS headers (which mean "once you successfully https, always upgrade http to https for the next X seconds), an upgrade-insecure-requests CSP, redirects to https on http, or optimally, all three.

(Making https the default protocol if you leave it off in the URL bar is being debated and would indeed be easy with almost no compatibility concerns, but that is something that's happening vaguely now, not "for many years".)

Moscow to issue HTTPS certs to Russian websites



One of those moments where I'm not sure if the article is glossing over what is commonly understood or doesn't get it. The level of danger a MosCA poses is the same whether you are its customer or not. The danger is that CAs are decentralized in a "anybody can issue anything" way. If you root-trust MosCA, they can issue certificates for anything. "I get my regular certificate from them" does not make that easier or harder, because that process doesn't expose the private key in sane setups. (Yes, I know most CAs have insane setups because customers can't keep two files around for two days and find them again.)

There used to be HPKP, where a site could say "I guarantee my certificates are issued by CA XYZ for the next n days", but that was dead before it got off the ground, because it's only "trust on first use" and requires things like backup keypairs.

And no, don't answer "what about CAA", this is not what CAA does. CAA is verified at issue-time by the CA, it's protecting against social engineering.

A tale of two dishwashers: Buy one, buy it again, and again


Re: Personalised Ads

Country identified. I suspect the meningococcal vax ads are an effect of the MiniHealth just throwing money into the ad slot machine and not specifying target audiences, so you get it if you're otherwise boring enough that sports clothes manufacturers won't bid high enough for the ad spot.

Weirdest ads I've seen were: the candidate for mayor from the next town over, "find a vax near you" ads for a country that's not even on the right continent, and a one-hour DJ set. Seriously.

Have you tried restarting? Reinstalling? Upgrading? Moving house and changing your identity?


Re: Occasionally, you get a straight answer

Germany might have a freshly-dismissed admiral for you.

Phishing kits' use of man-in-the-middle reverse proxies is growing, warns Proofpoint


Yup, the arms race continues.

Expect to see a stronger focus on IP-/Geolocation-based measures, since with a reverse proxy, the server doesn't see the victim's IP, it sees the reverse proxy's.

Machine learning the hard way: IBM Watson's fatal misdiagnosis


Re: flights of fancy

I still miss Chef Watson - making up recipes based on a couple of must-includes was an ok way to waste an hour on a lazy sunday, and there's always a chance you pick up something that works based on chemistry you don't know about.

How to get banned from social media without posting a thing


Re: name generation technique

You mean dilirra is not an exploitative recreational-drugs-to-your-doorstep startup? With the vowel shift and being right between delivery and delirium (or possibly "delivery" pronounced by somebody near alcohol-induced delirium), what a missed opportunity.

Crowdfunding platform Kickstarter planning move to blockchain. How will it work? Your guess is as good as ours


Re: "Faster horses"

This. With all the many many flaws you can point out about the judicial system of many many countries, they mostly in their intent want to do better than "liberty and justice for whoever has 51% of processing power".

When product names go bad: Microsoft's Raymond Chen on the cringe behind WinCE


While we're sharing these…

… a beer for the people who managed to backronym the Bavarian income tax software (used in all of Germany) to be called "magpie" (Elster, supposedly ELektronische STEuErerklärung). Most humor the taxhum has ever shown.

Bloke breaking his back on 'commute' from bed to desk deemed a workplace accident


Technically that is already the case. The current wording around working from home vs. teleworking vs. working from a home office is very carefully crafted so they don't have to send H&S to check whether window glare reflects on your screen and whether your chair meets ergonomic requirements etc., not to mention things like "can you lock away the computer or otherwise ascertain your kid doesn't install their virus-ridden pirated copy of Doom on the device you're handling business matters on".

A third of you slackers out there still aren't using HTTPS by default


Re: Reading between the lines.

… as python-using folks found out a while ago.

Fortunately, that could be fixed quite easily: browsers already send "upgrade-insecure-requests:1" in the request headers if they want that, so you can redirect conditional on that and that wget from CentOS 5 that doesn't speak TLS 1.2 and doesn't know today's CAs¹ will be none the wiser.

Combine with a moderately-sized HSTS and, given that Key Pinning is deprecated, you have a reasonably-good-of-both-worlds.

¹ if that sounds suspiciously specific, it's because it is. Busybox offered a working wget, once I hid the old openssl from it so it would use its own implementation.

If you're using this hijacked NPM library anywhere in your software stack, read this


Re: WTF is anyone paying?

The decrypt process might be better tested than the restore process, though. (What, cynical, me?)

Twitter's machine learning algorithms amplify tweets from right-wing politicians over those on the left


Machine learning no doubt has its place, but we're still learning what that place is.

Yeah, I can't help but think that Artificially Trained Stereotyping is more useful if you think of it as trying to figure out the question by getting a series of unsatisfactory answers. We used to think beating a chess master would be a sure proof of AI, until it happened and felt anti-climactic in a way.

We dreamt of crystalline pureness of thought beyond human limitations, deities of our own making that would lead us safely into an ever-better future, while what we get is just as flawed as the human world that teaches it and its anwers are the digital equivalents of hunches. "I believe this x-ray shows cancer with confidence level 57.83643318, but I can absolutely not explain why, and the number will be different for an upside-down picture. Please respect my beliefs."

Electric car makers ready to jump into battery recycling amid stuttering supply chains


Re: "Less than 5 per cent of lithium-ion batteries are recycled today"

I guess at some point they will be too run-down even for home-wall use? (And even if that point is n years into the future, if you expect to need n years to get recycling tech to usefully work, you better start now. Also, competitive strangvantage.)

Me, I'll be over here humming "reduce, reuse, recycle", in that order.