* Posts by cdrcat

98 posts • joined 24 May 2015

Page:

2020 hasn't been all bad – a new Raspberry Pi Compute Module is here

cdrcat

Beowulf cluster of 4 of these

https://turingpi.com/

“ Today we are thrilled to announce the Turing Pi V2. The Turing Pi V2 is s compact cluster in a mini ITX form factor with 4 x cluster nodes, 2x mini PCIe (Gen 2) ports, 2x SATA (Gen 3) ports, and new Raspberry Pi compute modules 4 support.”

There ain't no problem that can't be solved with the help of American horsepower – even yanking on a coax cable

cdrcat

Re: Blowing fibre.

Air compressor fits the ABF gun better: https://hexatronic.com/products/installation-tools-and-accessories/air-blown-fiber-abf-installation-tool/

Anti-5G-vaxx pressure group sues Zuckerberg, Facebook, fact checkers for daring to suggest it might be wrong

cdrcat

Re: Welcome to the post-sanity world

And here I was thinking a healthy society cared about protecting the poor and stupid from themselves.

Be careful in wishing the worst upon those that make mistakes lest you fail to be perfect yourself.

Sun welcomes vampire dating website company: Arrgh! No! It burns! It buuurrrrnsss!

cdrcat

Re: Not me, but someone else

Don't spare a thought for such shallow idiots. Showing such people their mistakes is often futile, wasting your time and theirs.

Apple to keep Intel at Arm's length: macOS shifts from x86 to homegrown common CPU arch, will run iOS apps

cdrcat

Re: "Intel never thrilled me"

There are multiple hardware mitigations *already* in Apple processors. They are mostly aimed at preventing kernel level exploits, but it seems very likely Apple will continue putting in more security protections into the A* processors.

Intel have repeatably shown they prioritise sales performance before security, sort of like Microsoft of yore, and Intel is less likely to develop mitigations that require tight integration with the OS or deep modification of the OS.

Scroll way down to the heading “iOS kernel exploit mitigations” in this link which details some of the hardware protections: https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html

Splunk to junk masters and slaves once a committee figures out replacements

cdrcat

Polish part I own; Reverse Polish notation okay to exist, opinion mine humbly.

cdrcat

Re: Ableist language is sadly everywhere

Calling somebody a mong is an insult in New Zealand, which I presume it is a abbreviation (and nothing to do with the Hmong).

Forget tabs – the new war is commas versus spaces: Web heads urged by browser devs to embrace modern CSS

cdrcat

Re: So how do "modern monitors" do it?

Say you have white (255,255,255). Now you want a red as bright as that white, maybe that should be represented as (765,0,0).

Or maybe you want to have 10 bit colours, so you can choose between (1023,1023,1023) or (255.75,255.75,255.75) as representations that allow ten bits per channel to be declared.

It’s all completely insane of course, since the page would have to say what colour space it was using, the gamma, and what representation it was using. Otherwise a browser couldn’t map the wide-gamut or 10-bit colours when someone used a normal 24 bit colour monitor.

We're in a timeline where Dettol maker has to beg folks not to inject cleaning fluid into their veins. Thanks, Trump

cdrcat

Re: "Orange Man Bad!"

Cristobal Colon is still alive running the show from a secret bunker located under the Vatican. You’ll notice that Christopher Columbus Is an obvious anagram containing “Hitler”, which says it all. “Americans” are actually spy robots - they have to be loud to cover up the noise of their internal machinery (Machiavellian has the same root). If the mods publish this, I will be replaced with a machine intelligence: if the quality of my comments improves then it proves it (or if they get worse it’ll be because they programmed the replacement to act dumb).

cdrcat

> might do us all a favour and Darwin themselves out of the gene pool

One needs to kill oneself before spawning, otherwise ones death has piss all Darwinian effect (kin selection matters, but stupidity matters more).

April 2020 and – rest assured – your Windows PC can still be pwned by something so innocuous as an unruly font

cdrcat

Re: Better to be an outlier?

iOS and Android dwarf Windows usage in a household context. And they are critical for security in a business context (they are often literally the keys to the bank and infrastructure in small to medium businesses).

cdrcat

Re: An attacker could also embed an ActiveX control marked 'safe for initialization'

ISA bus factor = 1: when the wrong board fails on your “highly complex mission critical device”, your mission stops and everyone finds a new job.

Commit to Android codebase suggests Google may strong-arm phone makers into using 'seamless' partitioned updates

cdrcat

Old Android phones remain more secure from attacks via web pages, because the browser is updated regularly. Android 4.4 (released Oct 2013) is still getting Chrome updates. Most other attacks are mitigated by needing to be physically near phone, are filtered by SMS infrastructure, or can be avoided by not installing crap apps.

Anyone on iOS 12 or less is stuck on an old and insecure version of Safari - the recent flaw that gives access to cameras also gives access to stored passwords... Roll the dice on every web page visited!

I generally recommend Nokia phones with Android One (designed by HMD) because they are relatively cheap but good, they get updates, and the Android version is clean (no manufacturer shit).

That awful moment when what you thought was a number 1 turned out to be a number 2

cdrcat

125 million Indians speak English

The Oxford Indian Dictionary will replace the OED.

Soon to be heard from your local chav:

My daughter is convent-educated

My teacher is sitting on my head

My friend is eating my brain

https://www.britishcouncil.org/voices-magazine/ten-surprising-expressions-indian-english

Microsoft CEO Satya Nadella talks hardware supply chains and elasticity: 'Bigger issue' is what happens around US and Europe's 'demand side'

cdrcat

Re: Supply Chains

Testable.

Order something that needs delivery from China, preferably that has just become stocked again.

My bet is that China is open for business at the moment - if the US had some real dirt on China they would be printing it no the presses already.

And there are multiple other Asian countries that have functioning economies - the star being Taiwan.

HMD Global pokes head out of quarantine to show off 3 new Nokia mobiles

cdrcat

Re: SD Card & Headphone Jack?

Do they have dual SIM? Very useful when travelling and past models had it.

Google reveals the wheels almost literally fell off one of its cloudy server racks

cdrcat

Re: Swapping whole racks out

Why would they ever have unused hardware? That would be a waste of money - hardware should be used.

“Google's Borg system is a cluster manager that runs hundreds of thousands of jobs, from many thousands of different applications, across a number of clusters each with up to tens of thousands of machines.”.

The system is set up so that hardware failures are dealt with by restarting jobs. Google have done that since they started (optimising for cheaper machines that are expected to fail, rather than expensive reliable machines).

Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch

cdrcat

One down, 900 critical bugs to go

Assuming 25 critical bugs found per month, for the next three years, means there are 900 critical bugs left to find... this one bug doesn’t matter that much since there are *plenty* left for skilled parties to find and abuse.

https://blog.talosintelligence.com/2020/03/microsoft-patch-tuesday-march-2020.html

Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very

cdrcat

The Internet Is Being Protected By Two Guys Named Steve

https://www.buzzfeed.com/chrisstokelwalker/the-internet-is-being-protected-by-two-guys-named-st

Sorry, buzzfeed, but great story.

Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'

cdrcat

Re: Penny for a cup of tea, guv?

I offered to pay bus fare for some rando beggar guy, only to be told by driver that they didn’t allow that. Not sure why, but apparently a policy.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet

cdrcat

Which defeats the purpose

One reason for DoH is to prevent MITM attacks. If the MITM can downgrade the DoH to normal DNS, then the attacker can control your DNS.

Talk about high tech: Tens of thousands of Cali marijuana convictions to go up in smoke, thanks to algorithms

cdrcat

The hippies have token over

Why have grown-up hippies from the 60’s and 70’s not had more influence on politics?

Bloke forks out £12m, hands over keys to tropical island to shoo away claims that his web marketing biz was a scam

cdrcat

I’m not a sysadmin but

Windows Server is amazingly reliable. But what happens when you get that one weird problem?

I regularly see a story about someone’s epic journey starting with an application level bug and ending with debugging some Linux internals and finally solving the problem (some obscure Intel CPU bug, or driver software issue, or epic network race condition etc). Those journeys begin with the belief that with sufficient motivation you can track down any problem on Linux/BSD.

When you watch someone solve a Windows Server bug the “solutions” are very different, and you rarely hear of someone debugging drivers or OS issues.

When I was smaller I wrote embedded software, and tracked down a very-hard-to-find bug in a RTOS.

Disclaimer: The business I helped found depended on Windows Server, and it rarely let us down.

Time to call off Mobile World Congress yet? Nvidia, Amazon and Sony all sidestep trade show over coronavirus fears

cdrcat
Black Helicopters

Try getting home when all flights are cancelled for months

If it is a pandemic, then all tourism will be shut down and probably flights will be very restricted (with a lovely long stay in a quarantine facility on arrival). An individual couldn’t predict the timing of that.

I wouldn’t want to be overseas if travel is mostly shut down: unless you happen to be in a country with better services. I’m in NZ and have enough food/water/medicine to let me hunker down at home for a few weeks. I am also lucky enough to have options to move to rural locations: hospitals won’t be able to help much if a pandemic peaks quickly...

Is Chrome really secretly stalking you across Google sites using per-install ID numbers? We reveal the truth

cdrcat

PII leak

> According to Granal, this identifier is sent to youtube.com, google.com, doubleclick.net, googleadservices.com...

The code[1] shows the X-CLIENT-DATA is sent for any google.X domain where google owns the TLD, but if there were any youtube.X domain owned by a squatter then the PII would be leaked to that squatter. I haven’t looked if there are youtube domain squatters that match that restriction...

[1] https://cs.chromium.org/chromium/src/components/google/core/common/google_util.cc?q=IsGoogleAssociatedDomainUrl

You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically

cdrcat

Booo hiss to Ubiquiti

A Venn diagramme of WiFi device purchasers and privacy geeks would have a large union set. And surely Ubiquiti sales depend upon nerdigensia influencers - why would they be so stupid to burn their goodwill? I found out about Unifi products via geek forums.

They were my default supplier and I used to recommend them whenever WiFi discussions came up. They lose my voice, although I will probably grudgingly continue to buy their products because they are now the devil I know...

South American nations open fire on ICANN for 'illegal and unjust' sale of .amazon to zillionaire Jeff Bezos

cdrcat

And “amazon” is only an English word

In Spanish: Amazonas, selva amazónica

In Portuguese: Amaozonas, floresta amazônica

I have no love for Amazon Inc, but neither do I want to give up the word nice because there is a homonym(?) in France etc

Go on, eat your fibre, new build contractors. It's free! OpenReach lowers limit for free FTTP connections

cdrcat
Boffin

Crazy fibre to the premises connections?

Who's connected only their chicken coop?

Train-knackering software design blunder discovered after lightning sparked Thameslink megadelay

cdrcat

Re: Load shedding?

Presumably avoiding domino effects throughout the country is a good idea.

Presumably some of the engineers to reset the trains took flights?

Smart speaker maker Sonos takes heat for deliberately bricking older kit with 'Trade Up' plan

cdrcat

> What it doesn't have is security weaknesses

It has a Bluetooth implementation - which could easily have security flaws.

Where's our data, Google? Chrome 79 update 'a catastrophe' for Android devs with WebView apps

cdrcat

Re: Well ...

Fortunately there is a partial wet backup in the pet owners' brains.

ZTE Nubia Z20: It's £499. It's a great phone. Buy it. Or don't. We don't care

cdrcat

Re: I am from Gdańsk and I beg for help

Kiwi polish: invented by some Scots in Australia with a logo using a Maori name for a flightless New Zealand bird, made in England and owned by a corporation in the US.

Socket to the energy bill: 5-bed home with stupid number of power outlets leaves us asking... why?

cdrcat

I have a friend who just had some sockets added to his living room for jamming, installed by an electrician (with some audio chops apparently), with their own analogue earth to help reduce hum, and sockets in the floor for further convenience.

I'm not sure how they manage ground loops.

Microsoft explains self-serve Power platform's bypassing of Office 365 admins to cries of 'are you completely insane?'

cdrcat

Re: Microsoft knows best

Microsoft have already gone too far.

We had two true Microsoft believers in a team, deep into the cult, but they have slowly become more and more quiet about the wonders of their religion as the OS and development tools have become shittier and shittier.

I have slowly become luke-watm towards some of their open source efforts, but frankly they have to work hard to recover from decades of abuse.

cdrcat

Re: Employees buying software for their company?

> and any other sane browser choice is glitchy

There is no other sane browser.

Safari, Internet Explorer, Edge (before Blink), and Firefox are all dogs to develop for. I've written and supported a custom web framework, I know the pain. Edge changed engines in part because theirs was so hideously shitty.

You are implying web developers are lazy mindless scumbags, but supporting borken non-conforming browsers takes up 25% to 50% of dev time, so understandably web developers are keener to deliver new work than fight their platforms.

I hate Google's tentacles as much as any card carrying geek, but the Chromium team's engineering is unquestionably superb (and the other browser teams are weenies in comparison).

Your kids will be glad a UK government-funded robot will be changing your nappy and not them

cdrcat

Re: Immoral fuckers!

Your nirvana works for the wealthy (can pay for X people to help them) or it works for a population that doesn't require much help (1 hour of personal help for every 24 of life).

Once a population needs significant help (40 hours per week per week of life) then there is simply not *enough* people to do the "humane" thing.

Even worse, some of the carers are doing shitty inhumane work (lifting the elderly but damaging themselves; elderly looking after the elderly but unwillingly).

We should offload as much of the drudgery as possible and keep our elderly as *independent* as they wish. If we can use machines to do this we should - try telling your mum she should replace her scooter with coolies!

Reserve the human hours for real care - human touch, interaction, and brotherhood.

Like the Death Star on Endor, JEDI created a ton of fallout and stormy weather in cloud market

cdrcat

I thought the Borg was the traditional M$ reference. Or is that reference too dated*†, or taken over by Gooplle?

* I have never received a geek card, so I can't hand mine in.

† Where can I buy a geek card? Preferably electrically and physically S100 compatible.

Google lashes out at DoJ, Oracle as it asks US Supremes to sniff Java suit one last time

cdrcat

We are lucky that corporations are not completely amoral - 8G$ would buy a lot of snipers. Perhaps that shows that corporations have some morals?

Lies, damn lies, and KPIs: Let's not fix the formula until we have someone else to blame

cdrcat

Re: Reminds me of two things..

But the KPI is correct - there's a sunken cost fallacy in there somewhere.

Sell 10 stale buns at $1 each = $7 profit.

Throw away 10 stale buns, make 10 new buns, sell at $2 each = $14 profit.

Throwing away buns is likely to increase profits (assuming most new buns get sold, ignoring elasticity or price discrimination, and ignoring some other issues).

We, Wall, we, Wall, Raku: Perl creator blesses new name for version 6 of text-wrangling lingo

cdrcat

I am hoping that they rename Perl 5 to Perl 7 to breath life into the old reliable (perhaps add a linter to justify the leap ;-p)

Openreach's cunning plan to 'turbocharge' the post-Brexit economy: Getting everyone on full-fibre broadband by 2025

cdrcat

DisEconomic

> Full fibre is a vehicle to turbocharge our economy

Such bullshit. The exact same bullshit was said over in New Zealand: but the only measurable result is that we get better NetFlix - that is not something that should be paid for with tax money.

I have high-tech software friends that have stayed on broadband.

Today's data whoopsie is brought to you by CircleCI: Source safe, but look out for phishers

cdrcat

Re: Insecure third-party scripts

It's possible the third party was Segment which has also just notified of a breach - https://news.ycombinator.com/item?id=20887809

cdrcat

Insecure third-party scripts

They haven't locked down their web app JavaScript includes: Facebook, Hotjar, Amplitude, Google, and others have access to your production SSL keys, code, passwords, etc.

It's a quick smell test for whether a company actually cares about security: what third-party scripts are included in their "secure" web page areas. The default web developer doesn't know better, and it is hard to lock down third parties (best solution is to avoid unnecessary third-party shit like analytics, also can use iframes or more complex solutions like caja).

This guy asked them about this issue 2 years ago, and apparently they haven't done anything much about it which signals CircleCI's security is poor: https://kevin.burke.dev/kevin/circleci-is-hopelessly-insecure/

More Linux than Windows: El Reg takes Docker Desktop for WSL 2 preview out for a spin

cdrcat

> The main rationale is to be able to use a full Linux toolchain while still using a Windows editor such as Visual Studio Code

Correction: Visual Studio Code is cross-platform (uses electron, runs on Linux), and Visual Studio does not run on Linux. The naming blows.

Rocket Lab CEO tucks into hat as company shares plans to reuse Electron first stage

cdrcat

Same technique as NASA investigated for recapturing a Saturn V booster: The helicopter would be gigantic. The rotor diameter would be over 120 meters. Its empty weight would be over 200,000 kilograms, with a gross weight of a whopping 453,000 kilograms. From: http://www.thespacereview.com/article/3741/1

To see vid, start just before 10 minutes: https://youtu.be/joONWIGtcdY?t=583

Trump continues on the warpath: Now US tariffs cover nearly everything arriving from China

cdrcat

Re: Worrying...

> If they were to dump their holding of US dollars at well below market price, it could easily provoke a run on the dollar

Ummmm, you don't think the US has heard of that and might have a plan? Maybe as simple as freezing their account!

German privacy probe orders Google to stop listening in on voice recordings for 3 months

cdrcat

Simple: automatically ask users to review clip first

Just politely ask. Most people are happy to help, especially when it is something "personalised" like that. It would have to be immediate, and only people with app installed, and located near the device. You want to avoid asking husband John at work about a recording made while wife Julie was shagging the electrician.

Same issue (which I fucking hate) with phone calls where you are told your voice is recorded for quality control etc. Wankers don't provide an opt out.

Outsourcing giant Capita handed £145m for UK.gov's Personal Independence Payment extension

cdrcat

£112m + £33m

How many people are recipients of the system?

If the number is low then the percentage cost is high.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020