* Posts by cdrcat

102 posts • joined 24 May 2015


Police drone plunged 70ft into pond after operator mashed pop-up that was actually the emergency cut-out button


Re: Fail safe?

Buttons that don’t click when you press them are a horrendous UI failure. You see the problem with slow user interfaces - people naturally click again and the second click can be on something behind a modal - fail.

You can fade-in the button, or grey out the button while it is disabled, but those solutions also lead to unwanted side-effects.

Pop up modals and unexpected scrolling are hard problems (on Android Chrome double clicking an input box selects, but the first click pops up the keyboard and scrolls the input box away, very annoying!)

Google AMP gets a shock to its system as advisor quits, lawsuit claims foul play


Re: Fuck javascript.

Google could uprank articles that serve pure HTML/CSS, with no JS. That would have achieved multiple goals: faster loading, less tracking, less viruses, better archiving, better accessibility. Bastards.

Watchdog signals Boeing 737 Max jets can return to US skies following software upgrade, pilot training


Re: The bigger picture..

“but it is not the MCAS. The autopilot has to be off for MCAS to kick in.”

“The pilots said that soon after engaging the autopilot on Boeing 737 Max 8 planes, the nose tilted down sharply. In both cases, they recovered quickly after disconnecting the autopilot.”

So the article is probably not MCAS related.

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers


Google bashing, now smearing...

The tone on multiple technical websites has really started to go up a notch whenever it is something related to Google. In this case a lot of comments are shooting the messenger.

The Google Zero team are not cowboy dicks: they follow a fair process and have thought about the issues more than most, and are trying to be responsible.

Think about what happens in an alternative world where Google keep these vulnerabilities hidden or just informs the vendor, instead of publishing them... Nobody likes the outcomes of vulnerabilities, but they are simply a result of Microsoft’s historical attitude towards security.

These security faults are often ancient, and the rate of discovery is not decreasing, so expect more of the same in the coming years.

2020 hasn't been all bad – a new Raspberry Pi Compute Module is here


Beowulf cluster of 4 of these


“ Today we are thrilled to announce the Turing Pi V2. The Turing Pi V2 is s compact cluster in a mini ITX form factor with 4 x cluster nodes, 2x mini PCIe (Gen 2) ports, 2x SATA (Gen 3) ports, and new Raspberry Pi compute modules 4 support.”

There ain't no problem that can't be solved with the help of American horsepower – even yanking on a coax cable


Re: Blowing fibre.

Air compressor fits the ABF gun better: https://hexatronic.com/products/installation-tools-and-accessories/air-blown-fiber-abf-installation-tool/

Anti-5G-vaxx pressure group sues Zuckerberg, Facebook, fact checkers for daring to suggest it might be wrong


Re: Welcome to the post-sanity world

And here I was thinking a healthy society cared about protecting the poor and stupid from themselves.

Be careful in wishing the worst upon those that make mistakes lest you fail to be perfect yourself.

Sun welcomes vampire dating website company: Arrgh! No! It burns! It buuurrrrnsss!


Re: Not me, but someone else

Don't spare a thought for such shallow idiots. Showing such people their mistakes is often futile, wasting your time and theirs.

Apple to keep Intel at Arm's length: macOS shifts from x86 to homegrown common CPU arch, will run iOS apps


Re: "Intel never thrilled me"

There are multiple hardware mitigations *already* in Apple processors. They are mostly aimed at preventing kernel level exploits, but it seems very likely Apple will continue putting in more security protections into the A* processors.

Intel have repeatably shown they prioritise sales performance before security, sort of like Microsoft of yore, and Intel is less likely to develop mitigations that require tight integration with the OS or deep modification of the OS.

Scroll way down to the heading “iOS kernel exploit mitigations” in this link which details some of the hardware protections: https://googleprojectzero.blogspot.com/2020/06/a-survey-of-recent-ios-kernel-exploits.html

Splunk to junk masters and slaves once a committee figures out replacements


Polish part I own; Reverse Polish notation okay to exist, opinion mine humbly.


Re: Ableist language is sadly everywhere

Calling somebody a mong is an insult in New Zealand, which I presume it is a abbreviation (and nothing to do with the Hmong).

Forget tabs – the new war is commas versus spaces: Web heads urged by browser devs to embrace modern CSS


Re: So how do "modern monitors" do it?

Say you have white (255,255,255). Now you want a red as bright as that white, maybe that should be represented as (765,0,0).

Or maybe you want to have 10 bit colours, so you can choose between (1023,1023,1023) or (255.75,255.75,255.75) as representations that allow ten bits per channel to be declared.

It’s all completely insane of course, since the page would have to say what colour space it was using, the gamma, and what representation it was using. Otherwise a browser couldn’t map the wide-gamut or 10-bit colours when someone used a normal 24 bit colour monitor.

We're in a timeline where Dettol maker has to beg folks not to inject cleaning fluid into their veins. Thanks, Trump


Re: "Orange Man Bad!"

Cristobal Colon is still alive running the show from a secret bunker located under the Vatican. You’ll notice that Christopher Columbus Is an obvious anagram containing “Hitler”, which says it all. “Americans” are actually spy robots - they have to be loud to cover up the noise of their internal machinery (Machiavellian has the same root). If the mods publish this, I will be replaced with a machine intelligence: if the quality of my comments improves then it proves it (or if they get worse it’ll be because they programmed the replacement to act dumb).


> might do us all a favour and Darwin themselves out of the gene pool

One needs to kill oneself before spawning, otherwise ones death has piss all Darwinian effect (kin selection matters, but stupidity matters more).

April 2020 and – rest assured – your Windows PC can still be pwned by something so innocuous as an unruly font


Re: Better to be an outlier?

iOS and Android dwarf Windows usage in a household context. And they are critical for security in a business context (they are often literally the keys to the bank and infrastructure in small to medium businesses).


Re: An attacker could also embed an ActiveX control marked 'safe for initialization'

ISA bus factor = 1: when the wrong board fails on your “highly complex mission critical device”, your mission stops and everyone finds a new job.

Commit to Android codebase suggests Google may strong-arm phone makers into using 'seamless' partitioned updates


Old Android phones remain more secure from attacks via web pages, because the browser is updated regularly. Android 4.4 (released Oct 2013) is still getting Chrome updates. Most other attacks are mitigated by needing to be physically near phone, are filtered by SMS infrastructure, or can be avoided by not installing crap apps.

Anyone on iOS 12 or less is stuck on an old and insecure version of Safari - the recent flaw that gives access to cameras also gives access to stored passwords... Roll the dice on every web page visited!

I generally recommend Nokia phones with Android One (designed by HMD) because they are relatively cheap but good, they get updates, and the Android version is clean (no manufacturer shit).

That awful moment when what you thought was a number 1 turned out to be a number 2


125 million Indians speak English

The Oxford Indian Dictionary will replace the OED.

Soon to be heard from your local chav:

My daughter is convent-educated

My teacher is sitting on my head

My friend is eating my brain


Microsoft CEO Satya Nadella talks hardware supply chains and elasticity: 'Bigger issue' is what happens around US and Europe's 'demand side'


Re: Supply Chains


Order something that needs delivery from China, preferably that has just become stocked again.

My bet is that China is open for business at the moment - if the US had some real dirt on China they would be printing it no the presses already.

And there are multiple other Asian countries that have functioning economies - the star being Taiwan.

HMD Global pokes head out of quarantine to show off 3 new Nokia mobiles


Re: SD Card & Headphone Jack?

Do they have dual SIM? Very useful when travelling and past models had it.

Google reveals the wheels almost literally fell off one of its cloudy server racks


Re: Swapping whole racks out

Why would they ever have unused hardware? That would be a waste of money - hardware should be used.

“Google's Borg system is a cluster manager that runs hundreds of thousands of jobs, from many thousands of different applications, across a number of clusters each with up to tens of thousands of machines.”.

The system is set up so that hardware failures are dealt with by restarting jobs. Google have done that since they started (optimising for cheaper machines that are expected to fail, rather than expensive reliable machines).

Thought you were done after Tuesday's 115-fix day? Not yet: Microsoft emits SMBv3 worm-cure crisis patch


One down, 900 critical bugs to go

Assuming 25 critical bugs found per month, for the next three years, means there are 900 critical bugs left to find... this one bug doesn’t matter that much since there are *plenty* left for skilled parties to find and abuse.


Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very


The Internet Is Being Protected By Two Guys Named Steve


Sorry, buzzfeed, but great story.

Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'


Re: Penny for a cup of tea, guv?

I offered to pay bus fare for some rando beggar guy, only to be told by driver that they didn’t allow that. Not sure why, but apparently a policy.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet


Which defeats the purpose

One reason for DoH is to prevent MITM attacks. If the MITM can downgrade the DoH to normal DNS, then the attacker can control your DNS.

Talk about high tech: Tens of thousands of Cali marijuana convictions to go up in smoke, thanks to algorithms


The hippies have token over

Why have grown-up hippies from the 60’s and 70’s not had more influence on politics?

Bloke forks out £12m, hands over keys to tropical island to shoo away claims that his web marketing biz was a scam


I’m not a sysadmin but

Windows Server is amazingly reliable. But what happens when you get that one weird problem?

I regularly see a story about someone’s epic journey starting with an application level bug and ending with debugging some Linux internals and finally solving the problem (some obscure Intel CPU bug, or driver software issue, or epic network race condition etc). Those journeys begin with the belief that with sufficient motivation you can track down any problem on Linux/BSD.

When you watch someone solve a Windows Server bug the “solutions” are very different, and you rarely hear of someone debugging drivers or OS issues.

When I was smaller I wrote embedded software, and tracked down a very-hard-to-find bug in a RTOS.

Disclaimer: The business I helped found depended on Windows Server, and it rarely let us down.

Time to call off Mobile World Congress yet? Nvidia, Amazon and Sony all sidestep trade show over coronavirus fears

Black Helicopters

Try getting home when all flights are cancelled for months

If it is a pandemic, then all tourism will be shut down and probably flights will be very restricted (with a lovely long stay in a quarantine facility on arrival). An individual couldn’t predict the timing of that.

I wouldn’t want to be overseas if travel is mostly shut down: unless you happen to be in a country with better services. I’m in NZ and have enough food/water/medicine to let me hunker down at home for a few weeks. I am also lucky enough to have options to move to rural locations: hospitals won’t be able to help much if a pandemic peaks quickly...

Is Chrome really secretly stalking you across Google sites using per-install ID numbers? We reveal the truth


PII leak

> According to Granal, this identifier is sent to youtube.com, google.com, doubleclick.net, googleadservices.com...

The code[1] shows the X-CLIENT-DATA is sent for any google.X domain where google owns the TLD, but if there were any youtube.X domain owned by a squatter then the PII would be leaked to that squatter. I haven’t looked if there are youtube domain squatters that match that restriction...

[1] https://cs.chromium.org/chromium/src/components/google/core/common/google_util.cc?q=IsGoogleAssociatedDomainUrl

You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically


Booo hiss to Ubiquiti

A Venn diagramme of WiFi device purchasers and privacy geeks would have a large union set. And surely Ubiquiti sales depend upon nerdigensia influencers - why would they be so stupid to burn their goodwill? I found out about Unifi products via geek forums.

They were my default supplier and I used to recommend them whenever WiFi discussions came up. They lose my voice, although I will probably grudgingly continue to buy their products because they are now the devil I know...

South American nations open fire on ICANN for 'illegal and unjust' sale of .amazon to zillionaire Jeff Bezos


And “amazon” is only an English word

In Spanish: Amazonas, selva amazónica

In Portuguese: Amaozonas, floresta amazônica

I have no love for Amazon Inc, but neither do I want to give up the word nice because there is a homonym(?) in France etc

Go on, eat your fibre, new build contractors. It's free! OpenReach lowers limit for free FTTP connections


Crazy fibre to the premises connections?

Who's connected only their chicken coop?

Train-knackering software design blunder discovered after lightning sparked Thameslink megadelay


Re: Load shedding?

Presumably avoiding domino effects throughout the country is a good idea.

Presumably some of the engineers to reset the trains took flights?

Smart speaker maker Sonos takes heat for deliberately bricking older kit with 'Trade Up' plan


> What it doesn't have is security weaknesses

It has a Bluetooth implementation - which could easily have security flaws.

Where's our data, Google? Chrome 79 update 'a catastrophe' for Android devs with WebView apps


Re: Well ...

Fortunately there is a partial wet backup in the pet owners' brains.

ZTE Nubia Z20: It's £499. It's a great phone. Buy it. Or don't. We don't care


Re: I am from Gdańsk and I beg for help

Kiwi polish: invented by some Scots in Australia with a logo using a Maori name for a flightless New Zealand bird, made in England and owned by a corporation in the US.

Socket to the energy bill: 5-bed home with stupid number of power outlets leaves us asking... why?


I have a friend who just had some sockets added to his living room for jamming, installed by an electrician (with some audio chops apparently), with their own analogue earth to help reduce hum, and sockets in the floor for further convenience.

I'm not sure how they manage ground loops.

Microsoft explains self-serve Power platform's bypassing of Office 365 admins to cries of 'are you completely insane?'


Re: Microsoft knows best

Microsoft have already gone too far.

We had two true Microsoft believers in a team, deep into the cult, but they have slowly become more and more quiet about the wonders of their religion as the OS and development tools have become shittier and shittier.

I have slowly become luke-watm towards some of their open source efforts, but frankly they have to work hard to recover from decades of abuse.


Re: Employees buying software for their company?

> and any other sane browser choice is glitchy

There is no other sane browser.

Safari, Internet Explorer, Edge (before Blink), and Firefox are all dogs to develop for. I've written and supported a custom web framework, I know the pain. Edge changed engines in part because theirs was so hideously shitty.

You are implying web developers are lazy mindless scumbags, but supporting borken non-conforming browsers takes up 25% to 50% of dev time, so understandably web developers are keener to deliver new work than fight their platforms.

I hate Google's tentacles as much as any card carrying geek, but the Chromium team's engineering is unquestionably superb (and the other browser teams are weenies in comparison).

Your kids will be glad a UK government-funded robot will be changing your nappy and not them


Re: Immoral fuckers!

Your nirvana works for the wealthy (can pay for X people to help them) or it works for a population that doesn't require much help (1 hour of personal help for every 24 of life).

Once a population needs significant help (40 hours per week per week of life) then there is simply not *enough* people to do the "humane" thing.

Even worse, some of the carers are doing shitty inhumane work (lifting the elderly but damaging themselves; elderly looking after the elderly but unwillingly).

We should offload as much of the drudgery as possible and keep our elderly as *independent* as they wish. If we can use machines to do this we should - try telling your mum she should replace her scooter with coolies!

Reserve the human hours for real care - human touch, interaction, and brotherhood.

Like the Death Star on Endor, JEDI created a ton of fallout and stormy weather in cloud market


I thought the Borg was the traditional M$ reference. Or is that reference too dated*†, or taken over by Gooplle?

* I have never received a geek card, so I can't hand mine in.

† Where can I buy a geek card? Preferably electrically and physically S100 compatible.

Google lashes out at DoJ, Oracle as it asks US Supremes to sniff Java suit one last time


We are lucky that corporations are not completely amoral - 8G$ would buy a lot of snipers. Perhaps that shows that corporations have some morals?

Lies, damn lies, and KPIs: Let's not fix the formula until we have someone else to blame


Re: Reminds me of two things..

But the KPI is correct - there's a sunken cost fallacy in there somewhere.

Sell 10 stale buns at $1 each = $7 profit.

Throw away 10 stale buns, make 10 new buns, sell at $2 each = $14 profit.

Throwing away buns is likely to increase profits (assuming most new buns get sold, ignoring elasticity or price discrimination, and ignoring some other issues).

We, Wall, we, Wall, Raku: Perl creator blesses new name for version 6 of text-wrangling lingo


I am hoping that they rename Perl 5 to Perl 7 to breath life into the old reliable (perhaps add a linter to justify the leap ;-p)

Openreach's cunning plan to 'turbocharge' the post-Brexit economy: Getting everyone on full-fibre broadband by 2025



> Full fibre is a vehicle to turbocharge our economy

Such bullshit. The exact same bullshit was said over in New Zealand: but the only measurable result is that we get better NetFlix - that is not something that should be paid for with tax money.

I have high-tech software friends that have stayed on broadband.

Today's data whoopsie is brought to you by CircleCI: Source safe, but look out for phishers


Re: Insecure third-party scripts

It's possible the third party was Segment which has also just notified of a breach - https://news.ycombinator.com/item?id=20887809


Insecure third-party scripts

They haven't locked down their web app JavaScript includes: Facebook, Hotjar, Amplitude, Google, and others have access to your production SSL keys, code, passwords, etc.

It's a quick smell test for whether a company actually cares about security: what third-party scripts are included in their "secure" web page areas. The default web developer doesn't know better, and it is hard to lock down third parties (best solution is to avoid unnecessary third-party shit like analytics, also can use iframes or more complex solutions like caja).

This guy asked them about this issue 2 years ago, and apparently they haven't done anything much about it which signals CircleCI's security is poor: https://kevin.burke.dev/kevin/circleci-is-hopelessly-insecure/

More Linux than Windows: El Reg takes Docker Desktop for WSL 2 preview out for a spin


> The main rationale is to be able to use a full Linux toolchain while still using a Windows editor such as Visual Studio Code

Correction: Visual Studio Code is cross-platform (uses electron, runs on Linux), and Visual Studio does not run on Linux. The naming blows.



Biting the hand that feeds IT © 1998–2021